Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python311 for openSUSE:Factory
checked in at 2022-09-15 22:59:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python311 (Old)
and /work/SRC/openSUSE:Factory/.python311.new.2083 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python311"
Thu Sep 15 22:59:58 2022 rev:8 rq:1003848 version:3.11.0rc2
Changes:
--------
--- /work/SRC/openSUSE:Factory/python311/python311.changes 2022-09-07
11:05:52.580382080 +0200
+++ /work/SRC/openSUSE:Factory/.python311.new.2083/python311.changes
2022-09-15 23:01:13.845561033 +0200
@@ -1,0 +2,103 @@
+Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl <mc...@suse.com>
+
+- Update to 3.11.0rc2:
+ - Converting between int and str in bases other than 2
+ (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base
+ 10 (decimal) now raises a ValueError if the number of digits
+ in string form is above a limit to avoid potential denial of
+ service attacks due to the algorithmic complexity. This is
+ a mitigation for CVE-2020-10735.
+ This new limit can be configured or disabled by environment
+ variable, command line flag, or sys APIs. See the integer
+ string conversion length limitation documentation. The
+ default limit is 4300 digits in string form.
+ - Fix case of undefined behavior in ceval.c
+ - Do not expose KeyWrapper in _functools.
+ - Ensure that tracing, sys.setrace(), is turned on
+ immediately. In pre-release versions of 3.11, some tracing
+ events might have been lost when turning on tracing in a
+ __del__ method or interrupt.
+ - Fix use after free in trace refs build mode. Patch by Kumar
+ Aditya.
+ - When loading a file with invalid UTF-8 inside a multi-line
+ string, a correct SyntaxError is emitted.
+ - Make sure that incomplete frames do not show up in
+ tracemalloc traces.
+ - Remove two cases of undefined behavior, by adding NULL
+ checks.
+ - Fix possible NULL pointer dereference in
+ _PyThread_CurrentFrames. Patch by Kumar Aditya.
+ - Fix AttributeError missing name and obj attributes in
+ object.__getattribute__(). Patch by Philip Georgi.
+ - Loading a file with invalid UTF-8 will now report the broken
+ character at the correct location.
+ - Fixed a bug that caused _PyCode_GetExtra to return garbage
+ for negative indexes. Patch by Pablo Galindo
+ - Fix a deadlock in PyGILState_Ensure() when allocating new
+ thread state. Patch by Kumar Aditya.
+ - PyType_Ready() now initializes ht_cached_keys and performs
+ additional checks to ensure that type objects are properly
+ configured. This avoids crashes in 3rd party packages that
+ don???t use regular API to create new types.
+ - Skip over incomplete frames in PyThreadState_GetFrame().
+ - Fix format string in _PyPegen_raise_error_known_location that
+ can lead to memory corruption on some 64bit systems. The
+ function was building a tuple with i (int) instead of n
+ (Py_ssize_t) for Py_ssize_t arguments.
+ - Fix misleading contents of error message when converting an
+ all-whitespace string to float.
+ - ast.parse() will no longer parse function definitions with
+ positional-only params when passed feature_version less than
+ (3, 8). Patch by Shantanu Jain.
+ - Fix incorrect error message in the io module.
+ - Fix the faulthandler implementation of
+ faulthandler.register(signal, chain=True) if the sigaction()
+ function is not available: don???t call the previous signal
+ handler if it???s NULL. Patch by Victor Stinner.
+ - Correct conversion of numbers.Rational???s to float.
+ - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not
+ raised when using more than one TypeVarTuple, like [*T, *V]
+ in type alias substitutions.
+ - Fix asyncio.streams.StreamReaderProtocol to keep a strong
+ reference to the created task, so that it???s not garbage
+ collected
+ - Fix a performance regression in logging
+ TimedRotatingFileHandler. Only check for special files when
+ the rollover time has passed.
+ - Fix unused localName parameter in the Attr class in
+ xml.dom.minidom.
+ - Fix incorrect condition that causes sys.thread_info.name to
+ be wrong on pthread platforms.
+ - Remove an incompatible change from bpo-28080 that caused a
+ regression that ignored the utf8 in ZipInfo.flag_bits. Patch
+ by Pablo Galindo.
+ - Fix asyncio.Runner to call asyncio.set_event_loop() only
+ once to avoid calling attach_loop() multiple times on child
+ watchers. Patch by Kumar Aditya.
+ - Fix unittest.IsolatedAsyncioTestCase to set event loop before
+ calling setup functions. Patch by Kumar Aditya.
+ - When a task catches asyncio.CancelledError and raises some
+ other error, the other error should generally not silently be
+ suppressed.
+ - Fail gracefully if EPERM or ENOSYS is raised when loading
+ crypt methods. This may happen when trying to load MD5 on a
+ Linux kernel with FIPS enabled.
+ - Allow asyncio.StreamWriter.drain() to be awaited concurrently
+ by multiple tasks. Patch by Kumar Aditya.
+ - Fix ast.unparse() when ImportFrom.level is None
+ - Improve discoverability of the higher level
+ concurrent.futures module by providing clearer links from the
+ lower level threading and multiprocessing modules.
+ - What???s New 3.11 now has instructions for how to provide
+ compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7
+ and CentOS 7.
+ - Mitigate the inherent race condition from using
+ find_unused_port() in testSockName() by trying to find an
+ unused port a few times before failing. Patch by Ross Burton.
+ - Build and test with OpenSSL 1.1.1q
+- Use support-expat-CVE-2022-25236-patched.patch from the current
+ version of gh#python/cpython#93900 instead of the old
+ support-expat-245.patch.
+- Reapply fix_configure_rst.patch.
+
+-------------------------------------------------------------------
Old:
----
Python-3.11.0rc1.tar.xz
Python-3.11.0rc1.tar.xz.asc
support-expat-245.patch
New:
----
Python-3.11.0rc2.tar.xz
Python-3.11.0rc2.tar.xz.asc
support-expat-CVE-2022-25236-patched.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python311.spec ++++++
--- /var/tmp/diff_new_pack.Knm2HI/_old 2022-09-15 23:01:14.837563834 +0200
+++ /var/tmp/diff_new_pack.Knm2HI/_new 2022-09-15 23:01:14.841563845 +0200
@@ -103,7 +103,7 @@
%define dynlib()
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
-Version: 3.11.0rc1
+Version: 3.11.0rc2
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@@ -163,9 +163,9 @@
# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mc...@suse.com
# remove duplicate link targets and make documentation with old Sphinx in SLE
Patch35: fix_configure_rst.patch
-# PATCH-FIX-UPSTREAM support-expat-245.patch jsc#SLE-21253 mc...@suse.com
+# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253
mc...@suse.com
# Makes Python resilient to changes of API of libexpat
-Patch36: support-expat-245.patch
+Patch36: support-expat-CVE-2022-25236-patched.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
++++++ Python-3.11.0rc1.tar.xz -> Python-3.11.0rc2.tar.xz ++++++
/work/SRC/openSUSE:Factory/python311/Python-3.11.0rc1.tar.xz
/work/SRC/openSUSE:Factory/.python311.new.2083/Python-3.11.0rc2.tar.xz differ:
char 27, line 1
++++++ fix_configure_rst.patch ++++++
--- /var/tmp/diff_new_pack.Knm2HI/_old 2022-09-15 23:01:14.953564162 +0200
+++ /var/tmp/diff_new_pack.Knm2HI/_new 2022-09-15 23:01:14.957564172 +0200
@@ -29,7 +29,7 @@
Create a Python.framework rather than a traditional Unix install. Optional
--- a/Misc/NEWS
+++ b/Misc/NEWS
-@@ -6464,7 +6464,7 @@ C API
+@@ -6636,7 +6636,7 @@ C API
- bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
- bpo-43795: The list in :ref:`stable-abi-list` now shows the public name
++++++ support-expat-CVE-2022-25236-patched.patch ++++++
>From 7da97f61816f3cadaa6788804b22a2434b40e8c5 Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
<31488909+miss-isling...@users.noreply.github.com>
Date: Mon, 21 Feb 2022 08:16:09 -0800
Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453)
(GH-31472)
Curly brackets were never allowed in namespace URIs
according to RFC 3986, and so-called namespace-validating
XML parsers have the right to reject them a invalid URIs.
libexpat >=2.4.5 has become strcter in that regard due to
related security issues; with ET.XML instantiating a
namespace-aware parser under the hood, this test has no
future in CPython.
References:
- https://datatracker.ietf.org/doc/html/rfc3968
- https://www.w3.org/TR/xml-names/
Also, test_minidom.py: Support Expat >=2.4.5
(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e)
Co-authored-by: Sebastian Pipping <sebast...@pipping.org>
---
Lib/test/test_minidom.py | 23 +++++++++--------------
1 file changed, 9 insertions(+), 14 deletions(-)
create mode 100644
Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
--- a/Lib/test/test_minidom.py
+++ b/Lib/test/test_minidom.py
@@ -6,7 +6,6 @@ import io
from test import support
import unittest
-import pyexpat
import xml.dom.minidom
from xml.dom.minidom import parse, Attr, Node, Document, parseString
@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase):
# Verify that character decoding errors raise exceptions instead
# of crashing
- if pyexpat.version_info >= (2, 4, 5):
- self.assertRaises(ExpatError, parseString,
- b'<fran\xe7ais></fran\xe7ais>')
- self.assertRaises(ExpatError, parseString,
- b'<franais>Comment \xe7a va ? Tr\xe8s bien ?</franais>')
- else:
- self.assertRaises(UnicodeDecodeError, parseString,
+ # It doesn???t make any sense to insist on the exact text of the
+ # error message, or even the exact Exception ??? it is enough that
+ # the error has been discovered.
+ with self.assertRaises((UnicodeDecodeError, ExpatError)):
+ parseString(
b'<fran\xe7ais>Comment \xe7a va ? Tr\xe8s bien
?</fran\xe7ais>')
doc.unlink()
@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase):
self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE)
def testExceptionOnSpacesInXMLNSValue(self):
- if pyexpat.version_info >= (2, 4, 5):
- context = self.assertRaisesRegex(ExpatError, 'syntax error')
- else:
- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax')
-
- with context:
+ # It doesn???t make any sense to insist on the exact text of the
+ # error message, or even the exact Exception ??? it is enough that
+ # the error has been discovered.
+ with self.assertRaises((ExpatError, ValueError)):
parseString('<element xmlns:abc="http:abc.com/de f g/hi/j
k"><abc:foo /></element>')
def testDocRemoveChild(self):
