Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python39 for openSUSE:Factory checked in at 2021-02-16 22:40:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python39 (Old) and /work/SRC/openSUSE:Factory/.python39.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python39" Tue Feb 16 22:40:04 2021 rev:12 rq:872780 version:3.9.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python39/python39.changes 2021-01-31 16:52:22.688734401 +0100 +++ /work/SRC/openSUSE:Factory/.python39.new.28504/python39.changes 2021-02-16 22:50:27.990664712 +0100 @@ -0,0 +1,252 @@ +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik <[email protected]> + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl <[email protected]> + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ???!=??? token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn???t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there???s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item???s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale???s encoding. + - Correctly count control blocks in ???except??? in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception???s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (???a???) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ ???Sequences (Tuples/Lists)??? section, add + ???How do you remove multiple items from a list???. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile???s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don???t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. ++++ 55 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/python39/python39.changes ++++ and /work/SRC/openSUSE:Factory/.python39.new.28504/python39.changes Old: ---- Python-3.9.0.tar.xz Python-3.9.0.tar.xz.asc New: ---- Python-3.9.1.tar.xz Python-3.9.1.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python39.spec ++++++ --- /var/tmp/diff_new_pack.DteNog/_old 2021-02-16 22:50:29.442666601 +0100 +++ /var/tmp/diff_new_pack.DteNog/_new 2021-02-16 22:50:29.446666606 +0100 @@ -1,5 +1,5 @@ # -# spec file for package python39-core +# spec file for package python39 # # Copyright (c) 2021 SUSE LLC # @@ -53,7 +53,7 @@ # Will do the /usr/bin/python3 and all the core links %define primary_interpreter 0 # We don't process beta signs well -%define folderversion 3.9.0 +%define folderversion 3.9.1 %define tarname Python-%{tarversion} %define sitedir %{_libdir}/python%{python_version} # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 @@ -88,7 +88,7 @@ %bcond_without profileopt %endif Name: %{python_pkg_name}%{psuffix} -Version: 3.9.0 +Version: 3.9.1 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -297,8 +297,9 @@ Provides: %{python_pkg_name}-xml = %{version} %if %{primary_interpreter} Provides: python3-asyncio = %{version} -Provides: python3-base = %{version} Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} Provides: python3-typing = %{version} Obsoletes: python3-typing < %{version} Provides: python3-xml = %{version} ++++++ CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch ++++++ --- /var/tmp/diff_new_pack.DteNog/_old 2021-02-16 22:50:29.490666663 +0100 +++ /var/tmp/diff_new_pack.DteNog/_new 2021-02-16 22:50:29.490666663 +0100 @@ -73,7 +73,7 @@ +:class:`ctypes.c_longdouble` values. --- a/Modules/_ctypes/callproc.c +++ b/Modules/_ctypes/callproc.c -@@ -483,58 +483,47 @@ is_literal_char(unsigned char c) +@@ -489,58 +489,47 @@ is_literal_char(unsigned char c) static PyObject * PyCArg_repr(PyCArgObject *self) { @@ -148,7 +148,7 @@ /* Hm, are these 'z' and 'Z' codes useful at all? Shouldn't they be replaced by the functionality of c_string -@@ -543,22 +532,19 @@ PyCArg_repr(PyCArgObject *self) +@@ -549,22 +538,19 @@ PyCArg_repr(PyCArgObject *self) case 'z': case 'Z': case 'P': ++++++ Python-3.9.0.tar.xz -> Python-3.9.1.tar.xz ++++++ /work/SRC/openSUSE:Factory/python39/Python-3.9.0.tar.xz /work/SRC/openSUSE:Factory/.python39.new.28504/Python-3.9.1.tar.xz differ: char 27, line 1 ++++++ bpo-31046_ensurepip_honours_prefix.patch ++++++ --- /var/tmp/diff_new_pack.DteNog/_old 2021-02-16 22:50:29.578666778 +0100 +++ /var/tmp/diff_new_pack.DteNog/_new 2021-02-16 22:50:29.578666778 +0100 @@ -139,7 +139,7 @@ --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1252,7 +1252,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni +@@ -1253,7 +1253,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni install|*) ensurepip="" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ @@ -148,7 +148,7 @@ fi altinstall: commoninstall -@@ -1262,7 +1262,7 @@ altinstall: commoninstall +@@ -1263,7 +1263,7 @@ altinstall: commoninstall install|*) ensurepip="--altinstall" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ ++++++ python-3.3.0b1-fix_date_time_compiler.patch ++++++ --- /var/tmp/diff_new_pack.DteNog/_old 2021-02-16 22:50:29.650666872 +0100 +++ /var/tmp/diff_new_pack.DteNog/_new 2021-02-16 22:50:29.650666872 +0100 @@ -1,6 +1,6 @@ --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -764,11 +764,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ +@@ -772,11 +772,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ $(DTRACE_OBJS) \ $(srcdir)/Modules/getbuildinfo.c $(CC) -c $(PY_CORE_CFLAGS) \ ++++++ skip_random_failing_tests.patch ++++++ --- /var/tmp/diff_new_pack.DteNog/_old 2021-02-16 22:50:29.682666913 +0100 +++ /var/tmp/diff_new_pack.DteNog/_new 2021-02-16 22:50:29.686666918 +0100 @@ -82,7 +82,7 @@ --- a/Lib/test/_test_multiprocessing.py +++ b/Lib/test/_test_multiprocessing.py -@@ -1521,6 +1521,7 @@ class _TestCondition(BaseTestCase): +@@ -1546,6 +1546,7 @@ class _TestCondition(BaseTestCase): success.value = True @unittest.skipUnless(HAS_SHAREDCTYPES, 'needs sharedctypes') @@ -90,7 +90,7 @@ def test_waitfor_timeout(self): # based on test in test/lock_tests.py cond = self.Condition() -@@ -2411,6 +2412,7 @@ class _TestPool(BaseTestCase): +@@ -2436,6 +2437,7 @@ class _TestPool(BaseTestCase): self.assertEqual(get(), 49) self.assertTimingAlmostEqual(get.elapsed, TIMEOUT1) @@ -98,7 +98,7 @@ def test_async_timeout(self): res = self.pool.apply_async(sqr, (6, TIMEOUT2 + 1.0)) get = TimingWrapper(res.get) -@@ -4564,6 +4566,7 @@ class TestWait(unittest.TestCase): +@@ -4682,6 +4684,7 @@ class TestWait(unittest.TestCase): sem.release() time.sleep(period) @@ -108,7 +108,7 @@ --- a/Lib/test/test_asyncio/test_events.py +++ b/Lib/test/test_asyncio/test_events.py -@@ -266,6 +266,7 @@ class EventLoopTestsMixin: +@@ -270,6 +270,7 @@ class EventLoopTestsMixin: # Note: because of the default Windows timing granularity of # 15.6 msec, we use fairly long sleep times here (~100 msec). @@ -116,16 +116,16 @@ def test_run_until_complete(self): t0 = self.loop.time() self.loop.run_until_complete(asyncio.sleep(0.1)) -@@ -293,7 +294,7 @@ class EventLoopTestsMixin: +@@ -294,7 +295,7 @@ class EventLoopTestsMixin: + + self.loop.call_later(0.1, callback, 'hello world') self.loop.run_forever() - t1 = time.monotonic() - self.assertEqual(results, ['hello world']) -- self.assertTrue(0.08 <= t1-t0 <= 0.8, t1-t0) +- self.assertEqual(results, ['hello world']) + self.assertTrue(0.08 <= t1-t0 <= 5.0, t1-t0) def test_call_soon(self): results = [] -@@ -478,6 +479,7 @@ class EventLoopTestsMixin: +@@ -481,6 +482,7 @@ class EventLoopTestsMixin: self.assertEqual(caught, 1) @unittest.skipUnless(hasattr(signal, 'SIGALRM'), 'No SIGALRM') @@ -135,7 +135,7 @@ caught = 0 --- a/Lib/test/test_buffer.py +++ b/Lib/test/test_buffer.py -@@ -2504,6 +2504,7 @@ class TestBufferProtocol(unittest.TestCa +@@ -2509,6 +2509,7 @@ class TestBufferProtocol(unittest.TestCa a = ndarray(items, shape=[2, 2, 2], format="b") check(memoryview(a), vsize(base_struct + 3 * per_dim)) ++++++ sphinx-update-removed-function.patch ++++++ --- /var/tmp/diff_new_pack.DteNog/_old 2021-02-16 22:50:29.702666939 +0100 +++ /var/tmp/diff_new_pack.DteNog/_new 2021-02-16 22:50:29.706666945 +0100 @@ -4,7 +4,7 @@ --- a/Doc/tools/extensions/pyspecific.py +++ b/Doc/tools/extensions/pyspecific.py -@@ -355,7 +355,12 @@ class DeprecatedRemoved(Directive): +@@ -361,7 +361,12 @@ class DeprecatedRemoved(Directive): translatable=False) node.append(para) env = self.state.document.settings.env
