commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python39 for openSUSE:Factory checked in at 2024-06-27 16:04:00 Comparing /work/SRC/openSUSE:Factory/python39 (Old) and /work/SRC/openSUSE:Factory/.python39.new.18349 (New) Package is "python39" Thu Jun 27 16:04:00 2024 rev:58 rq:1183504 version:3.9.19 Changes: --- /work/SRC/openSUSE:Factory/python39/python39.changes2024-06-22 13:23:58.427874412 +0200 +++ /work/SRC/openSUSE:Factory/.python39.new.18349/python39.changes 2024-06-27 16:04:49.873981562 +0200 @@ -1,0 +2,7 @@ +Wed Jun 26 22:22:17 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +--- New: CVE-2024-4032-private-IP-addrs.patch BETA DEBUG BEGIN: New: - Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 (CVE-2024-4032) rearranging definition of private v global IP BETA DEBUG END: Other differences: -- ++ python39.spec ++ --- /var/tmp/diff_new_pack.PlWgRl/_old 2024-06-27 16:04:50.942020801 +0200 +++ /var/tmp/diff_new_pack.PlWgRl/_new 2024-06-27 16:04:50.942020801 +0200 @@ -184,6 +184,9 @@ # PATCH-FIX-UPSTREAM CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch bsc#1226447 mc...@suse.com # removes memory race condition in ssl.SSLContext certificate store methods Patch44:CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch +# PATCH-FIX-UPSTREAM CVE-2024-4032-private-IP-addrs.patch bsc#1226448 mc...@suse.com +# rearrange definition of private v global IP addresses +Patch45:CVE-2024-4032-private-IP-addrs.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -450,6 +453,7 @@ %patch -P 42 -p1 %patch -P 43 -p1 %patch -P 44 -p1 +%patch -P 45 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac ++ CVE-2024-4032-private-IP-addrs.patch ++ >From 5e58376d424fb951966277e5d46cf0b11d860ef3 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 24 Apr 2024 14:29:30 +0200 Subject: [PATCH 1/3] gh-113171: gh-65056: Fix "private" (non-global) IP address ranges (GH-113179) (GH-113186) (GH-118177) * GH-113171: Fix "private" (non-global) IP address ranges (GH-113179) The _private_networks variables, used by various is_private implementations, were missing some ranges and at the same time had overly strict ranges (where there are more specific ranges considered globally reachable by the IANA registries). This patch updates the ranges with what was missing or otherwise incorrect. 100.64.0.0/10 is left alone, for now, as it's been made special in [1]. The _address_exclude_many() call returns 8 networks for IPv4, 121 networks for IPv6. [1] https://github.com/python/cpython/issues/61602 * GH-65056: Improve the IP address' is_global/is_private documentation (GH-113186) It wasn't clear what the semantics of is_global/is_private are and, when one gets to the bottom of it, it's not quite so simple (hence the exceptions listed). (cherry picked from commit 2a4cbf17af19a01d942f9579342f77c39fbd23c4) (cherry picked from commit 40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f) - (cherry picked from commit f86b17ac511e68192ba71f27e752321a3252cee3) Co-authored-by: Jakub Stasiak --- Doc/library/ipaddress.rst | 43 +++- Doc/tools/susp-ignored.csv |8 Doc/whatsnew/3.9.rst|9 Lib/ipaddress.py| 107 +++--- Lib/test/test_ipaddress.py | 52 Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst |9 6 files changed, 201 insertions(+), 27 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst --- a/Doc/library/ipaddress.rst +++ b/Doc/library/ipaddress.rst @@ -188,18 +188,53 @@ write code that handles both IP versions .. attribute:: is_private - ``True`` if the address is allocated for private networks. See + ``True`` if the address is defined as not globally reachable by iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_ - (for IPv6). + (for IPv6) with the following exceptions: + + * ``is_private`` is ``False`` for the shared address space (``100.64.0.0/10``) + * For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the +semantics of the underlying IPv4 addresses
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2024-06-22 13:23:24
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.18349 (New)
Package is "python39"
Sat Jun 22 13:23:24 2024 rev:57 rq:1182485 version:3.9.19
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2024-03-26
19:25:31.485102438 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.18349/python39.changes
2024-06-22 13:23:58.427874412 +0200
@@ -1,0 +2,7 @@
+Fri Jun 21 09:44:24 UTC 2024 - Matej Cepl
+
+- Add CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch
+ fixing bsc#1226447 (CVE-2024-0397) by removing memory race
+ condition in ssl.SSLContext certificate store methods.
+
+---
New:
CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch
BETA DEBUG BEGIN:
New:
- Add CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch
fixing bsc#1226447 (CVE-2024-0397) by removing memory race
BETA DEBUG END:
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.h03rCQ/_old 2024-06-22 13:23:59.559915807 +0200
+++ /var/tmp/diff_new_pack.h03rCQ/_new 2024-06-22 13:23:59.559915807 +0200
@@ -181,6 +181,9 @@
# PATCH-FIX-UPSTREAM old-libexpat.patch gh#python/cpython#117187 mc...@suse.com
# Make the test suite work with libexpat < 2.6.0
Patch43:old-libexpat.patch
+# PATCH-FIX-UPSTREAM CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch
bsc#1226447 mc...@suse.com
+# removes memory race condition in ssl.SSLContext certificate store methods
+Patch44:CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -446,6 +449,7 @@
%endif
%patch -P 42 -p1
%patch -P 43 -p1
+%patch -P 44 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++ CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch ++
>From 732c7d512e7cdf656a3f02a38c329b14a14a8573 Mon Sep 17 00:00:00 2001
From: Seth Michael Larson
Date: Fri, 19 Apr 2024 11:21:40 -0700
Subject: [PATCH] [3.9] gh-114572: Fix locking in cert_store_stats and
get_ca_certs
---
Misc/NEWS.d/next/Security/2024-04-19-11-21-13.gh-issue-114572.t1QMQD.rst |
4
Modules/_ssl.c |
91 +-
2 files changed, 92 insertions(+), 3 deletions(-)
create mode 100644
Misc/NEWS.d/next/Security/2024-04-19-11-21-13.gh-issue-114572.t1QMQD.rst
Index:
Python-3.9.19/Misc/NEWS.d/next/Security/2024-04-19-11-21-13.gh-issue-114572.t1QMQD.rst
===
--- /dev/null
+++
Python-3.9.19/Misc/NEWS.d/next/Security/2024-04-19-11-21-13.gh-issue-114572.t1QMQD.rst
@@ -0,0 +1,4 @@
+:meth:`ssl.SSLContext.cert_store_stats` and
+:meth:`ssl.SSLContext.get_ca_certs` now correctly lock access to the
+certificate store, when the :class:`ssl.SSLContext` is shared across
+multiple threads.
Index: Python-3.9.19/Modules/_ssl.c
===
--- Python-3.9.19.orig/Modules/_ssl.c
+++ Python-3.9.19/Modules/_ssl.c
@@ -166,6 +166,10 @@ extern const SSL_METHOD *TLSv1_2_method(
# define PY_OPENSSL_1_1_API 1
#endif
+#if (OPENSSL_VERSION_NUMBER >= 0x3030L) &&
!defined(LIBRESSL_VERSION_NUMBER)
+# define OPENSSL_VERSION_3_3 1
+#endif
+
/* SNI support (client- and server-side) appeared in OpenSSL 1.0.0 and 0.9.8f
* This includes the SSL_set_SSL_CTX() function.
*/
@@ -210,6 +214,16 @@ extern const SSL_METHOD *TLSv1_2_method(
#define HAVE_OPENSSL_CRYPTO_LOCK
#endif
+/* OpenSSL 1.1+ allows locking X509_STORE, 1.0.2 doesn't. */
+#ifdef OPENSSL_VERSION_1_1
+#define HAVE_OPENSSL_X509_STORE_LOCK
+#endif
+
+/* OpenSSL 3.3 added the X509_STORE_get1_objects API */
+#ifdef OPENSSL_VERSION_3_3
+#define HAVE_OPENSSL_X509_STORE_GET1_OBJECTS 1
+#endif
+
#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
#define OPENSSL_NO_SSL2
#endif
@@ -4675,6 +4689,54 @@ set_sni_callback(PySSLContext *self, PyO
#endif
}
+/* Shim of X509_STORE_get1_objects API from OpenSSL 3.3
+ * Only available with the X509_STORE_lock() API */
+#if defined(HAVE_OPENSSL_X509_STORE_LOCK) && !defined(OPENSSL_VERSION_3_3)
+#define HAVE_OPENSSL_X509_STORE_GET1_OBJECTS 1
+
+static X509_OBJECT *x509_object_dup(const X509_OBJECT *obj)
+{
+int ok;
+X509_OBJECT *ret = X509_OBJECT_new();
+if (ret == NULL) {
+return NULL;
+}
+switch (X509_OBJECT_get_type(obj)) {
+case X509_LU_X509:
+ok = X509_OBJECT_set1_X509(ret,
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2024-02-28 19:44:34
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.1770 (New)
Package is "python39"
Wed Feb 28 19:44:34 2024 rev:53 rq:1152789 version:3.9.18
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2024-02-15
20:59:48.482743861 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.1770/python39.changes
2024-02-28 19:44:45.756679395 +0100
@@ -1,0 +2,6 @@
+Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl
+
+- Remove double definition of /usr/bin/idle%%{version} in
+ %%files.
+
+---
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.iBBmUM/_old 2024-02-28 19:44:47.300735131 +0100
+++ /var/tmp/diff_new_pack.iBBmUM/_new 2024-02-28 19:44:47.304735275 +0100
@@ -828,7 +828,6 @@
%dir %{_datadir}/icons/hicolor/32x32
%dir %{_datadir}/icons/hicolor/48x48
%dir %{_datadir}/icons/hicolor/*/apps
-%attr(755, root, root) %{_bindir}/idle%{python_version}
# endif for if general
%endif
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2023-10-22 21:01:04
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.1945 (New)
Package is "python39"
Sun Oct 22 21:01:04 2023 rev:51 rq:1119266 version:3.9.18
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2023-09-10
13:09:10.288284783 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.1945/python39.changes
2023-10-22 21:01:08.507723679 +0200
@@ -5,6 +5,7 @@
- - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
-vulnerable to a bypass of the TLS handshake and included
-protections (like certificate verification) and treating sent
-unencrypted data as if it were post-handshake TLS encrypted data.
-Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
-Gregory P. Smith.
+ - (bsc#1215454, gh-108310)Fixed an issue where instances
+of ssl.SSLSocket were vulnerable to a bypass of the TLS
+handshake and included protections (like certificate
+verification) and treating sent unencrypted data as if it
+were post-handshake TLS encrypted data. Security issue
+reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory
+P. Smith.
@@ -59 +60 @@
-- Update to 3.9.17:
+- Update to 3.9.17 (bsc#1212015):
@@ -456 +457 @@
- * Support Expat >= 2.4.4 (jsc#SLE-21253)
+ * Support Expat >= 2.4.4 (jsc#SLE-21253, CVE-2022-25236)
Other differences:
--
++ downport-Sphinx-features.patch ++
--- /var/tmp/diff_new_pack.jTXMWV/_old 2023-10-22 21:01:09.663765715 +0200
+++ /var/tmp/diff_new_pack.jTXMWV/_new 2023-10-22 21:01:09.667765860 +0200
@@ -40,7 +40,7 @@
Permission bits, as for :func:`os.chmod`.
-@@ -727,14 +722,12 @@ A ``TarInfo`` object has the following p
+@@ -727,7 +722,6 @@ A ``TarInfo`` object has the following p
.. attribute:: TarInfo.linkname
@@ -48,6 +48,7 @@
Name of the target file name, which is only present in :class:`TarInfo`
objects
of type :const:`LNKTYPE` and :const:`SYMTYPE`.
+@@ -739,7 +733,6 @@ A ``TarInfo`` object has the following p
.. attribute:: TarInfo.uid
@@ -55,7 +56,7 @@
User ID of the user who originally stored this member.
-@@ -745,7 +738,6 @@ A ``TarInfo`` object has the following p
+@@ -750,7 +743,6 @@ A ``TarInfo`` object has the following p
attribute.
.. attribute:: TarInfo.gid
@@ -63,7 +64,7 @@
Group ID of the user who originally stored this member.
-@@ -756,7 +748,6 @@ A ``TarInfo`` object has the following p
+@@ -761,7 +753,6 @@ A ``TarInfo`` object has the following p
attribute.
.. attribute:: TarInfo.uname
@@ -71,7 +72,7 @@
User name.
-@@ -767,7 +758,6 @@ A ``TarInfo`` object has the following p
+@@ -772,7 +763,6 @@ A ``TarInfo`` object has the following p
attribute.
.. attribute:: TarInfo.gname
@@ -79,7 +80,7 @@
Group name.
-@@ -778,7 +768,6 @@ A ``TarInfo`` object has the following p
+@@ -783,7 +773,6 @@ A ``TarInfo`` object has the following p
attribute.
.. attribute:: TarInfo.pax_headers
++ no-skipif-doctests.patch ++
--- /var/tmp/diff_new_pack.jTXMWV/_old 2023-10-22 21:01:09.743768624 +0200
+++ /var/tmp/diff_new_pack.jTXMWV/_new 2023-10-22 21:01:09.747768769 +0200
@@ -1,5 +1,10 @@
only in patch2:
unchanged:
+---
+ Doc/conf.py|2 -
+ Doc/library/turtle.rst | 82
-
+ 2 files changed, 1 insertion(+), 83 deletions(-)
+
--- a/Doc/conf.py
+++ b/Doc/conf.py
@@ -46,7 +46,7 @@ today_fmt = '%B %d, %Y'
@@ -314,7 +319,7 @@
>>> turtle.color("black", "red")
>>> turtle.begin_fill()
-@@ -1075,7 +1036,6 @@ More drawing control
+@@ -1074,7 +1035,6 @@ More drawing control
variables to the default values.
.. doctest::
@@ -322,7 +327,7 @@
>>> turtle.goto(0,-22)
>>> turtle.left(100)
-@@ -1127,7 +1087,6 @@ Visibility
+@@ -1125,7 +1085,6 @@ Visibility
drawing observably.
.. doctest::
@@ -330,7 +335,7 @@
>>> turtle.hideturtle()
-@@ -1138,7 +1097,6 @@ Visibility
+@@ -1136,7 +1095,6 @@ Visibility
Make the turtle visible.
.. doctest::
@@ -338,7 +343,7 @@
>>> turtle.showturtle()
-@@ -1169,7 +1127,6 @@ Appearance
+@@ -1167,7 +1125,6 @@ Appearance
deal with shapes see Screen method :func:`register_shape`.
.. doctest::
@@ -346,7 +351,7 @@
>>> turtle.shape()
'classic'
-@@ -1195,7 +1152,6 @@ Appearance
+@@ -1193,7 +1150,6 @@ Appearance
``resizemode("user")`` is called by :func:`shapesize` when used with
arguments.
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2023-09-10 13:09:09
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.1766 (New)
Package is "python39"
Sun Sep 10 13:09:09 2023 rev:50 rq:1109203 version:3.9.18
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2023-08-06
16:29:16.479587372 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.1766/python39.changes
2023-09-10 13:09:10.288284783 +0200
@@ -1,0 +2,17 @@
+Wed Sep 6 06:38:27 UTC 2023 - Daniel Garcia
+
+- Update to 3.9.18 (bsc#1214692):
+ - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
+vulnerable to a bypass of the TLS handshake and included
+protections (like certificate verification) and treating sent
+unencrypted data as if it were post-handshake TLS encrypted data.
+Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
+Gregory P. Smith.
+ - gh-107845: tarfile.data_filter() now takes the location of
+symlinks into account when determining their target, so it will no
+longer reject some valid tarballs with
+LinkOutsideDestinationError.
+ - gh-107565: Update multissltests and GitHub CI workflows to use
+OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
+
+---
Old:
Python-3.9.17.tar.xz
Python-3.9.17.tar.xz.asc
New:
Python-3.9.18.tar.xz
Python-3.9.18.tar.xz.asc
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.08AMWM/_old 2023-09-10 13:09:15.764480432 +0200
+++ /var/tmp/diff_new_pack.08AMWM/_new 2023-09-10 13:09:15.780481004 +0200
@@ -93,7 +93,7 @@
%define dynlib()
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
-Version:3.9.17
+Version:3.9.18
Release:0
Summary:Python 3 Interpreter
License:Python-2.0
++ Python-3.9.17.tar.xz -> Python-3.9.18.tar.xz ++
/work/SRC/openSUSE:Factory/python39/Python-3.9.17.tar.xz
/work/SRC/openSUSE:Factory/.python39.new.1766/Python-3.9.18.tar.xz differ: char
27, line 1
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2023-08-06 16:29:14
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.22712 (New)
Package is "python39"
Sun Aug 6 16:29:14 2023 rev:49 rq:1102236 version:3.9.17
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2023-08-01
14:15:37.127518980 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.22712/python39.changes
2023-08-06 16:29:16.479587372 +0200
@@ -1,0 +2,14 @@
+Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl
+
+- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED!
+- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
+ partially reverting CVE-2023-27043-email-parsing-errors.patch,
+ because of the regression in gh#python/cpython#106669.
+- (bsc#1210638, CVE-2023-27043) Add
+ CVE-2023-27043-email-parsing-errors.patch, which detects email
+ address parsing errors and returns empty tuple to indicate the
+ parsing error (old API). (The patch is faulty,
+ gh#python/cpython#106669, but upstream decided not to just
+ revert it).
+
+---
New:
CVE-2023-27043-email-parsing-errors.patch
Revert-gh105127-left-tests.patch
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.orSO6o/_old 2023-08-06 16:29:18.507600361 +0200
+++ /var/tmp/diff_new_pack.orSO6o/_new 2023-08-06 16:29:18.515600412 +0200
@@ -173,6 +173,14 @@
# PATCH-FIX-OPENSUSE downport-Sphinx-features.patch mc...@suse.com
# Make documentation build with older Sphinx
Patch41:downport-Sphinx-features.patch
+# PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638
mc...@suse.com
+# Detect email address parsing errors and return empty tuple to
+# indicate the parsing error (old API), from gh#python/cpython!105127
+# Patch carries a REGRESSION (gh#python/cpython#106669), so it has been also
partially REVERTED
+Patch42:CVE-2023-27043-email-parsing-errors.patch
+# PATCH-FIX-UPSTREAM Revert-gh105127-left-tests.patch bsc#1210638
mc...@suse.com
+# Partially revert previous patch
+Patch43:Revert-gh105127-left-tests.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -436,6 +444,8 @@
%if 0%{?sle_version} && 0%{?sle_version} <= 150500
%patch41 -p1
%endif
+%patch42 -p1
+%patch43 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++ CVE-2023-27043-email-parsing-errors.patch ++
---
Doc/library/email.utils.rst |
26 +++
Lib/email/utils.py |
63 +++
Lib/test/test_email/test_email.py|
81 +-
Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst |
4
4 files changed, 164 insertions(+), 10 deletions(-)
--- a/Doc/library/email.utils.rst
+++ b/Doc/library/email.utils.rst
@@ -67,6 +67,11 @@ of the new API.
*email address* parts. Returns a tuple of that information, unless the
parse
fails, in which case a 2-tuple of ``('', '')`` is returned.
+ .. versionchanged:: 3.12
+ For security reasons, addresses that were ambiguous and could parse into
+ multiple different addresses now cause ``('', '')`` to be returned
+ instead of only one of the *potential* addresses.
+
.. function:: formataddr(pair, charset='utf-8')
@@ -89,7 +94,7 @@ of the new API.
This method returns a list of 2-tuples of the form returned by
``parseaddr()``.
*fieldvalues* is a sequence of header field values as might be returned by
:meth:`Message.get_all `. Here's a simple
- example that gets all the recipients of a message::
+ example that gets all the recipients of a message:
from email.utils import getaddresses
@@ -99,6 +104,25 @@ of the new API.
resent_ccs = msg.get_all('resent-cc', [])
all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs)
+ When parsing fails for a single fieldvalue, a 2-tuple of ``('', '')``
+ is returned in its place. Other errors in parsing the list of
+ addresses such as a fieldvalue seemingly parsing into multiple
+ addresses may result in a list containing a single empty 2-tuple
+ ``[('', '')]`` being returned rather than returning potentially
+ invalid output.
+
+ Example malformed input parsing:
+
+ .. doctest::
+
+ >>> from email.utils import getaddresses
+ >>> getaddresses(['al...@example.com ',
'm...@example.com'])
+ [('', '')]
+
+ .. versionchanged:: 3.12
+
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2023-08-01 14:15:34
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.32662 (New)
Package is "python39"
Tue Aug 1 14:15:34 2023 rev:48 rq:1101338 version:3.9.17
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2023-07-27
16:50:01.733549977 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.32662/python39.changes
2023-08-01 14:15:37.127518980 +0200
@@ -1,0 +2,6 @@
+Sat Jul 29 20:18:14 UTC 2023 - Matej Cepl
+
+- Add bpo-37596-make-set-marshalling.patch making marshalling of
+ `set` and `frozenset` deterministic (bsc#1211765).
+
+---
New:
bpo-37596-make-set-marshalling.patch
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.dl1ows/_old 2023-08-01 14:15:38.459526805 +0200
+++ /var/tmp/diff_new_pack.dl1ows/_new 2023-08-01 14:15:38.467526851 +0200
@@ -161,6 +161,9 @@
# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
gh#python/cpython#98366 mc...@suse.com
# this patch makes things totally awesome
Patch37:98437-sphinx.locale._-as-gettext-in-pyspecific.patch
+# PATCH-FIX-UPSTREAM bpo-37596-make-set-marshalling.patch bsc#1211765
mc...@suse.com
+# Make `set` and `frozenset` marshalling deterministic
+Patch38:bpo-37596-make-set-marshalling.patch
# PATCH-FIX-UPSTREAM gh-78214-marshal_stabilize_FLAG_REF.patch bsc#1213463
mc...@suse.com
# marshal: Stabilize FLAG_REF usage
Patch39:gh-78214-marshal_stabilize_FLAG_REF.patch
@@ -410,7 +413,6 @@
%prep
%setup -q -n %{tarname}
%patch02 -p1
-
%patch06 -p1
%patch07 -p1
%patch08 -p1
@@ -428,6 +430,7 @@
%endif
%patch35 -p1
%patch37 -p1
+%patch38 -p1
%patch39 -p1
%patch40 -p1
%if 0%{?sle_version} && 0%{?sle_version} <= 150500
++ bpo-37596-make-set-marshalling.patch ++
>From 33d95c6facdfda3c8c0feffa7a99184e4abc2f63 Mon Sep 17 00:00:00 2001
From: Brandt Bucher
Date: Wed, 25 Aug 2021 04:14:34 -0700
Subject: [PATCH] bpo-37596: Make `set` and `frozenset` marshalling
deterministic (GH-27926)
---
Lib/test/test_marshal.py | 26
Misc/NEWS.d/next/Library/2021-08-23-21-39-59.bpo-37596.ojRcwB.rst |2
Python/marshal.c | 32
++
3 files changed, 60 insertions(+)
create mode 100644
Misc/NEWS.d/next/Library/2021-08-23-21-39-59.bpo-37596.ojRcwB.rst
--- a/Lib/test/test_marshal.py
+++ b/Lib/test/test_marshal.py
@@ -1,4 +1,5 @@
from test import support
+from test.support.script_helper import assert_python_ok
import array
import io
import marshal
@@ -324,6 +325,31 @@ class BugsTestCase(unittest.TestCase):
for i in range(len(data)):
self.assertRaises(EOFError, marshal.loads, data[0: i])
+def test_deterministic_sets(self):
+# bpo-37596: To support reproducible builds, sets and frozensets need
to
+# have their elements serialized in a consistent order (even when they
+# have been scrambled by hash randomization):
+for kind in ("set", "frozenset"):
+for elements in (
+"float('nan'), b'a', b'b', b'c', 'x', 'y', 'z'",
+# Also test for bad interactions with backreferencing:
+"('string', 1), ('string', 2), ('string', 3)",
+):
+s = f"{kind}([{elements}])"
+with self.subTest(s):
+# First, make sure that our test case still has different
+# orders under hash seeds 0 and 1. If this check fails, we
+# need to update this test with different elements:
+args = ["-c", f"print({s})"]
+_, repr_0, _ = assert_python_ok(*args, PYTHONHASHSEED="0")
+_, repr_1, _ = assert_python_ok(*args, PYTHONHASHSEED="1")
+self.assertNotEqual(repr_0, repr_1)
+# Then, perform the actual test:
+args = ["-c", f"import marshal; print(marshal.dumps({s}))"]
+_, dump_0, _ = assert_python_ok(*args, PYTHONHASHSEED="0")
+_, dump_1, _ = assert_python_ok(*args, PYTHONHASHSEED="1")
+self.assertEqual(dump_0, dump_1)
+
LARGE_SIZE = 2**31
pointer_size = 8 if sys.maxsize > 0x else 4
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2021-08-23-21-39-59.bpo-37596.ojRcwB.rst
@@ -0,0 +1,2 @@
+Ensure that :class:`set` and :class:`frozenset` objects are always
+:mod:`marshalled `
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2023-07-27 16:49:51
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.32662 (New)
Package is "python39"
Thu Jul 27 16:49:51 2023 rev:47 rq:1100886 version:3.9.17
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2023-07-01
23:18:09.838300845 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.32662/python39.changes
2023-07-27 16:50:01.733549977 +0200
@@ -1,0 +2,12 @@
+Wed Jul 19 11:15:39 UTC 2023 - Matej Cepl
+
+- Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for
+ stabilizing FLAG_REF usage (required for reproduceability;
+ bsc#1213463).
+
+---
+Fri Jul 14 10:25:54 UTC 2023 - Matej Cepl
+
+- Revert faulty fix for CVE-2023-27043 (gh#python/cpython#106669)
+
+---
New:
gh-78214-marshal_stabilize_FLAG_REF.patch
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.Bw9tYJ/_old 2023-07-27 16:50:02.773555853 +0200
+++ /var/tmp/diff_new_pack.Bw9tYJ/_new 2023-07-27 16:50:02.777555876 +0200
@@ -161,6 +161,9 @@
# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
gh#python/cpython#98366 mc...@suse.com
# this patch makes things totally awesome
Patch37:98437-sphinx.locale._-as-gettext-in-pyspecific.patch
+# PATCH-FIX-UPSTREAM gh-78214-marshal_stabilize_FLAG_REF.patch bsc#1213463
mc...@suse.com
+# marshal: Stabilize FLAG_REF usage
+Patch39:gh-78214-marshal_stabilize_FLAG_REF.patch
# PATCH-FIX-UPSTREAM 99366-patch.dict-can-decorate-async.patch bsc#[0-9]+
mc...@suse.com
# Patch for gh#python/cpython#98086
Patch40:99366-patch.dict-can-decorate-async.patch
@@ -425,6 +428,7 @@
%endif
%patch35 -p1
%patch37 -p1
+%patch39 -p1
%patch40 -p1
%if 0%{?sle_version} && 0%{?sle_version} <= 150500
%patch41 -p1
++ gh-78214-marshal_stabilize_FLAG_REF.patch ++
>From 6c8ea7c1dacd42f3ba00440231ec0e6b1a38300d Mon Sep 17 00:00:00 2001
From: Inada Naoki
Date: Sat, 14 Jul 2018 00:46:11 +0900
Subject: [PATCH] Use FLAG_REF always for interned strings
---
Python/marshal.c |9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/Python/marshal.c
+++ b/Python/marshal.c
@@ -298,9 +298,14 @@ w_ref(PyObject *v, char *flag, WFILE *p)
if (p->version < 3 || p->hashtable == NULL)
return 0; /* not writing object references */
-/* if it has only one reference, it definitely isn't shared */
-if (Py_REFCNT(v) == 1)
+/* If it has only one reference, it definitely isn't shared.
+ * But we use TYPE_REF always for interned string, to PYC file stable
+ * as possible.
+ */
+if (Py_REFCNT(v) == 1 &&
+!(PyUnicode_CheckExact(v) && PyUnicode_CHECK_INTERNED(v))) {
return 0;
+}
entry = _Py_hashtable_get_entry(p->hashtable, v);
if (entry != NULL) {
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2023-07-01 23:18:01
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.13546 (New)
Package is "python39"
Sat Jul 1 23:18:01 2023 rev:46 rq:1096213 version:3.9.17
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2023-05-21
19:08:02.662207665 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.13546/python39.changes
2023-07-01 23:18:09.838300845 +0200
@@ -1,0 +2,42 @@
+Fri Jun 30 20:23:43 UTC 2023 - Matej Cepl
+
+- Add downport-Sphinx-features.patch to make documentation
+ buildable even on SLE-15.
+
+---
+Wed Jun 28 19:12:12 UTC 2023 - Matej Cepl
+
+- Update to 3.9.17:
+ - gh-103142: The version of OpenSSL used in Windows and
+Mac installers has been upgraded to 1.1.1u to address
+CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
+as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
+fixed previously in 1.1.1t (gh-101727).
+ - gh-102153: urllib.parse.urlsplit() now strips leading C0
+control and space characters following the specification for
+URLs defined by WHATWG in response to CVE-2023-24329
+(bsc#1208471).
+ - gh-99889: Fixed a security in flaw in uu.decode() that could
+allow for directory traversal based on the input if no
+out_file was specified.
+ - gh-104049: Do not expose the local on-disk
+location in directory indexes produced by
+http.client.SimpleHTTPRequestHandler.
+ - gh-103935: trace.__main__ now uses io.open_code() for files
+to be executed instead of raw open().
+ - gh-102953: The extraction methods in tarfile, and
+shutil.unpack_archive(), have a new filter argument that
+allows limiting tar features than may be surprising or
+dangerous, such as creating files outside the destination
+directory. See Extraction filters for details (fixing
+CVE-2007-4559, bsc#1203750).
+ - gh-102126: Fixed a deadlock at shutdown when clearing thread
+states if any finalizer tries to acquire the runtime head
+lock.
+ - gh-100892: Fixed a crash due to a race while iterating over
+thread states in clearing threading.local.
+- Remove upstreamed patches:
+ - CVE-2023-24329-blank-URL-bypass.patch
+ - CVE-2007-4559-filter-tarfile_extractall.patch
+
+---
@@ -14,5 +55,0 @@
-
-Sun Apr 30 18:16:37 UTC 2023 - Matej Cepl
-
-- Why in the world we download from HTTP?
Old:
CVE-2007-4559-filter-tarfile_extractall.patch
CVE-2023-24329-blank-URL-bypass.patch
Python-3.9.16.tar.xz
Python-3.9.16.tar.xz.asc
New:
Python-3.9.17.tar.xz
Python-3.9.17.tar.xz.asc
downport-Sphinx-features.patch
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.eUowwe/_old 2023-07-01 23:18:11.370310029 +0200
+++ /var/tmp/diff_new_pack.eUowwe/_new 2023-07-01 23:18:11.374310053 +0200
@@ -93,7 +93,7 @@
%define dynlib()
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
-Version:3.9.16
+Version:3.9.17
Release:0
Summary:Python 3 Interpreter
License:Python-2.0
@@ -161,16 +161,12 @@
# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
gh#python/cpython#98366 mc...@suse.com
# this patch makes things totally awesome
Patch37:98437-sphinx.locale._-as-gettext-in-pyspecific.patch
-# PATCH-FIX-UPSTREAM CVE-2023-24329-blank-URL-bypass.patch bsc#1208471
mc...@suse.com
-# blocklist bypass via the urllib.parse component when supplying
-# a URL that starts with blank characters
-Patch38:CVE-2023-24329-blank-URL-bypass.patch
-# PATCH-FIX-UPSTREAM CVE-2007-4559-filter-tarfile_extractall.patch bsc#1203750
mc...@suse.com
-# Implement PEP-706 to filter outcome of the tarball extracing
-Patch39:CVE-2007-4559-filter-tarfile_extractall.patch
# PATCH-FIX-UPSTREAM 99366-patch.dict-can-decorate-async.patch bsc#[0-9]+
mc...@suse.com
# Patch for gh#python/cpython#98086
Patch40:99366-patch.dict-can-decorate-async.patch
+# PATCH-FIX-OPENSUSE downport-Sphinx-features.patch mc...@suse.com
+# Make documentation build with older Sphinx
+Patch41:downport-Sphinx-features.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -429,9 +425,10 @@
%endif
%patch35 -p1
%patch37 -p1
-%patch38 -p1
-%patch39 -p1
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2023-06-04 00:12:18
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.15902 (New)
Package is "python39"
Sun Jun 4 00:12:18 2023 rev:45 rq:1085861 version:3.9.16
Changes:
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.cD7i2e/_old 2023-06-04 00:12:21.16939 +0200
+++ /var/tmp/diff_new_pack.cD7i2e/_new 2023-06-04 00:12:21.17787 +0200
@@ -556,11 +556,6 @@
EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver
test_multiprocessing_spawn test_os test_posix test_signal test_socket
test_subprocess"
%endif
-# gh#python/cpython#81350
-%if 0%{?suse_version} <= 1500
-EXCLUDE="$EXCLUDE test_capi"
-%endif
-
# This test (part of test_uuid) requires real network interfaces
# so that ifconfig output has "HWaddr ". Some kvm instances
# done have any such interface breaking the uuid module.
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2023-05-21 19:07:58
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.1533 (New)
Package is "python39"
Sun May 21 19:07:58 2023 rev:44 rq:1087859 version:3.9.16
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2023-04-20
15:13:51.277786547 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.1533/python39.changes
2023-05-21 19:08:02.662207665 +0200
@@ -1,0 +2,19 @@
+Sat May 6 17:31:35 UTC 2023 - Matej Cepl
+
+- Add 99366-patch.dict-can-decorate-async.patch fixing
+ gh#python/cpython#98086 (backport from Python 3.10 patch in
+ gh#python/cpython!99366), fixing bsc#1211158.
+
+---
+Wed May 3 14:09:37 UTC 2023 - Matej Cepl
+
+- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
+ CVE-2007-4559 (bsc#1203750) by adding the filter for
+ tarfile.extractall (PEP 706).
+
+---
+Sun Apr 30 18:16:37 UTC 2023 - Matej Cepl
+
+- Why in the world we download from HTTP?
+
+---
New:
99366-patch.dict-can-decorate-async.patch
CVE-2007-4559-filter-tarfile_extractall.patch
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.nsNGm4/_old 2023-05-21 19:08:03.486212369 +0200
+++ /var/tmp/diff_new_pack.nsNGm4/_new 2023-05-21 19:08:03.494212414 +0200
@@ -98,8 +98,8 @@
Summary:Python 3 Interpreter
License:Python-2.0
URL:https://www.python.org/
-Source0:
http://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz
-Source1:
http://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc
+Source0:
https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz
+Source1:
https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc
Source2:baselibs.conf
Source3:README.SUSE
Source7:macros.python3
@@ -165,6 +165,12 @@
# blocklist bypass via the urllib.parse component when supplying
# a URL that starts with blank characters
Patch38:CVE-2023-24329-blank-URL-bypass.patch
+# PATCH-FIX-UPSTREAM CVE-2007-4559-filter-tarfile_extractall.patch bsc#1203750
mc...@suse.com
+# Implement PEP-706 to filter outcome of the tarball extracing
+Patch39:CVE-2007-4559-filter-tarfile_extractall.patch
+# PATCH-FIX-UPSTREAM 99366-patch.dict-can-decorate-async.patch bsc#[0-9]+
mc...@suse.com
+# Patch for gh#python/cpython#98086
+Patch40:99366-patch.dict-can-decorate-async.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -424,6 +430,8 @@
%patch35 -p1
%patch37 -p1
%patch38 -p1
+%patch39 -p1
+%patch40 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
@@ -548,6 +556,11 @@
EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver
test_multiprocessing_spawn test_os test_posix test_signal test_socket
test_subprocess"
%endif
+# gh#python/cpython#81350
+%if 0%{?suse_version} <= 1500
+EXCLUDE="$EXCLUDE test_capi"
+%endif
+
# This test (part of test_uuid) requires real network interfaces
# so that ifconfig output has "HWaddr ". Some kvm instances
# done have any such interface breaking the uuid module.
++ 99366-patch.dict-can-decorate-async.patch ++
>From c0dea0309b9a0a7cbc87727c9957f0a388fb9b0f Mon Sep 17 00:00:00 2001
From: Nikita Sobolev
Date: Fri, 11 Nov 2022 11:04:30 +0300
Subject: [PATCH] gh-98086: Now ``patch.dict`` can decorate async functions
(GH-98095) (cherry picked from commit
67b4d2772c5124b908f8ed9b13166a79bbeb88d2)
Co-authored-by: Nikita Sobolev
---
Lib/unittest/mock.py | 18
++
Lib/unittest/test/testmock/testasync.py| 17
+
Misc/NEWS.d/next/Library/2022-10-08-19-39-27.gh-issue-98086.y---WC.rst |1
3 files changed, 36 insertions(+)
create mode 100644
Misc/NEWS.d/next/Library/2022-10-08-19-39-27.gh-issue-98086.y---WC.rst
--- a/Lib/unittest/mock.py
+++ b/Lib/unittest/mock.py
@@ -1761,6 +1761,12 @@ class _patch_dict(object):
def __call__(self, f):
if isinstance(f, type):
return self.decorate_class(f)
+if inspect.iscoroutinefunction(f):
+return self.decorate_async_callable(f)
+return self.decorate_callable(f)
+
+
+def decorate_callable(self, f):
@wraps(f)
def _inner(*args, **kw):
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2023-04-20 15:13:29
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.2023 (New)
Package is "python39"
Thu Apr 20 15:13:29 2023 rev:43 rq:1080041 version:3.9.16
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2023-03-03
22:24:13.402467959 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.2023/python39.changes
2023-04-20 15:13:51.277786547 +0200
@@ -1,0 +2,5 @@
+Tue Apr 18 05:00:11 UTC 2023 - Steve Kowalik
+
+- Use python3 modules to build the documentation.
+
+---
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.UGRtIw/_old 2023-04-20 15:13:52.037790032 +0200
+++ /var/tmp/diff_new_pack.UGRtIw/_new 2023-04-20 15:13:52.041790049 +0200
@@ -192,13 +192,8 @@
BuildRequires: mpdecimal-devel
%endif
%if %{with doc}
-%if 0%{?sle_version} && 0%{?sle_version} <= 150300
BuildRequires: python3-Sphinx
BuildRequires: python3-python-docs-theme >= 2022.1
-%else
-BuildRequires: %{python_pkg_name}-Sphinx
-BuildRequires: %{python_pkg_name}-python-docs-theme >= 2022.1
-%endif
%endif
%if %{with general}
# required for idle3 (.desktop and .appdata.xml files)
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2023-03-03 22:24:11
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.31432 (New)
Package is "python39"
Fri Mar 3 22:24:11 2023 rev:42 rq:1068564 version:3.9.16
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2023-02-22
15:21:13.501738263 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.31432/python39.changes
2023-03-03 22:24:13.402467959 +0100
@@ -1,0 +2,7 @@
+Wed Mar 1 14:43:31 UTC 2023 - Matej Cepl
+
+- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
+ bsc#1208471) blocklists bypass via the urllib.parse component
+ when supplying a URL that starts with blank characters
+
+---
New:
CVE-2023-24329-blank-URL-bypass.patch
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.rtzHwL/_old 2023-03-03 22:24:14.314471425 +0100
+++ /var/tmp/diff_new_pack.rtzHwL/_new 2023-03-03 22:24:14.322471455 +0100
@@ -161,6 +161,10 @@
# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
gh#python/cpython#98366 mc...@suse.com
# this patch makes things totally awesome
Patch37:98437-sphinx.locale._-as-gettext-in-pyspecific.patch
+# PATCH-FIX-UPSTREAM CVE-2023-24329-blank-URL-bypass.patch bsc#1208471
mc...@suse.com
+# blocklist bypass via the urllib.parse component when supplying
+# a URL that starts with blank characters
+Patch38:CVE-2023-24329-blank-URL-bypass.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -424,6 +428,7 @@
%endif
%patch35 -p1
%patch37 -p1
+%patch38 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++ CVE-2023-24329-blank-URL-bypass.patch ++
>From a284d69de1d1a42714576d4a9562145a94e62127 Mon Sep 17 00:00:00 2001
From: Ben Kallus
Date: Sat, 12 Nov 2022 15:43:33 -0500
Subject: [PATCH 1/2] gh-99418: Prevent urllib.parse.urlparse from accepting
schemes that don't begin with an alphabetical ASCII character.
---
Lib/test/test_urlparse.py | 18
++
Lib/urllib/parse.py|2 -
Misc/NEWS.d/next/Library/2022-11-12-15-45-51.gh-issue-99418.FxfAXS.rst |2 +
3 files changed, 21 insertions(+), 1 deletion(-)
--- a/Lib/test/test_urlparse.py
+++ b/Lib/test/test_urlparse.py
@@ -665,6 +665,24 @@ class UrlParseTestCase(unittest.TestCase
with self.assertRaises(ValueError):
p.port
+def test_attributes_bad_scheme(self):
+"""Check handling of invalid schemes."""
+for bytes in (False, True):
+for parse in (urllib.parse.urlsplit, urllib.parse.urlparse):
+for scheme in (".", "+", "-", "0", "http&", "६http"):
+with self.subTest(bytes=bytes, parse=parse, scheme=scheme):
+url = scheme + "://www.example.net"
+if bytes:
+if url.isascii():
+url = url.encode("ascii")
+else:
+continue
+p = parse(url)
+if bytes:
+self.assertEqual(p.scheme, b"")
+else:
+self.assertEqual(p.scheme, "")
+
def test_attributes_without_netloc(self):
# This example is straight from RFC 3261. It looks like it
# should allow the username, hostname, and port to be filled
--- a/Lib/urllib/parse.py
+++ b/Lib/urllib/parse.py
@@ -470,7 +470,7 @@ def urlsplit(url, scheme='', allow_fragm
clear_cache()
netloc = query = fragment = ''
i = url.find(':')
-if i > 0:
+if i > 0 and url[0].isascii() and url[0].isalpha():
for c in url[:i]:
if c not in scheme_chars:
break
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2022-11-12-15-45-51.gh-issue-99418.FxfAXS.rst
@@ -0,0 +1,2 @@
+Fix bug in :func:`urllib.parse.urlparse` that causes URL schemes that begin
+with a digit, a plus sign, or a minus sign to be parsed incorrectly.
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2023-02-22 15:21:12
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.1706 (New)
Package is "python39"
Wed Feb 22 15:21:12 2023 rev:41 rq:1067030 version:3.9.16
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2023-01-29
14:16:37.492952051 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.1706/python39.changes
2023-02-22 15:21:13.501738263 +0100
@@ -1,0 +2,6 @@
+Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl
+
+- Add provides for readline and sqlite3 to the main Python
+ package.
+
+---
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.O99HCY/_old 2023-02-22 15:21:14.417743459 +0100
+++ /var/tmp/diff_new_pack.O99HCY/_new 2023-02-22 15:21:14.421743481 +0100
@@ -210,11 +210,15 @@
BuildRequires: pkgconfig(tk)
BuildRequires: pkgconfig(x11)
Requires: %{python_pkg_name}-base = %{version}
+Provides: %{python_pkg_name}-readline
+Provides: %{python_pkg_name}-sqlite3
Recommends: %{python_pkg_name}-curses
Recommends: %{python_pkg_name}-dbm
Recommends: %{python_pkg_name}-pip
%if %{primary_interpreter}
Provides: python3 = %{python_version}
+Provides: python3-readline
+Provides: python3-sqlite3
%endif
%endif
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2023-01-29 14:10:09
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.32243 (New)
Package is "python39"
Sun Jan 29 14:10:09 2023 rev:40 rq:1061593 version:3.9.16
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2023-01-15
17:58:01.242151123 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.32243/python39.changes
2023-01-29 14:16:37.492952051 +0100
@@ -1,0 +2,5 @@
+Fri Jan 27 15:00:21 UTC 2023 - Thorsten Kukuk
+
+- Disable NIS for new products, it's deprecated and gets removed
+
+---
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.d3fWKF/_old 2023-01-29 14:16:38.152955296 +0100
+++ /var/tmp/diff_new_pack.d3fWKF/_new 2023-01-29 14:16:38.152955296 +0100
@@ -180,7 +180,7 @@
# The provider for python(abi) is in rpm-build-python
BuildRequires: rpm-build-python
%endif
-%if 0%{?suse_version} >= 1500
+%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599
BuildRequires: pkgconfig(libnsl)
BuildRequires: pkgconfig(libtirpc)
%endif
@@ -779,7 +779,9 @@
%exclude %{sitedir}/sqlite3/test
%{dynlib readline}
%{dynlib _sqlite3}
+%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599
%{dynlib nis}
+%endif
%files -n %{python_pkg_name}-idle
%defattr(644, root, root, 755)
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2023-01-15 17:57:54
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.32243 (New)
Package is "python39"
Sun Jan 15 17:57:54 2023 rev:39 rq:1058286 version:3.9.16
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2022-12-09
13:16:56.866736110 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.32243/python39.changes
2023-01-15 17:58:01.242151123 +0100
@@ -1,0 +2,5 @@
+Fri Jan 13 12:06:59 UTC 2023 - Martin Liška
+
+- Suppress warnings for Sphinx 6.0+.
+
+---
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.VQb0l5/_old 2023-01-15 17:58:03.638165345 +0100
+++ /var/tmp/diff_new_pack.VQb0l5/_new 2023-01-15 17:58:03.642165369 +0100
@@ -1,7 +1,7 @@
#
# spec file
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -458,7 +458,14 @@
cd Doc
sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py
+
+%if 0%{?suse_version} >= 1550
+# Sphinx 6.0+ reports various warnings that are not backported
+# branch.
+%make_build html SPHINXERRORHANDLING=""
+%else
%make_build -j1 html
+%endif
# Build also devhelp files
sphinx-build -a -b devhelp . build/devhelp
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2022-12-09 13:16:49
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.1835 (New)
Package is "python39"
Fri Dec 9 13:16:49 2022 rev:38 rq:1041648 version:3.9.16
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2022-11-12
17:39:59.473747246 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.1835/python39.changes
2022-12-09 13:16:56.866736110 +0100
@@ -1,0 +2,45 @@
+Thu Dec 8 10:43:43 UTC 2022 - Matej Cepl
+
+- Update to 3.9.16:
+ - python -m http.server no longer allows terminal control
+characters sent within a garbage request to be printed to the
+stderr server log.
+This is done by changing the http.server
+BaseHTTPRequestHandler .log_message method to replace control
+characters with a \xHH hex escape before printing.
+ - Avoid publishing list of active per-interpreter audit hooks
+via the gc module
+ - The IDNA codec decoder used on DNS hostnames by socket or
+asyncio related name resolution functions no longer involves
+a quadratic algorithm. This prevents a potential CPU denial
+of service if an out-of-spec excessive length hostname
+involving bidirectional characters were decoded. Some
+protocols such as urllib http 3xx redirects potentially allow
+for an attacker to supply such a name (CVE-2015-20107).
+ - Update bundled libexpat to 2.5.0
+ - Port XKCPâs fix for the buffer overflows in SHA-3
+(CVE-2022-37454).
+ - On Linux the multiprocessing module returns to using
+filesystem backed unix domain sockets for communication with
+the forkserver process instead of the Linux abstract socket
+namespace. Only code that chooses to use the âforkserverâ
+start method is affected.
+Abstract sockets have no permissions and could allow any
+user on the system in the same network namespace (often
+the whole system) to inject code into the multiprocessing
+forkserver process. This was a potential privilege
+escalation. Filesystem based socket permissions restrict this
+to the forkserver process user as was the default in Python
+3.8 and earlier.
+This prevents Linux CVE-2022-42919.
+ - The deprecated mailcap module now refuses to inject unsafe
+text (filenames, MIME types, parameters) into shell
+commands. Instead of using such text, it will warn and act
+as if a match was not found (or for test commands, as if the
+test failed).
+- Removed upstreamed patches:
+ - CVE-2015-20107-mailcap-unsafe-filenames.patch
+ - CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
+ - CVE-2022-45061-DoS-by-IDNA-decode.patch
+
+---
Old:
CVE-2015-20107-mailcap-unsafe-filenames.patch
CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
CVE-2022-45061-DoS-by-IDNA-decode.patch
Python-3.9.15.tar.xz
Python-3.9.15.tar.xz.asc
New:
Python-3.9.16.tar.xz
Python-3.9.16.tar.xz.asc
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.PG3Sa3/_old 2022-12-09 13:16:58.186743122 +0100
+++ /var/tmp/diff_new_pack.PG3Sa3/_new 2022-12-09 13:16:58.186743122 +0100
@@ -93,7 +93,7 @@
%define dynlib()
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
-Version:3.9.15
+Version:3.9.16
Release:0
Summary:Python 3 Interpreter
License:Python-2.0
@@ -158,18 +158,9 @@
# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253
mc...@suse.com
# Makes Python resilient to changes of API of libexpat
Patch35:support-expat-CVE-2022-25236-patched.patch
-# PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511
mc...@suse.com
-# avoid the command injection in the mailcap module.
-Patch36:CVE-2015-20107-mailcap-unsafe-filenames.patch
# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
gh#python/cpython#98366 mc...@suse.com
# this patch makes things totally awesome
Patch37:98437-sphinx.locale._-as-gettext-in-pyspecific.patch
-# PATCH-FIX-UPSTREAM CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
bsc#1204886 mc...@suse.com
-# Avoid Linux specific local privilege escalation via the multiprocessing
forkserver start method
-Patch38:CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
-# PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244
mc...@suse.com
-# Avoid DoS by decoding IDNA for too long domain
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2022-11-12 17:39:58
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.1597 (New)
Package is "python39"
Sat Nov 12 17:39:58 2022 rev:37 rq:1034968 version:3.9.15
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2022-11-05
14:46:34.310524814 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.1597/python39.changes
2022-11-12 17:39:59.473747246 +0100
@@ -1,0 +2,7 @@
+Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl
+
+- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
+ CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
+ extremely long domain names.
+
+---
New:
CVE-2022-45061-DoS-by-IDNA-decode.patch
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.BoYCPc/_old 2022-11-12 17:40:00.881755628 +0100
+++ /var/tmp/diff_new_pack.BoYCPc/_new 2022-11-12 17:40:00.889755676 +0100
@@ -167,6 +167,9 @@
# PATCH-FIX-UPSTREAM CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
bsc#1204886 mc...@suse.com
# Avoid Linux specific local privilege escalation via the multiprocessing
forkserver start method
Patch38:CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
+# PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244
mc...@suse.com
+# Avoid DoS by decoding IDNA for too long domain names
+Patch39:CVE-2022-45061-DoS-by-IDNA-decode.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -428,6 +431,7 @@
%patch36 -p1
%patch37 -p1
%patch38 -p1
+%patch39 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++ CVE-2022-45061-DoS-by-IDNA-decode.patch ++
>From b8f89940de09a51fdbd8fe4705d3d1d7f1bb0c6a Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
<31488909+miss-isling...@users.noreply.github.com>
Date: Mon, 7 Nov 2022 18:57:10 -0800
Subject: [PATCH] [3.11] gh-98433: Fix quadratic time idna decoding. (GH-99092)
(GH-99222)
There was an unnecessary quadratic loop in idna decoding. This restores
the behavior to linear.
(cherry picked from commit d315722564927c7202dd6e111dc79eaf14240b0d)
(cherry picked from commit a6f6c3a3d6f2b580f2d87885c9b8a9350ad7bf15)
Co-authored-by: Miss Islington (bot)
<31488909+miss-isling...@users.noreply.github.com>
Co-authored-by: Gregory P. Smith
---
Lib/encodings/idna.py | 32
--
Lib/test/test_codecs.py |6
+
Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst |6
+
3 files changed, 27 insertions(+), 17 deletions(-)
create mode 100644
Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst
--- a/Lib/encodings/idna.py
+++ b/Lib/encodings/idna.py
@@ -39,23 +39,21 @@ def nameprep(label):
# Check bidi
RandAL = [stringprep.in_table_d1(x) for x in label]
-for c in RandAL:
-if c:
-# There is a RandAL char in the string. Must perform further
-# tests:
-# 1) The characters in section 5.8 MUST be prohibited.
-# This is table C.8, which was already checked
-# 2) If a string contains any RandALCat character, the string
-# MUST NOT contain any LCat character.
-if any(stringprep.in_table_d2(x) for x in label):
-raise UnicodeError("Violation of BIDI requirement 2")
-
-# 3) If a string contains any RandALCat character, a
-# RandALCat character MUST be the first character of the
-# string, and a RandALCat character MUST be the last
-# character of the string.
-if not RandAL[0] or not RandAL[-1]:
-raise UnicodeError("Violation of BIDI requirement 3")
+if any(RandAL):
+# There is a RandAL char in the string. Must perform further
+# tests:
+# 1) The characters in section 5.8 MUST be prohibited.
+# This is table C.8, which was already checked
+# 2) If a string contains any RandALCat character, the string
+# MUST NOT contain any LCat character.
+if any(stringprep.in_table_d2(x) for x in label):
+raise UnicodeError("Violation of BIDI requirement 2")
+# 3) If a string contains any RandALCat character, a
+# RandALCat character MUST be the first character of the
+# string, and a RandALCat character MUST be the last
+# character of the string.
+if not RandAL[0] or not
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2022-11-05 14:46:31
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.2275 (New)
Package is "python39"
Sat Nov 5 14:46:31 2022 rev:36 rq:1033552 version:3.9.15
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2022-10-28
19:28:38.274362808 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.2275/python39.changes
2022-11-05 14:46:34.310524814 +0100
@@ -1,0 +2,8 @@
+Thu Nov 3 21:35:28 UTC 2022 - Matej Cepl
+
+- Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
+ CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
+ privilege escalation via the multiprocessing forkserver start
+ method.
+
+---
New:
CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.9oGhPr/_old 2022-11-05 14:46:35.170529830 +0100
+++ /var/tmp/diff_new_pack.9oGhPr/_new 2022-11-05 14:46:35.174529853 +0100
@@ -164,6 +164,9 @@
# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
gh#python/cpython#98366 mc...@suse.com
# this patch makes things totally awesome
Patch37:98437-sphinx.locale._-as-gettext-in-pyspecific.patch
+# PATCH-FIX-UPSTREAM CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
bsc#1204886 mc...@suse.com
+# Avoid Linux specific local privilege escalation via the multiprocessing
forkserver start method
+Patch38:CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -424,6 +427,7 @@
%patch35 -p1
%patch36 -p1
%patch37 -p1
+%patch38 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++ CVE-2022-42919-loc-priv-mulitproc-forksrv.patch ++
>From 85178d5849a4d9b5b46e7b91b1ebad7425139b44 Mon Sep 17 00:00:00 2001
From: "Gregory P. Smith"
Date: Thu, 20 Oct 2022 15:30:09 -0700
Subject: [PATCH] gh-97514: Don't use Linux abstract sockets for
multiprocessing (GH-98501)
Linux abstract sockets are insecure as they lack any form of filesystem
permissions so their use allows anyone on the system to inject code into
the process.
This removes the default preference for abstract sockets in
multiprocessing introduced in Python 3.9+ via
https://github.com/python/cpython/pull/18866 while fixing
https://github.com/python/cpython/issues/84031.
Explicit use of an abstract socket by a user now generates a
RuntimeWarning. If we choose to keep this warning, it should be
backported to the 3.7 and 3.8 branches.
(cherry picked from commit 49f61068f49747164988ffc5a442d2a63874fc17)
Co-authored-by: Gregory P. Smith
---
Lib/multiprocessing/connection.py |5
---
Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst | 15
++
2 files changed, 15 insertions(+), 5 deletions(-)
create mode 100644
Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
--- a/Lib/multiprocessing/connection.py
+++ b/Lib/multiprocessing/connection.py
@@ -73,11 +73,6 @@ def arbitrary_address(family):
if family == 'AF_INET':
return ('localhost', 0)
elif family == 'AF_UNIX':
-# Prefer abstract sockets if possible to avoid problems with the
address
-# size. When coding portable applications, some implementations have
-# sun_path as short as 92 bytes in the sockaddr_un struct.
-if util.abstract_sockets_supported:
-return f"\0listener-{os.getpid()}-{next(_mmap_counter)}"
return tempfile.mktemp(prefix='listener-', dir=util.get_temp_dir())
elif family == 'AF_PIPE':
return tempfile.mktemp(prefix=r'\\.\pipe\pyc-%d-%d-' %
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
@@ -0,0 +1,15 @@
+On Linux the :mod:`multiprocessing` module returns to using filesystem backed
+unix domain sockets for communication with the *forkserver* process instead of
+the Linux abstract socket namespace. Only code that chooses to use the
+:ref:`"forkserver" start method ` is affected.
+
+Abstract sockets have no permissions and could allow any user on the system in
+the same `network namespace
+`_ (often the
+whole system) to inject code into the multiprocessing *forkserver* process.
+This was a potential privilege escalation. Filesystem based socket permissions
+restrict this to the *forkserver* process user as was the default in Python
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2022-10-28 19:28:34
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.2275 (New)
Package is "python39"
Fri Oct 28 19:28:34 2022 rev:35 rq:1031408 version:3.9.15
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2022-09-17
20:08:16.960800783 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.2275/python39.changes
2022-10-28 19:28:38.274362808 +0200
@@ -1,0 +2,26 @@
+Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl
+
+- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to
+ allow building of documentation with the latest Sphinx 5.3.0
+ (gh#python/cpython#98366).
+
+---
+Wed Oct 19 07:12:23 UTC 2022 - Matej Cepl
+
+- Update to 3.9.15:
+ - Fix multiplying a list by an integer (list *= int): detect
+the integer overflow when the new allocated length is close
+to the maximum size.
+ - Fix a shell code injection vulnerability in the
+get-remote-certificate.py example script. The script no
+longer uses a shell to run openssl commands. (originally
+filed as CVE-2022-37460, later withdrawn)
+ - Fix command line parsing: reject -X int_max_str_digits option
+with no value (invalid) when the PYTHONINTMAXSTRDIGITS
+environment variable is set to a valid limit.
+ - When ValueError is raised if an integer is larger than the
+limit, mention the sys.set_int_max_str_digits() function in
+the error message.
+ - Update bundled libexpat to 2.4.9
+
+---
Old:
Python-3.9.14.tar.xz
Python-3.9.14.tar.xz.asc
New:
98437-sphinx.locale._-as-gettext-in-pyspecific.patch
Python-3.9.15.tar.xz
Python-3.9.15.tar.xz.asc
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.7kOqjP/_old 2022-10-28 19:28:39.390368404 +0200
+++ /var/tmp/diff_new_pack.7kOqjP/_new 2022-10-28 19:28:39.398368445 +0200
@@ -93,7 +93,7 @@
%define dynlib()
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
-Version:3.9.14
+Version:3.9.15
Release:0
Summary:Python 3 Interpreter
License:Python-2.0
@@ -161,6 +161,9 @@
# PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511
mc...@suse.com
# avoid the command injection in the mailcap module.
Patch36:CVE-2015-20107-mailcap-unsafe-filenames.patch
+# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
gh#python/cpython#98366 mc...@suse.com
+# this patch makes things totally awesome
+Patch37:98437-sphinx.locale._-as-gettext-in-pyspecific.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -420,6 +423,7 @@
%endif
%patch35 -p1
%patch36 -p1
+%patch37 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++ 98437-sphinx.locale._-as-gettext-in-pyspecific.patch ++
>From 5775f51691d7d64fb676586e008b41261ce64ac2 Mon Sep 17 00:00:00 2001
From: "Matt.Wang"
Date: Wed, 19 Oct 2022 14:49:08 +0800
Subject: [PATCH 1/2] fix(doc-tools): use sphinx.locale._ as gettext() for
backward-compatibility in pyspecific.py
[why] spinix 5.3 changed locale.translators from a
defaultdict(gettext.NullTranslations) to a dict, which leads to failure of
pyspecific.py. Use sphinx.locale._ as gettext to fix the issue.
---
Doc/tools/extensions/pyspecific.py |
8
Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst |
1 +
2 files changed, 5 insertions(+), 4 deletions(-)
--- a/Doc/tools/extensions/pyspecific.py
+++ b/Doc/tools/extensions/pyspecific.py
@@ -26,7 +26,7 @@ try:
from sphinx.errors import NoUri
except ImportError:
from sphinx.environment import NoUri
-from sphinx.locale import translators
+from sphinx.locale import _ as sphinx_gettext
from sphinx.util import status_iterator, logging
from sphinx.util.nodes import split_explicit_title
from sphinx.writers.text import TextWriter, TextTranslator
@@ -110,7 +110,7 @@ class ImplementationDetail(Directive):
def run(self):
pnode = nodes.compound(classes=['impl-detail'])
-label = translators['sphinx'].gettext(self.label_text)
+label = sphinx_gettext(self.label_text)
content = self.content
add_text = nodes.strong(label, label)
if self.arguments:
@@ -266,7 +266,7 @@ class
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2022-09-17 20:08:13
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.2083 (New)
Package is "python39"
Sat Sep 17 20:08:13 2022 rev:34 rq:1003029 version:3.9.14
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2022-09-03
23:18:36.199740946 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.2083/python39.changes
2022-09-17 20:08:16.960800783 +0200
@@ -1,0 +2,41 @@
+Sun Sep 11 08:49:43 UTC 2022 - Matej Cepl
+
+- Update to 3.9.14:
+ - (CVE-2020-10735, bsc#1203125). Converting between int
+and str in bases other than 2 (binary), 4, 8 (octal), 16
+(hexadecimal), or 32 such as base 10 (decimal) now raises a
+ValueError if the number of digits in string form is above a
+limit to avoid potential denial of service attacks due to the
+algorithmic complexity.
+This new limit can be configured or disabled by environment
+variable, command line flag, or sys APIs. See the integer
+string conversion length limitation documentation. The
+default limit is 4300 digits in string form.
+ - Also other bug fixes:
+- http.server: Fix an open redirection vulnerability in the
+ HTTP server when an URI path starts with //. Vulnerability
+ discovered, and initial fix proposed, by Hamza Avvan.
+- Fix contextvars HAMT implementation to handle iteration
+ over deep trees. The bug was discovered and fixed by Eli
+ Libman. See MagicStack/immutables#84 for more details.
+- Fix binding of unix socket to empty address on Linux to use
+ an available address from the abstract namespace, instead
+ of ???0???.
+- Suppress writing an XML declaration in open files
+ in ElementTree.write() with encoding='unicode' and
+ xml_declaration=None.
+- Fix the formatting for await x and not x in the operator
+ precedence table when using the help() system.
+- Fix ensurepip environment isolation for subprocess running
+ pip.
+- Fix problem with test_ssl test_get_ciphers on systems that
+ require perfect forward secrecy (PFS) ciphers.
+- test_ssl is now checking for supported TLS version and
+ protocols in more tests.
+- Removed upstreamed patches:
+ - CVE-2021-28861-double-slash-path.patch
+- Realign patches:
+ - bpo-31046_ensurepip_honours_prefix.patch
+ - sphinx-update-removed-function.patch
+
+---
Old:
CVE-2021-28861-double-slash-path.patch
Python-3.9.13.tar.xz
Python-3.9.13.tar.xz.asc
New:
Python-3.9.14.tar.xz
Python-3.9.14.tar.xz.asc
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.ALdwOb/_old 2022-09-17 20:08:18.180804303 +0200
+++ /var/tmp/diff_new_pack.ALdwOb/_new 2022-09-17 20:08:18.184804315 +0200
@@ -57,7 +57,7 @@
%define tarversion %{version}
%endif
# We don't process beta signs well
-%define folderversion 3.9.13
+%define folderversion %{version}
%define tarnamePython-%{tarversion}
%define sitedir %{_libdir}/python%{python_version}
# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
@@ -93,7 +93,7 @@
%define dynlib()
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
-Version:3.9.13
+Version:3.9.14
Release:0
Summary:Python 3 Interpreter
License:Python-2.0
@@ -161,9 +161,6 @@
# PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511
mc...@suse.com
# avoid the command injection in the mailcap module.
Patch36:CVE-2015-20107-mailcap-unsafe-filenames.patch
-# PATCH-FIX-UPSTREAM CVE-2021-28861 bsc#1202624 gh#python/cpython#94093
-# Coerce // to / in Lib/http/server.py
-Patch37:CVE-2021-28861-double-slash-path.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -423,7 +420,6 @@
%endif
%patch35 -p1
%patch36 -p1
-%patch37 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++ Python-3.9.13.tar.xz -> Python-3.9.14.tar.xz ++
/work/SRC/openSUSE:Factory/python39/Python-3.9.13.tar.xz
/work/SRC/openSUSE:Factory/.python39.new.2083/Python-3.9.14.tar.xz differ: char
26, line 1
++ bpo-31046_ensurepip_honours_prefix.patch ++
--- /var/tmp/diff_new_pack.ALdwOb/_old 2022-09-17 20:08:18.280804592 +0200
+++ /var/tmp/diff_new_pack.ALdwOb/_new 2022-09-17 20:08:18.284804603 +0200
@@ -55,7
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2022-09-03 23:18:32
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.2083 (New)
Package is "python39"
Sat Sep 3 23:18:32 2022 rev:33 rq:1000771 version:3.9.13
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2022-07-29
16:47:00.854505135 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.2083/python39.changes
2022-09-03 23:18:36.199740946 +0200
@@ -1,0 +2,7 @@
+Thu Sep 1 03:48:37 UTC 2022 - Steve Kowalik
+
+- Add patch CVE-2021-28861-double-slash-path.patch:
+ * http.server: Fix an open redirection vulnerability in the HTTP server
+when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
+
+---
New:
CVE-2021-28861-double-slash-path.patch
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.qVFdQX/_old 2022-09-03 23:18:37.099743299 +0200
+++ /var/tmp/diff_new_pack.qVFdQX/_new 2022-09-03 23:18:37.107743320 +0200
@@ -161,6 +161,9 @@
# PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511
mc...@suse.com
# avoid the command injection in the mailcap module.
Patch36:CVE-2015-20107-mailcap-unsafe-filenames.patch
+# PATCH-FIX-UPSTREAM CVE-2021-28861 bsc#1202624 gh#python/cpython#94093
+# Coerce // to / in Lib/http/server.py
+Patch37:CVE-2021-28861-double-slash-path.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -420,6 +423,7 @@
%endif
%patch35 -p1
%patch36 -p1
+%patch37 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++ CVE-2021-28861-double-slash-path.patch ++
>From 31dbe663f6c9ae68595dde9420381e065016ad6f Mon Sep 17 00:00:00 2001
From: "Gregory P. Smith"
Date: Tue, 21 Jun 2022 13:16:57 -0700
Subject: [PATCH] gh-87389: Fix an open redirection vulnerability in
http.server. (GH-93879)
Fix an open redirection vulnerability in the `http.server` module when
an URI path starts with `//` that could produce a 301 Location header
with a misleading target. Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).
Test and comments authored by Gregory P. Smith [Google].
(cherry picked from commit 4abab6b603dd38bec1168e9a37c40a48ec89508e)
Co-authored-by: Gregory P. Smith
---
Lib/http/server.py| 7 +++
Lib/test/test_httpservers.py | 53 ++-
...2-06-15-20-09-23.gh-issue-87389.QVaC3f.rst | 3 ++
3 files changed, 61 insertions(+), 2 deletions(-)
create mode 100644
Misc/NEWS.d/next/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst
diff --git a/Lib/http/server.py b/Lib/http/server.py
index 2d2300c2aeab..6bf9084341a6 100644
--- a/Lib/http/server.py
+++ b/Lib/http/server.py
@@ -330,6 +330,13 @@ def parse_request(self):
return False
self.command, self.path = command, path
+# gh-87389: The purpose of replacing '//' with '/' is to protect
+# against open redirect attacks possibly triggered if the path starts
+# with '//' because http clients treat //path as an absolute URI
+# without scheme (similar to http://path) rather than a path.
+if self.path.startswith('//'):
+self.path = '/' + self.path.lstrip('/') # Reduce to a single /
+
# Examine the headers and look for a Connection directive.
try:
self.headers = http.client.parse_headers(self.rfile,
diff --git a/Lib/test/test_httpservers.py b/Lib/test/test_httpservers.py
index c1494d29ca87..4acf7a6fea44 100644
--- a/Lib/test/test_httpservers.py
+++ b/Lib/test/test_httpservers.py
@@ -331,7 +331,7 @@ class request_handler(NoLogRequestHandler,
SimpleHTTPRequestHandler):
pass
def setUp(self):
-BaseTestCase.setUp(self)
+super().setUp()
self.cwd = os.getcwd()
basetempdir = tempfile.gettempdir()
os.chdir(basetempdir)
@@ -359,7 +359,7 @@ def tearDown(self):
except:
pass
finally:
-BaseTestCase.tearDown(self)
+super().tearDown()
def check_status_and_reason(self, response, status, data=None):
def close_conn():
@@ -415,6 +415,55 @@ def test_undecodable_filename(self):
self.check_status_and_reason(response, HTTPStatus.OK,
data=support.TESTFN_UNDECODABLE)
+def test_get_dir_redirect_location_domain_injection_bug(self):
+"""Ensure //evil.co/..%2f../../X does not put //evil.co/
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2022-07-29 16:46:57
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.1533 (New)
Package is "python39"
Fri Jul 29 16:46:57 2022 rev:32 rq:990683 version:3.9.13
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2022-06-29
16:01:41.804649737 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.1533/python39.changes
2022-07-29 16:47:00.854505135 +0200
@@ -1,0 +2,6 @@
+Thu Jul 21 14:19:55 UTC 2022 - Matej Cepl
+
+- Switch from %primary_interpreter to prjconf-defined
+ %primary_python (gh#openSUSE/python-rpm-macros#127).
+
+---
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.QrpjKr/_old 2022-07-29 16:47:01.702507493 +0200
+++ /var/tmp/diff_new_pack.QrpjKr/_new 2022-07-29 16:47:01.706507504 +0200
@@ -35,6 +35,14 @@
%bcond_with base
%bcond_without general
%endif
+
+%define python_pkg_name python39
+%if "%{python_pkg_name}" == "%{primary_python}"
+%define primary_interpreter 1
+%else
+%define primary_interpreter 0
+%endif
+
%define _version %(c=%{version}; echo ${c/[a-z]*/})
%define tar_suffix %(c=%{_version}; echo ${c#%{_version}})
%define python_version %(c=%{_version}; echo ${c:0:3})
@@ -48,14 +56,6 @@
%else
%define tarversion %{version}
%endif
-%define python_pkg_name python39
-# Will provide the python3-* provides
-# Will do the /usr/bin/python3 and all the core links
-%if 0%{?sle_version} || 0%{?suse_version} >= 1550
-%define primary_interpreter 0
-%else
-%define primary_interpreter 1
-%endif
# We don't process beta signs well
%define folderversion 3.9.13
%define tarnamePython-%{tarversion}
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python39 for openSUSE:Factory checked in at 2022-06-29 16:00:52 Comparing /work/SRC/openSUSE:Factory/python39 (Old) and /work/SRC/openSUSE:Factory/.python39.new.1548 (New) Package is "python39" Wed Jun 29 16:00:52 2022 rev:31 rq:985337 version:3.9.13 Changes: --- /work/SRC/openSUSE:Factory/python39/python39.changes2022-06-19 21:10:34.850100851 +0200 +++ /work/SRC/openSUSE:Factory/.python39.new.1548/python39.changes 2022-06-29 16:01:41.804649737 +0200 @@ -421 +421 @@ - (bsc#1193179). + (bsc#1193179, bsc#1192249). Other differences: --
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2022-06-19 21:10:34
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.1548 (New)
Package is "python39"
Sun Jun 19 21:10:34 2022 rev:30 rq:983632 version:3.9.13
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2022-05-22
20:26:40.906198257 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.1548/python39.changes
2022-06-19 21:10:34.850100851 +0200
@@ -1,0 +2,13 @@
+Thu Jun 9 16:43:30 UTC 2022 - Matej Cepl
+
+- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
+ CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
+ command injection in the mailcap module.
+- Fix building of documentation and the universal configuration of the
+ %primary_interpreter.
+- (bsc#1196784, CVE-2022-25236) Rename patch:
+ support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
+ and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
+ as it was fully patched against CVE-2022-25236.
+
+---
@@ -253 +266 @@
-22.0.4)
+22.0.4, bnc#1186819, CVE-2021-3572)
Old:
support-expat-245.patch
New:
CVE-2015-20107-mailcap-unsafe-filenames.patch
support-expat-CVE-2022-25236-patched.patch
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.kzEuNe/_old 2022-06-19 21:10:38.058105622 +0200
+++ /var/tmp/diff_new_pack.kzEuNe/_new 2022-06-19 21:10:38.066105634 +0200
@@ -51,7 +51,11 @@
%define python_pkg_name python39
# Will provide the python3-* provides
# Will do the /usr/bin/python3 and all the core links
+%if 0%{?sle_version} || 0%{?suse_version} >= 1550
%define primary_interpreter 0
+%else
+%define primary_interpreter 1
+%endif
# We don't process beta signs well
%define folderversion 3.9.13
%define tarnamePython-%{tarversion}
@@ -151,9 +155,12 @@
# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mc...@suse.com
# skip a test failing on SLE-15
Patch34:skip-test_pyobject_freed_is_freed.patch
-# PATCH-FIX-UPSTREAM support-expat-245.patch jsc#SLE-21253 mc...@suse.com
+# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253
mc...@suse.com
# Makes Python resilient to changes of API of libexpat
-Patch35:support-expat-245.patch
+Patch35:support-expat-CVE-2022-25236-patched.patch
+# PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511
mc...@suse.com
+# avoid the command injection in the mailcap module.
+Patch36:CVE-2015-20107-mailcap-unsafe-filenames.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -181,12 +188,12 @@
BuildRequires: mpdecimal-devel
%endif
%if %{with doc}
-%if 0%{?suse_version} >= 1550
-BuildRequires: %{python_pkg_name}-Sphinx
-BuildRequires: %{python_pkg_name}-python-docs-theme >= 2022.1
-%else
+%if 0%{?sle_version} && 0%{?sle_version} <= 150300
BuildRequires: python3-Sphinx
BuildRequires: python3-python-docs-theme >= 2022.1
+%else
+BuildRequires: %{python_pkg_name}-Sphinx
+BuildRequires: %{python_pkg_name}-python-docs-theme >= 2022.1
%endif
%endif
%if %{with general}
@@ -404,16 +411,15 @@
%patch25 -p1
%patch29 -p1
%patch32 -p1
-%if 0%{?suse_version} <= 1500
-%patch33 -p1
-%endif
%if 0%{?sle_version} && 0%{?sle_version} <= 150300
+%patch33 -p1
%patch34 -p1
%endif
%if %{with mpdecimal}
%patch05 -p1
%endif
%patch35 -p1
+%patch36 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++ CVE-2015-20107-mailcap-unsafe-filenames.patch ++
>From c3e7f139b440d7424986204e9f3fc2275aea3377 Mon Sep 17 00:00:00 2001
From: Petr Viktorin
Date: Wed, 27 Apr 2022 18:17:33 +0200
Subject: [PATCH 1/4] gh-68966: Make mailcap refuse to match unsafe
filenames/types/params
---
Doc/library/mailcap.rst | 12
Lib/mailcap.py | 26
+-
Lib/test/test_mailcap.py|8
++-
Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst |4
+
4 files changed, 46 insertions(+), 4 deletions(-)
--- a/Doc/library/mailcap.rst
+++ b/Doc/library/mailcap.rst
@@ -60,6 +60,18 @@ standard. However, mailcap files are su
use) to determine whether or not the mailcap line applies.
:func:`findmatch`
will automatically check such conditions and skip the entry if the check
fails.
+ .. versionchanged:: 3.11
+
+ To
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python39 for openSUSE:Factory checked in at 2022-05-22 20:26:31 Comparing /work/SRC/openSUSE:Factory/python39 (Old) and /work/SRC/openSUSE:Factory/.python39.new.1538 (New) Package is "python39" Sun May 22 20:26:31 2022 rev:29 rq:978332 version:3.9.13 Changes: --- /work/SRC/openSUSE:Factory/python39/python39.changes2022-04-01 21:34:48.878350069 +0200 +++ /work/SRC/openSUSE:Factory/.python39.new.1538/python39.changes 2022-05-22 20:26:40.906198257 +0200 @@ -1,0 +2,171 @@ +Fri May 20 14:18:15 UTC 2022 - Matej Cepl + +- Update to 3.9.13: + - Core and Builtins +- gh-92311: Fixed a bug where setting frame.f_lineno to jump + over a list comprehension could misbehave or crash. +- gh-92112: Fix crash triggered by an evil custom mro() on + a metaclass. +- gh-92036: Fix a crash in subinterpreters related to the + garbage collector. When a subinterpreter is deleted, + untrack all objects tracked by its GC. To prevent a crash + in deallocator functions expecting objects to be tracked by + the GC, leak a strong reference to these objects on + purpose, so they are never deleted and their deallocator + functions are not called. Patch by Victor Stinner. +- gh-91421: Fix a potential integer overflow in + _Py_DecodeUTF8Ex. +- bpo-46775: Some Windows system error codes(>= 1) are + now mapped into the correct errno and may now raise + a subclass of OSError. Patch by Dong-hee Na. +- bpo-46962: Classes and functions that unconditionally + declared their docstrings ignoring the + --without-doc-strings compilation flag no longer do so. +- The classes affected are pickle.PickleBuffer, + testcapi.RecursingInfinitelyError, and types.GenericAlias. +- The functions affected are 24 methods in ctypes. +- Patch by Oleg Iarygin. +- bpo-36819: Fix crashes in built-in encoders with error + handlers that return position less or equal than the + starting position of non-encodable characters. + - Library +- gh-91581: utcfromtimestamp() no longer attempts to resolve + fold in the pure Python implementation, since the fold is + never 1 in UTC. In addition to being slightly faster in the + common case, this also prevents some errors when the + timestamp is close to datetime.min. Patch by Paul Ganssle. +- gh-92530: Fix an issue that occurred after interrupting + threading.Condition.notify(). +- gh-92049: Forbid pickling constants re._constants.SUCCESS + etc. Previously, pickling did not fail, but the result + could not be unpickled. +- bpo-47029: Always close the read end of the pipe used by + multiprocessing.Queue after the last write of buffered data + to the write end of the pipe to avoid BrokenPipeError at + garbage collection and at multiprocessing.Queue.close() + calls. Patch by G??ry Ogam. +- gh-91910: Add missing f prefix to f-strings in error + messages from the multiprocessing and asyncio modules. +- gh-91810: ElementTree method write() and function + tostring() now use the text file???s encoding (???UTF-8??? if not + available) instead of locale encoding in XML declaration + when encoding="unicode" is specified. +- gh-91832: Add required attribute to argparse.Action repr + output. +- gh-91734: Fix OSS audio support on Solaris. +- gh-91700: Compilation of regular expression containing + a conditional expression (?(group)...) now raises an + appropriate re.error if the group number refers to not + defined group. Previously an internal RuntimeError was + raised. +- gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown + the per test event loop executor before returning from its + run method so that a not yet stopped or garbage collected + executor state does not persist beyond the test. +- gh-90568: Parsing \N escapes of Unicode Named Character + Sequences in a regular expression raises now re.error + instead of TypeError. +- gh-91595: Fix the comparison of character and integer + inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu. +- gh-90622: Worker processes for + concurrent.futures.ProcessPoolExecutor are no longer + spawned on demand (a feature added in 3.9) when the + multiprocessing context start method is "fork" as that can + lead to deadlocks in the child processes due to a fork + happening while threads are running. +- gh-91575: Update case-insensitive matching in the re module + to the latest Unicode version. +- gh-91581: Remove an unhandled error case in the + C implementation of calls to
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python39 for openSUSE:Factory checked in at 2022-04-01 21:34:46 Comparing /work/SRC/openSUSE:Factory/python39 (Old) and /work/SRC/openSUSE:Factory/.python39.new.1900 (New) Package is "python39" Fri Apr 1 21:34:46 2022 rev:28 rq:965121 version:3.9.12 Changes: --- /work/SRC/openSUSE:Factory/python39/python39.changes2022-02-23 16:25:41.619507206 +0100 +++ /work/SRC/openSUSE:Factory/.python39.new.1900/python39.changes 2022-04-01 21:34:48.878350069 +0200 @@ -1,0 +2,220 @@ +Sat Mar 26 22:22:24 UTC 2022 - Matej Cepl + +- Update to 3.9.12: + - bpo-46968: Check for the existence of the ???sys/auxv.h??? header +in faulthandler to avoid compilation problems in systems +where this header doesn???t exist. Patch by Pablo Galindo + - bpo-47101: hashlib.algorithms_available now lists only +algorithms that are provided by activated crypto providers on +OpenSSL 3.0. Legacy algorithms are not listed unless the +legacy provider has been loaded into the default OSSL +context. + - bpo-23691: Protect the re.finditer() iterator from +re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to +avoid a ???zipfile.BadZipFile: Bad CRC-32 for file??? exception +when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use +zlib???c crc32 to work properly on inputs 4+GiB in length +instead of returning the wrong result. The workaround prior +to this was to always feed the function data in increments +smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of +the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, +imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, +sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail +when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been +deprecated since at least Python 3.6. Their documentation has +now been updated to note they will removed in Python 3.12 +(PEP 594). + - bpo-46421: Fix a unittest issue where if the command was +invoked as python -m unittest and the filename(s) began with +a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + - bpo-14156: argparse.FileType now supports an argument of ???-??? +in binary mode, returning the .buffer attribute of +sys.stdin/sys.stdout as appropriate. Modes including ???x??? and +???a??? are treated equivalently to ???w??? when argument is ???-???. +Patch contributed by Josh Rosenberg + +- Update to 3.9.11: + - bpo-46852: Rename the private undocumented +float.__set_format__() method to float.__setformat__() to fix +a typo introduced in Python 3.7. The method is only used by +test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46762: Fix an assert failure in debug builds when a ??, or ???=??? is the last character in an f-string that???s +missing a closing right brace. + - bpo-46732: Correct the docstring for the __bool__() method. +Patch by Jelle Zijlstra. + - bpo-40479: Add a missing call to va_end() in +Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in +setobject.c, acquire strong references to the resulting items +from the set. This prevents crashes in corner-cases of +various set operations where the set gets mutated. + - bpo-43721: Fix docstrings of getter, setter, and deleter to +clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape +sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ +attribute: the internal function add_subclass() now gets the +PyTypeObject.tp_subclasses member after calling +PyWeakref_NewRef() which can trigger a garbage collection +which can indirectly modify PyTypeObject.tp_subclasses. Patch +by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo???s module_free +function to resolve a crash on wasm32-emscripten platform. + - bpo-43253: Fix a crash when closing transports where the +underlying socket handle is already invalid on the Proactor +event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, +including bugfix for EntryPoint.extras, which was returning +match objects and not
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2022-02-23 16:25:35
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.1958 (New)
Package is "python39"
Wed Feb 23 16:25:35 2022 rev:27 rq:956584 version:3.9.10
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2022-01-23
16:25:44.748570426 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.1958/python39.changes
2022-02-23 16:25:41.619507206 +0100
@@ -1,0 +2,6 @@
+Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik
+
+- Add patch support-expat-245.patch:
+ * Support Expat >= 2.4.5
+
+---
New:
support-expat-245.patch
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.2Z73ov/_old 2022-02-23 16:25:42.711507246 +0100
+++ /var/tmp/diff_new_pack.2Z73ov/_new 2022-02-23 16:25:42.715507245 +0100
@@ -151,6 +151,8 @@
# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mc...@suse.com
# skip a test failing on SLE-15
Patch34:skip-test_pyobject_freed_is_freed.patch
+# PATCH-FIX-UPSTREAM bpo-46811
gh#python/cpython#336a916f75642dfe2d87e237981686051d5d51f8
+Patch35:support-expat-245.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -410,6 +412,7 @@
%if %{with mpdecimal}
%patch05 -p1
%endif
+%patch35 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++ support-expat-245.patch ++
>From 336a916f75642dfe2d87e237981686051d5d51f8 Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
<31488909+miss-isling...@users.noreply.github.com>
Date: Mon, 21 Feb 2022 08:16:23 -0800
Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453)
(GH-31469)
Curly brackets were never allowed in namespace URIs
according to RFC 3986, and so-called namespace-validating
XML parsers have the right to reject them a invalid URIs.
libexpat >=2.4.5 has become strcter in that regard due to
related security issues; with ET.XML instantiating a
namespace-aware parser under the hood, this test has no
future in CPython.
References:
- https://datatracker.ietf.org/doc/html/rfc3968
- https://www.w3.org/TR/xml-names/
Also, test_minidom.py: Support Expat >=2.4.5
(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e)
Co-authored-by: Sebastian Pipping
Co-authored-by: Sebastian Pipping
---
Lib/test/test_minidom.py| 17 +++--
Lib/test/test_xml_etree.py | 6 --
.../2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst| 1 +
3 files changed, 16 insertions(+), 8 deletions(-)
create mode 100644
Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
diff --git a/Lib/test/test_minidom.py b/Lib/test/test_minidom.py
index 1663b1f1143dd..97620258d82f6 100644
--- a/Lib/test/test_minidom.py
+++ b/Lib/test/test_minidom.py
@@ -6,10 +6,12 @@
from test import support
import unittest
+import pyexpat
import xml.dom.minidom
from xml.dom.minidom import parse, Node, Document, parseString
from xml.dom.minidom import getDOMImplementation
+from xml.parsers.expat import ExpatError
tstfile = support.findfile("test.xml", subdir="xmltestdata")
@@ -1147,7 +1149,13 @@ def testEncodings(self):
# Verify that character decoding errors raise exceptions instead
# of crashing
-self.assertRaises(UnicodeDecodeError, parseString,
+if pyexpat.version_info >= (2, 4, 5):
+self.assertRaises(ExpatError, parseString,
+b'')
+self.assertRaises(ExpatError, parseString,
+b'Comment \xe7a va ? Tr\xe8s bien ?')
+else:
+self.assertRaises(UnicodeDecodeError, parseString,
b'Comment \xe7a va ? Tr\xe8s bien
?')
doc.unlink()
@@ -1609,7 +1617,12 @@ def testEmptyXMLNSValue(self):
self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE)
def testExceptionOnSpacesInXMLNSValue(self):
-with self.assertRaisesRegex(ValueError, 'Unsupported syntax'):
+if pyexpat.version_info >= (2, 4, 5):
+context = self.assertRaisesRegex(ExpatError, 'syntax error')
+else:
+context = self.assertRaisesRegex(ValueError, 'Unsupported syntax')
+
+with context:
parseString('')
def testDocRemoveChild(self):
diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py
index 8cdf451fbdbac..762b0bfed2c33 100644
--- a/Lib/test/test_xml_etree.py
+++ b/Lib/test/test_xml_etree.py
@@ -2168,12 +2168,6 @@ def
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2022-01-23 16:25:40
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.1938 (New)
Package is "python39"
Sun Jan 23 16:25:40 2022 rev:26 rq:947754 version:3.9.10
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2021-12-09
19:45:08.497119747 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.1938/python39.changes
2022-01-23 16:25:44.748570426 +0100
@@ -1,0 +2,6 @@
+Wed Jan 19 21:50:04 UTC 2022 - Matej Cepl
+
+- Update to 3.9.10:
+ Bugfix-only release
+
+---
Old:
Python-3.9.9.tar.xz
Python-3.9.9.tar.xz.asc
New:
Python-3.9.10.tar.xz
Python-3.9.10.tar.xz.asc
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.ESKwRy/_old 2022-01-23 16:25:46.200560501 +0100
+++ /var/tmp/diff_new_pack.ESKwRy/_new 2022-01-23 16:25:46.204560473 +0100
@@ -1,7 +1,7 @@
#
# spec file
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -53,7 +53,7 @@
# Will do the /usr/bin/python3 and all the core links
%define primary_interpreter 0
# We don't process beta signs well
-%define folderversion 3.9.9
+%define folderversion 3.9.10
%define tarnamePython-%{tarversion}
%define sitedir %{_libdir}/python%{python_version}
# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
@@ -89,7 +89,7 @@
%define dynlib()
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
-Version:3.9.9
+Version:3.9.10
Release:0
Summary:Python 3 Interpreter
License:Python-2.0
@@ -180,10 +180,10 @@
%if %{with doc}
%if 0%{?suse_version} >= 1550
BuildRequires: %{python_pkg_name}-Sphinx
-BuildRequires: %{python_pkg_name}-python-docs-theme
+BuildRequires: %{python_pkg_name}-python-docs-theme >= 2022.1
%else
BuildRequires: python3-Sphinx
-BuildRequires: python3-python-docs-theme
+BuildRequires: python3-python-docs-theme >= 2022.1
%endif
%endif
%if %{with general}
++ Python-3.9.9.tar.xz -> Python-3.9.10.tar.xz ++
/work/SRC/openSUSE:Factory/python39/Python-3.9.9.tar.xz
/work/SRC/openSUSE:Factory/.python39.new.1938/Python-3.9.10.tar.xz differ: char
27, line 1
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2021-12-09 19:45:04
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.2520 (New)
Package is "python39"
Thu Dec 9 19:45:04 2021 rev:25 rq:934643 version:3.9.9
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2021-11-21
23:52:00.570286319 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.2520/python39.changes
2021-12-09 19:45:08.497119747 +0100
@@ -1,0 +2,10 @@
+Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl
+
+- Remove shebangs from from python-base libraries in _libdir
+ (bsc#1193179).
+- Readjust patches:
+ - bpo-31046_ensurepip_honours_prefix.patch
+ - decimal.patch
+ - python-3.3.0b1-fix_date_time_compiler.patch
+
+---
@@ -88,0 +99,6 @@
+
+---
+Sat Nov 6 13:45:01 UTC 2021 - Matej Cepl
+
+- rpm-build-python dependency is available on the current
+ Factory, not with SLE.
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.zMTqcb/_old 2021-12-09 19:45:09.305120137 +0100
+++ /var/tmp/diff_new_pack.zMTqcb/_new 2021-12-09 19:45:09.309120138 +0100
@@ -124,13 +124,13 @@
# to /usr/local if executable is /usr/bin/python* and RPM build
# is not detected to make pip and distutils install into separate location
Patch02:F00251-change-user-install-location.patch
-# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch
gh#python/cpython#8057 mc...@suse.com
-# Improve reproduceability
-Patch06:distutils-reproducible-compile.patch
# PATCH-FEATURE-UPSTREAM decimal.patch bsc#1189356 mc...@suse.com
# fix building with mpdecimal
# https://www.bytereef.org/contrib/decimal.diff
Patch05:decimal.patch
+# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch
gh#python/cpython#8057 mc...@suse.com
+# Improve reproduceability
+Patch06:distutils-reproducible-compile.patch
# support finding packages in /usr/local, install to /usr/local by default
Patch07:python-3.3.0b1-localpath.patch
# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible
builds
@@ -159,8 +159,6 @@
BuildRequires: netcfg
BuildRequires: openssl-devel
BuildRequires: pkgconfig
-# The provider for python(abi) is in rpm-build-python
-BuildRequires: rpm-build-python
BuildRequires: xz
BuildRequires: pkgconfig(bzip2)
BuildRequires: pkgconfig(expat)
@@ -168,6 +166,10 @@
BuildRequires: pkgconfig(uuid)
BuildRequires: pkgconfig(zlib)
#!BuildIgnore: gdk-pixbuf-loader-rsvg
+%if 0%{?suse_version} >= 1550
+# The provider for python(abi) is in rpm-build-python
+BuildRequires: rpm-build-python
+%endif
%if 0%{?suse_version} >= 1500
BuildRequires: pkgconfig(libnsl)
BuildRequires: pkgconfig(libtirpc)
@@ -412,6 +414,7 @@
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
+%if %{primary_interpreter}
# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to
/usr/bin/python3
for dir in Lib Tools; do
# find *.py, filter to files that contain bad shebangs
@@ -420,6 +423,13 @@
| xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \
| xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env
+)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@'
done
+%else
+# For non-primary Python, just don't bother (bsc#1193179) and remove all
+# those shebangs
+for dir in Lib Tools; do
+find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \;
+done
+%endif
# drop in-tree libffi and expat
rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin
++ bpo-31046_ensurepip_honours_prefix.patch ++
--- /var/tmp/diff_new_pack.zMTqcb/_old 2021-12-09 19:45:09.405120185 +0100
+++ /var/tmp/diff_new_pack.zMTqcb/_new 2021-12-09 19:45:09.405120185 +0100
@@ -55,7 +55,7 @@
.. note::
--- a/Lib/ensurepip/__init__.py
+++ b/Lib/ensurepip/__init__.py
-@@ -56,27 +56,27 @@ def _disable_pip_configuration_settings(
+@@ -52,27 +52,27 @@ def _disable_pip_configuration_settings(
os.environ['PIP_CONFIG_FILE'] = os.devnull
@@ -88,7 +88,7 @@
Note that calling this function will alter both sys.path and os.environ.
"""
-@@ -119,6 +119,8 @@ def _bootstrap(*, root=None, upgrade=Fal
+@@ -115,6 +115,8 @@ def _bootstrap(*, root=None, upgrade=Fal
args = ["install", "--no-cache-dir", "--no-index", "--find-links",
tmpdir]
if root:
args += ["--root", root]
@@ -97,7 +97,7 @@
if upgrade:
args += ["--upgrade"]
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python39 for openSUSE:Factory checked in at 2021-11-21 23:51:42 Comparing /work/SRC/openSUSE:Factory/python39 (Old) and /work/SRC/openSUSE:Factory/.python39.new.1895 (New) Package is "python39" Sun Nov 21 23:51:42 2021 rev:24 rq:931924 version:3.9.9 Changes: --- /work/SRC/openSUSE:Factory/python39/python39.changes2021-10-25 15:16:52.229654514 +0200 +++ /work/SRC/openSUSE:Factory/.python39.new.1895/python39.changes 2021-11-21 23:52:00.570286319 +0100 @@ -1,0 +2,96 @@ +Wed Nov 17 09:49:22 UTC 2021 - Steve Kowalik + +- Update to 3.9.9: + * Core and Builtins ++ bpo-30570: Fixed a crash in issubclass() from infinite recursion when searching pathological __bases__ tuples. ++ bpo-45494: Fix parser crash when reporting errors involving invalid continuation characters. Patch by Pablo Galindo. ++ bpo-45385: Fix reference leak from descr_check. Patch by Dong-hee Na. ++ bpo-45167: Fix deepcopying of types.GenericAlias objects. ++ bpo-44219: Release the GIL while performing isatty system calls on arbitrary file descriptors. In particular, this affects os.isatty(), os.device_encoding() and io.TextIOWrapper. By extension, io.open() in text mode is also affected. This change solves a deadlock in os.isatty(). Patch by Vincent Michel in bpo-44219. ++ bpo-44959: Added fallback to extension modules with ???.sl??? suffix on HP-UX ++ bpo-44050: Extensions that indicate they use global state (by setting m_size to -1) can again be used in multiple interpreters. This reverts to behavior of Python 3.8. ++ bpo-45121: Fix issue where Protocol.__init__ raises RecursionError when it???s called directly or via super(). Patch provided by Yurii Karabas. ++ bpo-45083: When the interpreter renders an exception, its name now has a complete qualname. Previously only the class name was concatenated to the module name, which sometimes resulted in an incorrect full name being displayed. ++ bpo-45738: Fix computation of error location for invalid continuation characters in the parser. Patch by Pablo Galindo. ++ Library ++ bpo-45678: Fix bug in Python 3.9 that meant functools.singledispatchmethod failed to properly wrap the attributes of the target method. Patch by Alex Waygood. ++ bpo-45679: Fix caching of multi-value typing.Literal. Literal[True, 2] is no longer equal to Literal[1, 2]. ++ bpo-45438: Fix typing.Signature string representation for generic builtin types. ++ bpo-45581: sqlite3.connect() now correctly raises MemoryError if the underlying SQLite API signals memory error. Patch by Erlend E. Aasland. ++ bpo-39679: Fix bug in functools.singledispatchmethod that caused it to fail when attempting to register a classmethod() or staticmethod() using type annotations. Patch contributed by Alex Waygood. ++ bpo-45515: Add references to zoneinfo in the datetime documentation, mostly replacing outdated references to dateutil.tz. Change by Paul Ganssle. ++ bpo-45467: Fix incremental decoder and stream reader in the ???raw-unicode-escape??? codec. Previously they failed if the escape sequence was split. ++ bpo-45461: Fix incremental decoder and stream reader in the ???unicode-escape??? codec. Previously they failed if the escape sequence was split. ++ bpo-45239: Fixed email.utils.parsedate_tz() crashing with UnboundLocalError on certain invalid input instead of returning None. Patch by Ben Hoyt. ++ bpo-44904: Fix bug in the doctest module that caused it to fail if a docstring included an example with a classmethod property. Patch by Alex Waygood. ++ bpo-45406: Make inspect.getmodule() catch FileNotFoundError raised by :???func:inspect.getabsfile, and return None to indicate that the module could not be determined. ++ bpo-45262: Prevent use-after-free in asyncio. Make sure the cached running loop holder gets cleared on dealloc to prevent use-after-free in get_running_loop ++ bpo-45386: Make xmlrpc.client more robust to C runtimes where the underlying C strftime function results in a ValueError when testing for year formatting options. ++ bpo-45371: Fix clang rpath issue in distutils. The UnixCCompiler now uses correct clang option to add a runtime library directory (rpath) to a shared library. ++ bpo-20028: Improve error message of csv.Dialect when initializing. Patch by Vajrasky Kok and Dong-hee Na. ++ bpo-45343: Update bundled pip to 21.2.4 and setuptools to 58.1.0 ++ bpo-41710: On Unix, if the sem_clockwait() function is available in the C library (glibc 2.30 and newer), the threading.Lock.acquire() method now uses the monotonic clock (time.CLOCK_MONOTONIC) for the timeout, rather than using the system clock
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python39 for openSUSE:Factory checked in at 2021-10-25 15:16:44 Comparing /work/SRC/openSUSE:Factory/python39 (Old) and /work/SRC/openSUSE:Factory/.python39.new.1890 (New) Package is "python39" Mon Oct 25 15:16:44 2021 rev:23 rq:925076 version:3.9.7 Changes: --- /work/SRC/openSUSE:Factory/python39/python39.changes2021-09-20 23:32:29.355124364 +0200 +++ /work/SRC/openSUSE:Factory/.python39.new.1890/python39.changes 2021-10-25 15:16:52.229654514 +0200 @@ -1,0 +2,9 @@ +Wed Oct 13 08:51:46 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +--- Other differences: -- ++ python39.spec ++ --- /var/tmp/diff_new_pack.1Xrc8p/_old 2021-10-25 15:16:53.009655002 +0200 +++ /var/tmp/diff_new_pack.1Xrc8p/_new 2021-10-25 15:16:53.013655004 +0200 @@ -159,6 +159,8 @@ BuildRequires: netcfg BuildRequires: openssl-devel BuildRequires: pkgconfig +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python BuildRequires: xz BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(expat)
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python39 for openSUSE:Factory checked in at 2021-09-20 23:32:04 Comparing /work/SRC/openSUSE:Factory/python39 (Old) and /work/SRC/openSUSE:Factory/.python39.new.1899 (New) Package is "python39" Mon Sep 20 23:32:04 2021 rev:22 rq:919259 version:3.9.7 Changes: --- /work/SRC/openSUSE:Factory/python39/python39.changes2021-09-11 22:24:20.783375719 +0200 +++ /work/SRC/openSUSE:Factory/.python39.new.1899/python39.changes 2021-09-20 23:32:29.355124364 +0200 @@ -242,3 +242,3 @@ -- bpo-44022: mod:http.client now avoids infinitely reading - potential HTTP headers after a 100 Continue status response - from the server. +- bpo-44022 (bsc#1189241, CVE-2021-3737): http.client now + avoids infinitely reading potential HTTP headers after + a 100 Continue status response from the server. @@ -353,7 +353,7 @@ -- bpo-43075: Fix Regular Expression Denial of Service (ReDoS) - vulnerability in urllib.request.AbstractBasicAuthHandler. - The ReDoS-vulnerable regex has quadratic worst-case - complexity and it allows cause a denial of service when - identifying crafted invalid RFCs. This ReDoS issue is on - the client side and needs remote attackers to control the - HTTP server. +- bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular + Expression Denial of Service (ReDoS) vulnerability in + urllib.request.AbstractBasicAuthHandler. The + ReDoS-vulnerable regex has quadratic worst-case complexity + and it allows cause a denial of service when identifying + crafted invalid RFCs. This ReDoS issue is on the client + side and needs remote attackers to control the HTTP server. Other differences: --
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2021-09-11 22:24:13
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.1899 (New)
Package is "python39"
Sat Sep 11 22:24:13 2021 rev:21 rq:917360 version:3.9.7
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2021-08-12
09:01:58.914120800 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.1899/python39.changes
2021-09-11 22:24:20.783375719 +0200
@@ -1,0 +2,236 @@
+Tue Aug 31 10:17:28 UTC 2021 - Matej Cepl
+
+- Update to 3.9.7:
+ - Security
+- Replaced usage of tempfile.mktemp() with TemporaryDirectory
+ to avoid a potential race condition.
+- Add auditing events to the marshal module, and stop raising
+ code.__init__ events for every unmarshalled code object.
+ Directly instantiated code objects will continue to raise
+ an event, and audit event handlers should inspect or
+ collect the raw marshal data. This reduces a significant
+ performance overhead when loading from .pyc files.
+- Made the internal putcmd function in smtplib sanitize input
+ for presence of \r and \n characters to avoid (unlikely)
+ command injection.
+ - Core and Builtins
+- Fixed pickling of range iterators that iterated for over
+ 2**32 times.
+- Fix a race in WeakKeyDictionary, WeakValueDictionary and
+ WeakSet when two threads attempt to commit the last pending
+ removal. This fixes asyncio.create_task and fixes a data
+ loss in asyncio.run where shutdown_asyncgens is not run
+- Fixed a corner case bug where the result of
+ float.fromhex('0x.8p-1074') was rounded the wrong way.
+- Refine the syntax error for trailing commas in import
+ statements. Patch by Pablo Galindo.
+- Restore behaviour of complex exponentiation with
+ integer-valued exponent of type float or complex.
+- Correct the ast locations of f-strings with format specs
+ and repeated expressions. Patch by Pablo Galindo
+- Use new trashcan macros (Py_TRASHCAN_BEGIN/END) in
+ frameobject.c instead of the old ones
+ (Py_TRASHCAN_SAFE_BEGIN/END).
+- Fix segmentation fault with deep recursion when cleaning
+ method objects. Patch by Augusto Goulart and Pablo Galindo.
+- Fix bug where PyErr_SetObject hangs when the current
+ exception has a cycle in its context chain.
+- Fix reference leaks in the error paths of update_bases()
+ and __build_class__. Patch by Pablo Galindo.
+- Fix undefined behaviour in complex object exponentiation.
+- Remove uses of PyObject_GC_Del() in error path when
+ initializing types.GenericAlias.
+- Remove the pass-through for hash() of weakref.proxy objects
+ to prevent unintended consequences when the original
+ referred object dies while the proxy is part of a hashable
+ object. Patch by Pablo Galindo.
+- Fix ltrace functionality when exceptions are raised. Patch
+ by Pablo Galindo
+- Fix a crash at Python exit when a deallocator function
+ removes the last strong reference to a heap type. Patch by
+ Victor Stinner.
+- Fix crash when using passing a non-exception to
+ a generator???s throw() method. Patch by Noah Oxer
+ - Library
+- run() now always return a TestResult instance. Previously
+ it returned None if the test class or method was decorated
+ with a skipping decorator.
+- Fix bugs in cleaning up classes and modules in unittest:
+- Functions registered with addModuleCleanup() were not
+ called unless the user defines tearDownModule() in
+ their test module.
+- Functions registered with addClassCleanup() were not
+ called if tearDownClass is set to None.
+- Buffering in TestResult did not work with functions
+ registered with addClassCleanup() and
+ addModuleCleanup().
+- Errors in functions registered with addClassCleanup()
+ and addModuleCleanup() were not handled correctly in
+ buffered and debug modes.
+- Errors in setUpModule() and functions registered with
+ addModuleCleanup() were reported in wrong order.
+- And several lesser bugs.
+- Made email date parsing more robust against malformed
+ input, namely a whitespace-only Date: header. Patch by
+ Wouter Bolsterlee.
+- Fix a crash in the signal handler of the faulthandler
+ module: no longer modify the reference count of frame
+ objects. Patch by Victor Stinner.
+- Method stopTestRun() is now always called in pair with
+ method startTestRun() for TestResult objects implicitly
+ created in run(). Previously
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python39 for openSUSE:Factory checked in at 2021-08-12 09:01:09 Comparing /work/SRC/openSUSE:Factory/python39 (Old) and /work/SRC/openSUSE:Factory/.python39.new.1899 (New) Package is "python39" Thu Aug 12 09:01:09 2021 rev:20 rq:911061 version:3.9.6 Changes: --- /work/SRC/openSUSE:Factory/python39/python39.changes2021-08-05 20:47:44.095956826 +0200 +++ /work/SRC/openSUSE:Factory/.python39.new.1899/python39.changes 2021-08-12 09:01:58.914120800 +0200 @@ -1,0 +2,56 @@ +Mon Aug 9 11:14:15 UTC 2021 - Fusion Future + +- Update to 3.9.6: + * Security +- bpo-44022: mod:http.client now avoids infinitely reading + potential HTTP headers after a 100 Continue status response + from the server. + * Core and Builtins +- bpo-44168: Fix error message in the parser involving keyword + arguments with invalid expressions. Patch by Pablo Galindo +- bpo-44114: Fix incorrect dictkeys_reversed and + dictitems_reversed function signatures in C code, which broke + webassembly builds. +- bpo-44070: No longer eagerly makes import filenames absolute, + except for extension modules, which was introduced in 3.9.5. +- bpo-28146: Fix a confusing error message in str.format(). +- bpo-11105: When compiling ast.AST objects with recursive + references through compile(), the interpreter doesn???t crash + anymore instead it raises a RecursionError. + * Library +- bpo-43972: When http.server.SimpleHTTPRequestHandler sends a + 301 (Moved Permanently) for a directory path not ending with + /, add a Content-Length: 0 header. This improves the behavior + for certain clients. +- bpo-43776: When subprocess.Popen args are provided as a + string or as pathlib.Path, the Popen instance repr now shows + the right thing. +- bpo-43318: Fix a bug where pdb does not always echo cleared + breakpoints. +- bpo-43295: datetime.datetime.strptime() now raises ValueError + instead of IndexError when matching 'z' with the %z format + specifier. +- bpo-37022: pdb now displays exceptions from repr() with its p + and pp commands. + * IDLE +- bpo-33962: Move the indent space setting from the Font tab to + the new Windows tab. Patch by Mark Roseman and Terry Jan + Reedy. +- bpo-40468: Split the settings dialog General tab into Windows + and Shell/ED tabs. Move help sources, which extend the Help + menu, to the Extensions tab. Make space for new options and + shorten the dialog. The latter makes the dialog better fit + small screens. +- bpo-41611: Avoid uncaught exceptions in + AutoCompleteWindow.winconfig_event(). +- bpo-41611: Fix IDLE sometimes freezing upon tab-completion on + macOS. + * Tools/Demos +- bpo-44074: Make patchcheck automatically detect the correct + base branch name (previously it was hardcoded to ???master???) +- Upstreamed patches were removed: + - bpo44426-complex-keyword-sphinx.patch +- Refreshed patches: + - subprocess-raise-timeout.patch + +--- @@ -53,8 +109,8 @@ -- bpo-36384: ipaddress module no longer accepts any leading - zeros in IPv4 address strings. Leading zeros are ambiguous - and interpreted as octal notation by some libraries. For - example the legacy function socket.inet_aton() treats - leading zeros as octal notatation. glibc implementation of - modern inet_pton() does not accept any leading zeros. For - a while the ipaddress module used to accept ambiguous - leading zeros. +- bpo-36384 (bsc#1185706, CVE-2021-29921): ipaddress module + no longer accepts any leading zeros in IPv4 address + strings. Leading zeros are ambiguous and interpreted as + octal notation by some libraries. For example the legacy + function socket.inet_aton() treats leading zeros as octal + notatation. glibc implementation of modern inet_pton() does + not accept any leading zeros. For a while the ipaddress + module used to accept ambiguous leading zeros. Old: Python-3.9.5.tar.xz Python-3.9.5.tar.xz.asc bpo44426-complex-keyword-sphinx.patch New: Python-3.9.6.tar.xz Python-3.9.6.tar.xz.asc Other differences: -- ++ python39.spec ++ --- /var/tmp/diff_new_pack.wPHpZr/_old 2021-08-12 09:01:59.558119773 +0200 +++ /var/tmp/diff_new_pack.wPHpZr/_new 2021-08-12 09:01:59.558119773 +0200 @@ -53,7 +53,7 @@ # Will do the /usr/bin/python3 and all the core links %define primary_interpreter 0 # We don't process beta signs well -%define
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2021-08-05 20:47:36
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.1899 (New)
Package is "python39"
Thu Aug 5 20:47:36 2021 rev:19 rq:909796 version:3.9.5
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2021-06-23
17:38:08.912464582 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.1899/python39.changes
2021-08-05 20:47:44.095956826 +0200
@@ -1,0 +2,6 @@
+Mon Aug 2 12:36:47 UTC 2021 - Matej Cepl
+
+- Use versioned python-Sphinx to avoid dependency on other
+ version of Python (bsc#1183858).
+
+---
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.HqBrJf/_old 2021-08-05 20:47:45.011955797 +0200
+++ /var/tmp/diff_new_pack.HqBrJf/_new 2021-08-05 20:47:45.015955793 +0200
@@ -169,9 +169,9 @@
BuildRequires: pkgconfig(libtirpc)
%endif
%if %{with doc}
-BuildRequires: python3-Sphinx
+BuildRequires: %{python_pkg_name}-Sphinx
%if 0%{?suse_version} >= 1500
-BuildRequires: python3-python-docs-theme
+BuildRequires: %{python_pkg_name}-python-docs-theme
%endif
%endif
%if %{with general}
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2021-06-23 17:38:06
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.2625 (New)
Package is "python39"
Wed Jun 23 17:38:06 2021 rev:18 rq:900835 version:3.9.5
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2021-06-11
22:30:05.634069891 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.2625/python39.changes
2021-06-23 17:38:08.912464582 +0200
@@ -1,0 +2,6 @@
+Sat Jun 19 00:12:04 UTC 2021 - Matej Cepl
+
+- Add bpo44426-complex-keyword-sphinx.patch allowing generating
+ documentation with Sphinx 4 (bpo#44426).
+
+---
New:
bpo44426-complex-keyword-sphinx.patch
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.eHbfv0/_old 2021-06-23 17:38:09.616465550 +0200
+++ /var/tmp/diff_new_pack.eHbfv0/_new 2021-06-23 17:38:09.620465556 +0200
@@ -145,6 +145,10 @@
# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mc...@suse.com
# skip a test failing on SLE-15
Patch34:skip-test_pyobject_freed_is_freed.patch
+# PATCH-FIX-UPSTREAM bpo44426-complex-keyword-sphinx.patch bpo#44426
mc...@suse.com
+# Use of 'complex' as a C variable name confuses Sphinx; change it to 'num'
+# The same goes for 'default', which I had to change to 'def_size'
+Patch35:bpo44426-complex-keyword-sphinx.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -391,6 +395,7 @@
%if 0%{?sle_version} && 0%{?sle_version} <= 150300
%patch34 -p1
%endif
+%patch35 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++ bpo44426-complex-keyword-sphinx.patch ++
>From 29b463879b71a3ade67541c34daafb2929269fc4 Mon Sep 17 00:00:00 2001
From: Mark Dickinson
Date: Wed, 16 Jun 2021 18:43:49 +0100
Subject: [PATCH] bpo-44426: Use of 'complex' as a C variable name confuses
Sphinx; change it to 'num'. (GH-26744) (cherry picked from commit
7247f6f433846c6e37308a550e8e5eb6be379856)
Co-authored-by: Mark Dickinson
---
Doc/c-api/complex.rst |4 ++--
Doc/c-api/object.rst |4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
--- a/Doc/c-api/complex.rst
+++ b/Doc/c-api/complex.rst
@@ -46,9 +46,9 @@ pointers. This is consistent throughout
:c:type:`Py_complex` representation.
-.. c:function:: Py_complex _Py_c_neg(Py_complex complex)
+.. c:function:: Py_complex _Py_c_neg(Py_complex num)
- Return the negation of the complex number *complex*, using the C
+ Return the negation of the complex number *num*, using the C
:c:type:`Py_complex` representation.
--- a/Doc/c-api/object.rst
+++ b/Doc/c-api/object.rst
@@ -483,12 +483,12 @@ Object Protocol
returned. This is the equivalent to the Python expression ``len(o)``.
-.. c:function:: Py_ssize_t PyObject_LengthHint(PyObject *o, Py_ssize_t default)
+.. c:function:: Py_ssize_t PyObject_LengthHint(PyObject *o, Py_ssize_t
def_size)
Return an estimated length for the object *o*. First try to return its
actual length, then an estimate using :meth:`~object.__length_hint__`, and
finally return the default value. On error return ``-1``. This is the
- equivalent to the Python expression ``operator.length_hint(o, default)``.
+ equivalent to the Python expression ``operator.length_hint(o, def_size)``.
.. versionadded:: 3.4
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python39 for openSUSE:Factory checked in at 2021-05-12 19:31:06 Comparing /work/SRC/openSUSE:Factory/python39 (Old) and /work/SRC/openSUSE:Factory/.python39.new.2988 (New) Package is "python39" Wed May 12 19:31:06 2021 rev:16 rq:890781 version:3.9.5 Changes: --- /work/SRC/openSUSE:Factory/python39/python39.changes2021-05-02 18:35:36.529077487 +0200 +++ /work/SRC/openSUSE:Factory/.python39.new.2988/python39.changes 2021-05-12 19:31:09.647306387 +0200 @@ -1,0 +2,135 @@ +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security +- bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. +- bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. +- Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. +- bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. +- bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. +- bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. +- bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins +- bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. +- bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library +- bpo-43993: Update bundled pip to 21.1.1. +- bpo-43937: Fixed the turtle module working with non-default + root window. +- bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 +- bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. +- bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. +- bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module???s _syscmd_ver private function to return an + accurate version. +- bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released +- bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. +- bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) +- bpo-43789: OpenSSL 3.0.0: Don???t call the password callback + function a second time when first call has signaled an + error condition. +- bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL???s text file with error codes. +- bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. +- bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. +- bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. +- bpo-42967: Allow bytes
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python39 for openSUSE:Factory checked in at 2021-05-02 18:35:20 Comparing /work/SRC/openSUSE:Factory/python39 (Old) and /work/SRC/openSUSE:Factory/.python39.new.1947 (New) Package is "python39" Sun May 2 18:35:20 2021 rev:15 rq:889130 version:3.9.4 Changes: --- /work/SRC/openSUSE:Factory/python39/python39.changes2021-04-15 16:56:39.346602000 +0200 +++ /work/SRC/openSUSE:Factory/.python39.new.1947/python39.changes 2021-05-02 18:35:36.529077487 +0200 @@ -1,0 +2,104 @@ +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 +as it changed the PyThreadState struct size and broke the 3.9.x ABI +in the 3.9.3 release (visible on 32-bit platforms using binaries +compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed +the args from the shell command line, even if those have been +overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile +feature of the pydoc module which could be abused to read +arbitrary files on the disk (directory traversal +vulnerability). Moreover, even source code of Python modules +can contain sensitive data like passwords. Vulnerability +reported by David Schw??rer. + - bpo#43285: ftplib no longer trusts the IP address value +returned from the server in response to the PASV command by +default. This prevents a malicious FTP server from using the +response to probe IPv4 address and port combinations on the +client network. Code that requires the former vulnerable +behavior may set a trust_server_pasv_ipv4_address attribute +on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), +gc.get_referrers() and gc.get_referents(). Patch by Pablo +Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr +with a callable that can remove the object while an exception +is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for +invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using +from pkg.mod import attr, which caused false positives in +non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal +error if a command line argument contains an invalid Unicode +character. The Py_DecodeLocale() function now escapes byte +sequences which would be decoded as Unicode characters +outside the [U+; U+10] range. + - bpo#43406: Fix a possible race condition where +PyErr_CheckSignals tries to execute a non-Python signal +handler. + - bpo#42500: Improve handling of exceptions near recursion +limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query +and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a ???future??? instance +will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug +callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an +IndexError when there is an empty stdout or stderr IO buffer +during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where +doing AUTH LOGIN with initial_response_ok=False will fail. +The cause is that SMTP.auth_login _always_ returns a password +if provided with a challenge string, thus non-compliant with +the standard for AUTH LOGIN. Also fixes bug with the test for +smtpd. + - bpo#43332: Improves the networking efficiency of http.client +when using a proxy via set_tunnel(). Fewer small send calls +are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators +when using the Python implementation + - bpo#43316: The python -m gzip command line application now +properly fails when detecting an unsupported extension. It +exits with a non-zero exit code and prints an error message +to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer +forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating +destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn +introduced in Python 3.7. + - bpo#43199: Answer ???Why is there no goto in the Design and +History FAQ. + - bpo#43407:
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python39 for openSUSE:Factory checked in at 2021-04-15 16:56:36 Comparing /work/SRC/openSUSE:Factory/python39 (Old) and /work/SRC/openSUSE:Factory/.python39.new.12324 (New) Package is "python39" Thu Apr 15 16:56:36 2021 rev:14 rq:878395 version:3.9.2 Changes: --- /work/SRC/openSUSE:Factory/python39/python39.changes2021-02-25 18:26:57.686161933 +0100 +++ /work/SRC/openSUSE:Factory/.python39.new.12324/python39.changes 2021-04-15 16:56:39.346602000 +0200 @@ -8 +8 @@ - - bpo#42967 (bso#1182379): Fix web cache poisoning + - bpo#42967 (bsc#1182379): Fix web cache poisoning Other differences: --
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2021-02-25 18:26:50
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.2378 (New)
Package is "python39"
Thu Feb 25 18:26:50 2021 rev:13 rq:874156 version:3.9.2
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2021-02-16
22:50:27.990664712 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.2378/python39.changes
2021-02-25 18:26:57.686161933 +0100
@@ -0,0 +1,18 @@
+---
+Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl
+
+- Update to 3.9.2:
+ - bpo#42938 (bsc#1181126): Avoid static buffers when computing
+the repr of ctypes.c_double and ctypes.c_longdouble
+values. This issue was assigned CVE-2021-3177.
+ - bpo#42967 (bso#1182379): Fix web cache poisoning
+vulnerability by defaulting the query args separator to &,
+and allowing the user to choose a custom separator. This
+issue was assigned CVE-2021-23336.
+- Upstreamed patches were removed:
+ - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
+ - bsc1167501-invalid-alignment.patch
+ - skip_random_failing_tests.patch
+ - CVE-2019-5010-null-defer-x509-cert-DOS.patch
+
+---
Old:
CVE-2019-5010-null-defer-x509-cert-DOS.patch
CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
Python-3.9.1.tar.xz
Python-3.9.1.tar.xz.asc
bsc1167501-invalid-alignment.patch
skip_random_failing_tests.patch
New:
Python-3.9.2.tar.xz
Python-3.9.2.tar.xz.asc
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.VXGY7z/_old 2021-02-25 18:26:58.850162689 +0100
+++ /var/tmp/diff_new_pack.VXGY7z/_new 2021-02-25 18:26:58.854162692 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package python39
+# spec file for package python39-core
#
# Copyright (c) 2021 SUSE LLC
#
@@ -53,7 +53,7 @@
# Will do the /usr/bin/python3 and all the core links
%define primary_interpreter 0
# We don't process beta signs well
-%define folderversion 3.9.1
+%define folderversion 3.9.2
%define tarnamePython-%{tarversion}
%define sitedir %{_libdir}/python%{python_version}
# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
@@ -88,7 +88,7 @@
%bcond_without profileopt
%endif
Name: %{python_pkg_name}%{psuffix}
-Version:3.9.1
+Version:3.9.2
Release:0
Summary:Python 3 Interpreter
License:Python-2.0
@@ -127,27 +127,15 @@
Patch09:python-3.3.0b1-test-posix_fadvise.patch
# Raise timeout value for test_subprocess
Patch15:subprocess-raise-timeout.patch
-# skip some tests only for PowerPC
-Patch23:skip_random_failing_tests.patch
Patch25:python3-imp-returntype.patch
-# PATCH-FIX-UPSTREAM CVE-2019-5010-null-defer-x509-cert-DOS.patch bnc#1122191
mc...@suse.com
-# https://github.com/python/cpython/pull/11569
-# Fix segfault in ssl's cert parser
-Patch27:CVE-2019-5010-null-defer-x509-cert-DOS.patch
# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046
mc...@suse.com
# ensurepip should honour the value of $(prefix)
Patch29:bpo-31046_ensurepip_honours_prefix.patch
-# PATCH-FIX-UPSTREAM bsc1167501-invalid-alignment.patch
gh#python/cpython#19133 mc...@suse.com
-# Fix wrong misalignment of pointer to vectorcallfunc
-Patch31:bsc1167501-invalid-alignment.patch
# PATCH-FIX-UPSTREAM stop calling removed Sphinx function
gh#python/cpython#13236
Patch32:sphinx-update-removed-function.patch
# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mc...@suse.com
# SLE-15 version of Sphinx doesn't know about skipif directive in doctests.
Patch33:no-skipif-doctests.patch
-# PATCH-FIX-UPSTREAM CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch bsc#1181126
mc...@suse.com
-# buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to
remote code execution
-Patch34:CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
BuildRequires: automake
BuildRequires: fdupes
BuildRequires: gmp-devel
@@ -387,18 +375,12 @@
%patch08 -p1
%patch09 -p1
%patch15 -p1
-%ifarch ppc ppc64 ppc64le
-%patch23 -p1
-%endif
%patch25 -p1
-%patch27 -p1
%patch29 -p1
-%patch31 -p1
%patch32 -p1
-%if 0%{?suse_version} <= 1500
+# %%if 0%%{?suse_version} <= 1500
%patch33 -p1
-%endif
-%patch34 -p1
+# %%endif
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++ Python-3.9.1.tar.xz -> Python-3.9.2.tar.xz ++
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2021-02-16 22:40:04
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.28504 (New)
Package is "python39"
Tue Feb 16 22:40:04 2021 rev:12 rq:872780 version:3.9.1
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2021-01-31
16:52:22.688734401 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.28504/python39.changes
2021-02-16 22:50:27.990664712 +0100
@@ -0,0 +1,252 @@
+Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik
+
+- Add Obsoletes for python3-base when primary interpreter is set to
+ properly replace it during upgrades. (bsc#1181324)
+
+---
+Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl
+
+- Update to 3.9.1:
+ Security bugs:
+ - Prevented potential DoS attack via CPU and RAM exhaustion
+when processing malformed Apple Property List files in binary
+format.
+ - The plistlib module no longer accepts entity declarations in
+XML plist files to avoid XML vulnerabilities. This should not
+affect users as entity declarations are not used in regular
+plist files.
+ - Add volatile to the accumulator variable in
+hmac.compare_digest, making constant-time-defeating
+optimizations less likely.
+ Core and Builtins
+ - Allow assignment expressions in set literals and set
+comprehensions as per PEP 572. Patch by Pablo Galindo.
+ - Fix a regression introduced by the new parser, where an
+unparenthesized walrus operator was not allowed within
+generator expressions.
+ - types.GenericAlias objects can now be the targets of
+weakrefs.
+ - Fixed a bug in the PEG parser that was causing crashes in
+debug mode. Now errors are checked in left-recursive rules to
+avoid cases where such errors do not get handled in time and
+appear as long-distance crashes in other places.
+ - Fixed a possible crash in the PEG parser when checking for
+the ???!=??? token in the barry_as_flufl rule. Patch by Pablo
+Galindo.
+ - Fix handling of errors during creation of PyFunctionObject,
+which resulted in operations on uninitialized memory. Patch
+by Yonatan Goldschmidt.
+ - Fix a bug in the parser, where a curly brace following
+a primary didn???t fail immediately. This led to invalid
+expressions like a {b} to throw a SyntaxError with a wrong
+offset, or invalid expressions ending with a curly brace like
+a { to not fail immediately in the REPL.
+ - Fix possible buffer overflow in the new parser when checking
+for continuation lines. Patch by Pablo Galindo.
+ - Run the parser two times. On the first run, disable all the
+rules that only generate better error messages to gain
+performance. If there???s a parse failure, run the parser
+a second time with those enabled.
+ - Document the default implementation of object.__eq__.
+ - Fix peephole optimizer misoptimize conditional jump
++ JUMP_IF_NOT_EXC_MATCH pair.
+ - The garbage collector now tracks all user-defined classes.
+Patch by Brandt Bucher.
+ - Fixed potential issues with removing not completely
+initialized module from sys.modules when import fails.
+ - Star-unpacking is now allowed for with item???s targets in the
+PEG parser.
+ - Fixed stack overflow in issubclass() and isinstance() when
+getting the __bases__ attribute leads to infinite recursion.
+ - When loading a native module and a load failure occurs,
+prevent a possible UnicodeDecodeError when not running in
+a UTF-8 locale by decoding the load error message using the
+current locale???s encoding.
+ - Correctly count control blocks in ???except??? in compiler.
+Ensures that a syntax error, rather a fatal error, occurs for
+deeply nested, named exception handlers.
+ Library
+ - types.GenericAlias will now raise a TypeError when attempting
+to initialize with a keyword argument. Previously, this would
+cause the interpreter to crash if the interpreter was
+compiled with debug symbols. This does not affect
+interpreters compiled for release. Patch by Ken Jin.
+ - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly
+parsed. Replace the special purpose getallmatchingheaders
+with generic get_all method and add relevant tests.
+ - inspect.findsource() now raises OSError instead of IndexError
+when co_lineno of a code object is greater than the file
+length. This can happen, for example, when a file is edited
+after it was imported. PR by Irit Katriel.
+ - Fix handling of trailing comments by inspect.getsource().
+ - ChainMap.__iter__ no longer calls __getitem__ on underlying
+maps
+ -
commit python39 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2021-01-31 16:52:21
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.28504 (New)
Package is "python39"
Sun Jan 31 16:52:21 2021 rev:11 rq:868032 version:3.9.0
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2021-01-07
21:23:43.197401960 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.28504/python39.changes
2021-01-31 16:52:22.688734401 +0100
@@ -1,0 +2,7 @@
+Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl
+
+- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
+ bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
+ _ctypes/callproc.c, which may lead to remote code execution.
+
+---
New:
CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.mBHTiG/_old 2021-01-31 16:52:23.816736031 +0100
+++ /var/tmp/diff_new_pack.mBHTiG/_new 2021-01-31 16:52:23.816736031 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package python39
+# spec file for package python39-core
#
# Copyright (c) 2021 SUSE LLC
#
@@ -145,6 +145,9 @@
# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mc...@suse.com
# SLE-15 version of Sphinx doesn't know about skipif directive in doctests.
Patch33:no-skipif-doctests.patch
+# PATCH-FIX-UPSTREAM CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch bsc#1181126
mc...@suse.com
+# buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to
remote code execution
+Patch34:CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
BuildRequires: automake
BuildRequires: fdupes
BuildRequires: gmp-devel
@@ -394,6 +397,7 @@
%if 0%{?suse_version} <= 1500
%patch33 -p1
%endif
+%patch34 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++ CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch ++
>From 34df10a9a16b38d54421eeeaf73ec89828563be7 Mon Sep 17 00:00:00 2001
From: Benjamin Peterson
Date: Mon, 18 Jan 2021 15:11:46 -0600
Subject: [PATCH] [3.6] closes bpo-42938: Replace snprintf with Python unicode
formatting in ctypes param reprs. (GH-24250)
(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
Co-authored-by: Benjamin Peterson
---
Lib/ctypes/test/test_parameters.py| 43 +++
.../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
Modules/_ctypes/callproc.c| 55 +++
3 files changed, 66 insertions(+), 34 deletions(-)
create mode 100644
Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
--- a/Lib/ctypes/test/test_parameters.py
+++ b/Lib/ctypes/test/test_parameters.py
@@ -201,6 +201,49 @@ class SimpleTypesTestCase(unittest.TestC
with self.assertRaises(ZeroDivisionError):
WorseStruct().__setstate__({}, b'foo')
+def test_parameter_repr(self):
+from ctypes import (
+c_bool,
+c_char,
+c_wchar,
+c_byte,
+c_ubyte,
+c_short,
+c_ushort,
+c_int,
+c_uint,
+c_long,
+c_ulong,
+c_longlong,
+c_ulonglong,
+c_float,
+c_double,
+c_longdouble,
+c_char_p,
+c_wchar_p,
+c_void_p,
+)
+self.assertRegex(repr(c_bool.from_param(True)), r"^$")
+self.assertEqual(repr(c_char.from_param(97)), "")
+self.assertRegex(repr(c_wchar.from_param('a')), r"^$")
+self.assertEqual(repr(c_byte.from_param(98)), "")
+self.assertEqual(repr(c_ubyte.from_param(98)), "")
+self.assertEqual(repr(c_short.from_param(511)), "")
+self.assertEqual(repr(c_ushort.from_param(511)), "")
+self.assertRegex(repr(c_int.from_param(2)), r"^$")
+self.assertRegex(repr(c_uint.from_param(2)), r"^$")
+self.assertRegex(repr(c_long.from_param(2)), r"^$")
+self.assertRegex(repr(c_ulong.from_param(2)), r"^$")
+self.assertRegex(repr(c_longlong.from_param(2)), r"^$")
+self.assertRegex(repr(c_ulonglong.from_param(2)), r"^$")
+self.assertEqual(repr(c_float.from_param(1.5)), "")
+self.assertEqual(repr(c_double.from_param(1.5)), "")
+self.assertEqual(repr(c_double.from_param(1e300)), "")
+self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^$")
+self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^$")
+self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^$")
+
commit python39 for openSUSE:Factory
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2020-12-13 17:30:34
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.2328 (New)
Package is "python39"
Sun Dec 13 17:30:34 2020 rev:9 rq:855482 version:3.9.0
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2020-12-07
15:00:39.004731753 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.2328/python39.changes
2020-12-13 17:31:04.236430528 +0100
@@ -1,0 +2,20 @@
+Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl
+
+- Update sphinx-update-removed-function.patch patch to the latest
+ version in python36.
+
+---
+Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner
+
+- Last try before this results in an editwar:
+ * remove importlib_resources and importlib-metadata
+provides/obsoletes
+ * import importlib_resources is not the same as
+import importlib.resources, same for metadata
+ * The backport packages from PyPI needed for older flavors are
+specified as such for setuptools or in pyproject.toml. If a
+package requires them they typically add them with a python
+version qualifier and the packages have their own version
+numbers.
+
+---
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.zXS2cF/_old 2020-12-13 17:31:05.240431546 +0100
+++ /var/tmp/diff_new_pack.zXS2cF/_new 2020-12-13 17:31:05.244431551 +0100
@@ -291,10 +291,6 @@
Provides: %{python_pkg_name}-typing = %{version}
# python3-xml was merged into python3, now moved into -base
Provides: %{python_pkg_name}-xml = %{version}
-# python-importlib-metadata was specifical project which was merged into 3.8
-Provides: %{python_pkg_name}-importlib-metadata = %{version}
-# python-importlib_resources is a backport of 3.7 behaviour into older pythons
-Provides: %{python_pkg_name}-importlib_resources = %{version}
%if %{primary_interpreter}
Provides: python3-asyncio = %{version}
Provides: python3-base = %{version}
@@ -303,10 +299,6 @@
Obsoletes: python3-typing < %{version}
Provides: python3-xml = %{version}
Obsoletes: python3-xml < %{version}
-Provides: python3-importlib-metadata = %{version}
-Obsoletes: python3-importlib-metadata < %{version}
-Provides: python3-importlib_resources = %{version}
-Obsoletes: python3-importlib_resources < %{version}
%endif
%description -n %{python_pkg_name}-base
++ sphinx-update-removed-function.patch ++
--- /var/tmp/diff_new_pack.zXS2cF/_old 2020-12-13 17:31:05.504431814 +0100
+++ /var/tmp/diff_new_pack.zXS2cF/_new 2020-12-13 17:31:05.504431814 +0100
@@ -1,12 +1,6 @@
-From 960bb883769e5c64a63b014590d75654db87ffb0 Mon Sep 17 00:00:00 2001
-From: Pablo Galindo
-Date: Fri, 10 May 2019 22:58:17 +0100
-Subject: [PATCH] Fix sphinx deprecation warning about env.note_versionchange()
- (GH-13236)
-
---
- Doc/tools/extensions/pyspecific.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ Doc/tools/extensions/pyspecific.py |6 ++
+ 1 file changed, 6 insertions(+)
--- a/Doc/tools/extensions/pyspecific.py
+++ b/Doc/tools/extensions/pyspecific.py
@@ -15,12 +9,12 @@
node.append(para)
env = self.state.document.settings.env
-env.get_domain('changeset').note_changeset(node)
-+# new method
-+if hasattr(env, 'get_domain'):
-+env.get_domain('changeset').note_changeset(node)
+# deprecated pre-Sphinx-2 method
-+else:
++if hasattr(env, 'note_versionchange'):
+env.note_versionchange('deprecated', version[0], node,
self.lineno)
++# new method
++else:
++env.get_domain('changeset').note_changeset(node)
return [node] + messages
___
openSUSE Commits mailing list -- commit@lists.opensuse.org
To unsubscribe, email commit-le...@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives:
https://lists.opensuse.org/archives/list/commit@lists.opensuse.org
commit python39 for openSUSE:Factory
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2020-12-07 15:00:18
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.5913 (New)
Package is "python39"
Mon Dec 7 15:00:18 2020 rev:8 rq:853313 version:3.9.0
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2020-11-15
15:27:29.591522201 +0100
+++ /work/SRC/openSUSE:Factory/.python39.new.5913/python39.changes
2020-12-07 15:00:39.004731753 +0100
@@ -1,0 +2,7 @@
+Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl
+
+- Add patch sphinx-update-removed-function.patch to no longer call
+ a now removed function and to make documentation build independent of
+ the Sphinx version (bsc#1179630, gh#python/cpython#13236).
+
+---
New:
sphinx-update-removed-function.patch
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.fGkR4i/_old 2020-12-07 15:00:40.260733067 +0100
+++ /var/tmp/diff_new_pack.fGkR4i/_new 2020-12-07 15:00:40.260733067 +0100
@@ -140,6 +140,8 @@
# PATCH-FIX-UPSTREAM bsc1167501-invalid-alignment.patch
gh#python/cpython#19133 mc...@suse.com
# Fix wrong misalignment of pointer to vectorcallfunc
Patch31:bsc1167501-invalid-alignment.patch
+# PATCH-FIX-UPSTREAM stop calling removed Sphinx function
gh#python/cpython#13236
+Patch32:sphinx-update-removed-function.patch
BuildRequires: automake
BuildRequires: fdupes
BuildRequires: gmp-devel
@@ -395,6 +397,7 @@
%patch27 -p1
%patch29 -p1
%patch31 -p1
+%patch32 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++ sphinx-update-removed-function.patch ++
From 960bb883769e5c64a63b014590d75654db87ffb0 Mon Sep 17 00:00:00 2001
From: Pablo Galindo
Date: Fri, 10 May 2019 22:58:17 +0100
Subject: [PATCH] Fix sphinx deprecation warning about env.note_versionchange()
(GH-13236)
---
Doc/tools/extensions/pyspecific.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/Doc/tools/extensions/pyspecific.py
+++ b/Doc/tools/extensions/pyspecific.py
@@ -355,7 +355,12 @@ class DeprecatedRemoved(Directive):
translatable=False)
node.append(para)
env = self.state.document.settings.env
-env.get_domain('changeset').note_changeset(node)
+# new method
+if hasattr(env, 'get_domain'):
+env.get_domain('changeset').note_changeset(node)
+# deprecated pre-Sphinx-2 method
+else:
+env.note_versionchange('deprecated', version[0], node, self.lineno)
return [node] + messages
___
openSUSE Commits mailing list -- commit@lists.opensuse.org
To unsubscribe, email commit-le...@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives:
https://lists.opensuse.org/archives/list/commit@lists.opensuse.org
[opensuse-commit] commit python39 for openSUSE:Factory
Hello community,
here is the log from the commit of package python39 for openSUSE:Factory
checked in at 2020-11-15 15:26:06
Comparing /work/SRC/openSUSE:Factory/python39 (Old)
and /work/SRC/openSUSE:Factory/.python39.new.24930 (New)
Package is "python39"
Sun Nov 15 15:26:06 2020 rev:7 rq:848385 version:3.9.0
Changes:
--- /work/SRC/openSUSE:Factory/python39/python39.changes2020-10-23
12:22:38.396694919 +0200
+++ /work/SRC/openSUSE:Factory/.python39.new.24930/python39.changes
2020-11-15 15:27:29.591522201 +0100
@@ -1,0 +2,7 @@
+Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl
+
+- Don't require packages which break build on SLE-15 although we really
+ don't need them (python3-python-docs-theme and
+ python3-sphinxcontrib-qthelp).
+
+---
Other differences:
--
++ python39.spec ++
--- /var/tmp/diff_new_pack.bp0Sts/_old 2020-11-15 15:27:30.439523109 +0100
+++ /var/tmp/diff_new_pack.bp0Sts/_new 2020-11-15 15:27:30.443523113 +0100
@@ -162,9 +162,11 @@
# Here we just run sphinx and we can use generic one, we don't need
# the flavor variant
BuildRequires: python3-Sphinx < 3.0
+%if 0%{?suse_version} > 1500
BuildRequires: python3-python-docs-theme
BuildRequires: python3-sphinxcontrib-qthelp >= 1.0.2
%endif
+%endif
%if %{with general}
# required for idle3 (.desktop and .appdata.xml files)
BuildRequires: appstream-glib
___
openSUSE Commits mailing list -- commit@lists.opensuse.org
To unsubscribe, email commit-le...@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives:
https://lists.opensuse.org/archives/list/commit@lists.opensuse.org
