Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python310 for openSUSE:Factory
checked in at 2022-10-28 19:28:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python310 (Old)
and /work/SRC/openSUSE:Factory/.python310.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python310"
Fri Oct 28 19:28:30 2022 rev:23 rq:1031406 version:3.10.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/python310/python310.changes 2022-09-21
14:38:57.797177688 +0200
+++ /work/SRC/openSUSE:Factory/.python310.new.2275/python310.changes
2022-10-28 19:28:32.146332077 +0200
@@ -1,0 +2,118 @@
+Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl <mc...@suse.com>
+
+- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to
+ allow building of documentation with the latest Sphinx 5.3.0
+ (gh#python/cpython#98366).
+
+-------------------------------------------------------------------
+Wed Oct 19 07:12:23 UTC 2022 - Matej Cepl <mc...@suse.com>
+
+- Update to 3.10.8:
+ - Fix multiplying a list by an integer (list *= int): detect
+ the integer overflow when the new allocated length is close
+ to the maximum size.
+ - Fix a shell code injection vulnerability in the
+ get-remote-certificate.py example script. The script no
+ longer uses a shell to run openssl commands. (originally
+ filed as CVE-2022-37460, later withdrawn)
+ - Fix command line parsing: reject -X int_max_str_digits option
+ with no value (invalid) when the PYTHONINTMAXSTRDIGITS
+ environment variable is set to a valid limit.
+ - When ValueError is raised if an integer is larger than the
+ limit, mention the sys.set_int_max_str_digits() function in
+ the error message.
+ - The deprecated mailcap module now refuses to inject unsafe
+ text (filenames, MIME types, parameters) into shell
+ commands. Instead of using such text, it will warn and act
+ as if a match was not found (or for test commands, as if the
+ test failed).
+ - os.sched_yield() now release the GIL while calling
+ sched_yield(2).
+ - Bugfix: PyFunction_GetAnnotations() should return a borrowed
+ reference. It was returning a new reference.
+ - Fixed a missing incref/decref pair in
+ Exception.__setstate__().
+ - Fix overly-broad source position information for chained
+ comparisons used as branching conditions.
+ - Fix undefined behaviour in _testcapimodule.c.
+ - At Python exit, sometimes a thread holding the GIL can
+ wait forever for a thread (usually a daemon thread) which
+ requested to drop the GIL, whereas the thread already
+ exited. To fix the race condition, the thread which requested
+ the GIL drop now resets its request before exiting.
+ - Fix a possible assertion failure, fatal error, or SystemError
+ if a line tracing event raises an exception while opcode
+ tracing is enabled.
+ - Fix undefined behaviour in C code of null pointer arithmetic.
+ - Do not expose KeyWrapper in _functools.
+ - When loading a file with invalid UTF-8 inside a multi-line
+ string, a correct SyntaxError is emitted.
+ - Disable incorrect pickling of the C implemented classmethod
+ descriptors.
+ - Fix AttributeError missing name and obj attributes in .
+ object.__getattribute__() bpo-42316: Document some places .
+ where an assignment expression needs parentheses .
+ - Wrap network errors consistently in urllib FTP support, so
+ the test suite doesn???t fail when a network is available but
+ the public internet is not reachable.
+ - Fixes AttributeError when subprocess.check_output() is used
+ with argument input=None and either of the arguments encoding
+ or errors are used.
+ - Avoid spurious tracebacks from asyncio when default executor
+ cleanup is delayed until after the event loop is closed (e.g.
+ as the result of a keyboard interrupt).
+ - Avoid a crash in the C version of
+ asyncio.Future.remove_done_callback() when an evil argument
+ is passed.
+ - Remove tokenize.NL check from tabnanny.
+ - Make Semaphore run faster.
+ - Fix generation of the default name of
+ tkinter.Checkbutton. Previously, checkbuttons in different
+ parent widgets could have the same short name and share
+ the same state if arguments ???name??? and ???variable??? are not
+ specified. Now they are globally unique.
+ - Update bundled libexpat to 2.4.9
+ - Fix race condition in asyncio where process_exited() called
+ before the pipe_data_received() leading to inconsistent
+ output.
+ - Fixed check in multiprocessing.resource_tracker that
+ guarantees that the length of a write to a pipe is not
+ greater than PIPE_BUF.
+ - Corrected type annotation for dataclass attribute
+ pstats.FunctionProfile.ncalls to be str.
+ - Fix the faulthandler implementation of
+ faulthandler.register(signal, chain=True) if the sigaction()
+ function is not available: don???t call the previous signal
+ handler if it???s NULL.
+ - In inspect, fix overeager replacement of ???typing.??? in
+ formatting annotations.
+ - Fix asyncio.streams.StreamReaderProtocol to keep a strong
+ reference to the created task, so that it???s not garbage
+ collected
+ - Fix handling compiler warnings (SyntaxWarning and
+ DeprecationWarning) in codeop.compile_command() when checking
+ for incomplete input. Previously it emitted warnings and
+ raised a SyntaxError. Now it always returns None for
+ incomplete input without emitting any warnings.
+ - Fixed flickering of the turtle window when the tracer is
+ turned off.
+ - Allow asyncio.StreamWriter.drain() to be awaited concurrently
+ by multiple tasks.
+ - Fix broken asyncio.Semaphore when acquire is cancelled.
+ - Fix ast.unparse() when ImportFrom.level is None
+ - Improve performance of urllib.request.getproxies_environment
+ when there are many environment variables
+ - Fix ! in c domain ref target syntax via a conf.py patch, so
+ it works as intended to disable ref target resolution.
+ - Clarified the conflicting advice given in the ast
+ documentation about ast.literal_eval() being ???safe??? for use
+ on untrusted input while at the same time warning that it
+ can crash the process. The latter statement is true and is
+ deemed unfixable without a large amount of work unsuitable
+ for a bugfix. So we keep the warning and no longer claim that
+ literal_eval is safe.
+ - Update tutorial introduction output to use 3.10+ SyntaxError
+ invalid range.
+- Remove upstreamed test-int-timing.patch.
+
+-------------------------------------------------------------------
Old:
----
Python-3.10.7.tar.xz
Python-3.10.7.tar.xz.asc
test-int-timing.patch
New:
----
98437-sphinx.locale._-as-gettext-in-pyspecific.patch
Python-3.10.8.tar.xz
Python-3.10.8.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python310.spec ++++++
--- /var/tmp/diff_new_pack.sNFFkY/_old 2022-10-28 19:28:34.390343330 +0200
+++ /var/tmp/diff_new_pack.sNFFkY/_new 2022-10-28 19:28:34.450343631 +0200
@@ -67,7 +67,7 @@
%define tarversion %{version}
%endif
# We don't process beta signs well
-%define folderversion 3.10.7
+%define folderversion %{tarversion}
%define tarname Python-%{tarversion}
%define sitedir %{_libdir}/python%{python_version}
# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
@@ -103,7 +103,7 @@
%define dynlib()
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
-Version: 3.10.7
+Version: 3.10.8
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@@ -169,8 +169,9 @@
# PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511
mc...@suse.com
# avoid the command injection in the mailcap module.
Patch37: CVE-2015-20107-mailcap-unsafe-filenames.patch
-# PATCH-FIX-UPSTREAM gh-96710: Make the test timing more lenient for the
int/str DoS regression test. (#96717)
-Patch38: test-int-timing.patch
+# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
gh#python/cpython#98366 mc...@suse.com
+# this patch makes things totally awesome
+Patch38: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
++++++ 98437-sphinx.locale._-as-gettext-in-pyspecific.patch ++++++
>From 5775f51691d7d64fb676586e008b41261ce64ac2 Mon Sep 17 00:00:00 2001
From: "Matt.Wang" <mattwan...@gmail.com>
Date: Wed, 19 Oct 2022 14:49:08 +0800
Subject: [PATCH 1/2] fix(doc-tools): use sphinx.locale._ as gettext() for
backward-compatibility in pyspecific.py
[why] spinix 5.3 changed locale.translators from a
defaultdict(gettext.NullTranslations) to a dict, which leads to failure of
pyspecific.py. Use sphinx.locale._ as gettext to fix the issue.
---
Doc/tools/extensions/pyspecific.py |
8 ++++----
Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst |
1 +
2 files changed, 5 insertions(+), 4 deletions(-)
--- a/Doc/tools/extensions/pyspecific.py
+++ b/Doc/tools/extensions/pyspecific.py
@@ -26,7 +26,7 @@ try:
from sphinx.errors import NoUri
except ImportError:
from sphinx.environment import NoUri
-from sphinx.locale import translators
+from sphinx.locale import _ as sphinx_gettext
from sphinx.util import status_iterator, logging
from sphinx.util.nodes import split_explicit_title
from sphinx.writers.text import TextWriter, TextTranslator
@@ -109,7 +109,7 @@ class ImplementationDetail(Directive):
def run(self):
self.assert_has_content()
pnode = nodes.compound(classes=['impl-detail'])
- label = translators['sphinx'].gettext(self.label_text)
+ label = sphinx_gettext(self.label_text)
content = self.content
add_text = nodes.strong(label, label)
self.state.nested_parse(content, self.content_offset, pnode)
@@ -203,7 +203,7 @@ class AuditEvent(Directive):
else:
args = []
- label = translators['sphinx'].gettext(self._label[min(2, len(args))])
+ label = sphinx_gettext(self._label[min(2, len(args))])
text = label.format(name="``{}``".format(name),
args=", ".join("``{}``".format(a) for a in args if
a))
@@ -382,7 +382,7 @@ class DeprecatedRemoved(Directive):
else:
label = self._removed_label
- label = translators['sphinx'].gettext(label)
+ label = sphinx_gettext(label)
text = label.format(deprecated=self.arguments[0],
removed=self.arguments[1])
if len(self.arguments) == 3:
inodes, messages = self.state.inline_text(self.arguments[2],
--- /dev/null
+++
b/Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst
@@ -0,0 +1 @@
+Use sphinx.locale._ as the gettext function in pyspecific.py.
++++++ CVE-2015-20107-mailcap-unsafe-filenames.patch ++++++
--- /var/tmp/diff_new_pack.sNFFkY/_old 2022-10-28 19:28:34.626344514 +0200
+++ /var/tmp/diff_new_pack.sNFFkY/_new 2022-10-28 19:28:34.662344695 +0200
@@ -5,17 +5,16 @@
filenames/types/params
---
- Doc/library/mailcap.rst |
12 ++++
- Lib/mailcap.py |
26 +++++++++-
- Lib/test/test_mailcap.py |
8 ++-
- Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst |
4 +
- 4 files changed, 46 insertions(+), 4 deletions(-)
+ Doc/library/mailcap.rst |
12 ++++++++++
+ Lib/mailcap.py |
5 ++++
+ Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst |
4 +++
+ 3 files changed, 21 insertions(+)
--- a/Doc/library/mailcap.rst
+++ b/Doc/library/mailcap.rst
-@@ -60,6 +60,18 @@ standard. However, mailcap files are su
- use) to determine whether or not the mailcap line applies.
:func:`findmatch`
- will automatically check such conditions and skip the entry if the check
fails.
+@@ -27,6 +27,18 @@ The mailcap format is documented in :rfc
+ Mechanism For Multimedia Mail Format Information", but is not an internet
+ standard. However, mailcap files are supported on most Unix systems.
+ .. versionchanged:: 3.11
+
@@ -30,21 +29,13 @@
+ ``findmatch`` will ignore all mailcap entries which use that value.
+ A :mod:`warning <warnings>` will be raised in either case.
- .. function:: getcaps()
+ .. function:: findmatch(caps, MIMEtype, key='view', filename='/dev/null',
plist=[])
--- a/Lib/mailcap.py
+++ b/Lib/mailcap.py
-@@ -2,6 +2,7 @@
-
- import os
- import warnings
-+import re
-
- __all__ = ["getcaps","findmatch"]
-
-@@ -13,6 +14,11 @@ def lineno_sort_key(entry):
- else:
- return 1, 0
+@@ -19,6 +19,11 @@ _find_unsafe = re.compile(r'[^\xa1-\U001
+ class UnsafeMailcapInput(Warning):
+ """Warning raised when refusing unsafe input"""
+_find_unsafe = re.compile(r'[^\xa1-\U0010FFFF\w@+=:,./-]').search
+
@@ -54,79 +45,6 @@
# Part 1: top-level interface.
-@@ -165,15 +171,22 @@ def findmatch(caps, MIMEtype, key='view'
- entry to use.
-
- """
-+ if _find_unsafe(filename):
-+ msg = "Refusing to use mailcap with filename %r. Use a safe temporary
filename." % (filename,)
-+ warnings.warn(msg, UnsafeMailcapInput)
-+ return None, None
- entries = lookup(caps, MIMEtype, key)
- # XXX This code should somehow check for the needsterminal flag.
- for e in entries:
- if 'test' in e:
- test = subst(e['test'], filename, plist)
-+ if test is None:
-+ continue
- if test and os.system(test) != 0:
- continue
- command = subst(e[key], MIMEtype, filename, plist)
-- return command, e
-+ if command is not None:
-+ return command, e
- return None, None
-
- def lookup(caps, MIMEtype, key=None):
-@@ -206,6 +219,10 @@ def subst(field, MIMEtype, filename, pli
- elif c == 's':
- res = res + filename
- elif c == 't':
-+ if _find_unsafe(MIMEtype):
-+ msg = "Refusing to substitute MIME type %r into a shell
command." % (MIMEtype,)
-+ warnings.warn(msg, UnsafeMailcapInput)
-+ return None
- res = res + MIMEtype
- elif c == '{':
- start = i
-@@ -213,7 +230,12 @@ def subst(field, MIMEtype, filename, pli
- i = i+1
- name = field[start:i]
- i = i+1
-- res = res + findparam(name, plist)
-+ param = findparam(name, plist)
-+ if _find_unsafe(param):
-+ msg = "Refusing to substitute parameter %r (%s) into a
shell command" % (param, name)
-+ warnings.warn(msg, UnsafeMailcapInput)
-+ return None
-+ res = res + param
- # XXX To do:
- # %n == number of parts if type is multipart/*
- # %F == list of alternating type and filename for parts
---- a/Lib/test/test_mailcap.py
-+++ b/Lib/test/test_mailcap.py
-@@ -123,7 +123,8 @@ class HelperFunctionTest(unittest.TestCa
- (["", "audio/*", "foo.txt"], ""),
- (["echo foo", "audio/*", "foo.txt"], "echo foo"),
- (["echo %s", "audio/*", "foo.txt"], "echo foo.txt"),
-- (["echo %t", "audio/*", "foo.txt"], "echo audio/*"),
-+ (["echo %t", "audio/*", "foo.txt"], None),
-+ (["echo %t", "audio/wav", "foo.txt"], "echo audio/wav"),
- (["echo \\%t", "audio/*", "foo.txt"], "echo %t"),
- (["echo foo", "audio/*", "foo.txt", plist], "echo foo"),
- (["echo %{total}", "audio/*", "foo.txt", plist], "echo 3")
-@@ -207,7 +208,10 @@ class FindmatchTest(unittest.TestCase):
- ('"An audio fragment"', audio_basic_entry)),
- ([c, "audio/*"],
- {"filename": fname},
-- ("/usr/local/bin/showaudio audio/*", audio_entry)),
-+ (None, None)),
-+ ([c, "audio/wav"],
-+ {"filename": fname},
-+ ("/usr/local/bin/showaudio audio/wav", audio_entry)),
- ([c, "message/external-body"],
- {"plist": plist},
- ("showexternal /dev/null default john python.org /tmp foo
bar", message_entry))
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
@@ -0,0 +1,4 @@
++++++ Python-3.10.7.tar.xz -> Python-3.10.8.tar.xz ++++++
/work/SRC/openSUSE:Factory/python310/Python-3.10.7.tar.xz
/work/SRC/openSUSE:Factory/.python310.new.2275/Python-3.10.8.tar.xz differ:
char 27, line 1
++++++ fix_configure_rst.patch ++++++
--- /var/tmp/diff_new_pack.sNFFkY/_old 2022-10-28 19:28:34.858345677 +0200
+++ /var/tmp/diff_new_pack.sNFFkY/_new 2022-10-28 19:28:34.862345697 +0200
@@ -29,7 +29,7 @@
Create a Python.framework rather than a traditional Unix install. Optional
--- a/Misc/NEWS
+++ b/Misc/NEWS
-@@ -2783,7 +2783,7 @@ C API
+@@ -2979,7 +2979,7 @@ C API
-----
- bpo-43795: The list in :ref:`stable-abi-list` now shows the public name
++++++ subprocess-raise-timeout.patch ++++++
--- /var/tmp/diff_new_pack.sNFFkY/_old 2022-10-28 19:28:34.994346359 +0200
+++ /var/tmp/diff_new_pack.sNFFkY/_new 2022-10-28 19:28:34.998346379 +0200
@@ -4,7 +4,7 @@
--- a/Lib/test/test_subprocess.py
+++ b/Lib/test/test_subprocess.py
-@@ -261,7 +261,8 @@ class ProcessTestCase(BaseTestCase):
+@@ -267,7 +267,8 @@ class ProcessTestCase(BaseTestCase):
"time.sleep(3600)"],
# Some heavily loaded buildbots (sparc Debian 3.x) require
# this much time to start and print.
