Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python311 for openSUSE:Factory checked in at 2023-06-04 00:12:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python311 (Old) and /work/SRC/openSUSE:Factory/.python311.new.15902 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python311" Sun Jun 4 00:12:15 2023 rev:17 rq:1084262 version:3.11.3 Changes: -------- --- /work/SRC/openSUSE:Factory/python311/python311.changes 2023-03-05 20:08:04.344725113 +0100 +++ /work/SRC/openSUSE:Factory/.python311.new.15902/python311.changes 2023-06-04 00:12:17.429422080 +0200 @@ -1,0 +2,125 @@ +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl <[email protected]> + +- Why in the world we download from HTTP? +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 â Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl <[email protected]> + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez MacÃas. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Donât ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesnât set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve âextraâ fields in zipfile + regardless of their ordering relative to a zip64 âextra.â + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- Old: ---- Python-3.11.2.tar.xz Python-3.11.2.tar.xz.asc New: ---- 103213-fetch-CONFIG_ARGS.patch CVE-2007-4559-filter-tarfile_extractall.patch Python-3.11.3.tar.xz Python-3.11.3.tar.xz.asc skip_if_buildbot-extend.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python311.spec ++++++ --- /var/tmp/diff_new_pack.oqw0nX/_old 2023-06-04 00:12:19.745435926 +0200 +++ /var/tmp/diff_new_pack.oqw0nX/_new 2023-06-04 00:12:19.749435950 +0200 @@ -104,13 +104,13 @@ %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.2 +Version: 3.11.3 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 URL: https://www.python.org/ -Source0: http://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz -Source1: http://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc Source2: baselibs.conf Source3: README.SUSE Source7: macros.python3 @@ -167,6 +167,15 @@ # PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 [email protected] # Makes Python resilient to changes of API of libexpat Patch36: support-expat-CVE-2022-25236-patched.patch +# PATCH-FIX-UPSTREAM CVE-2007-4559-filter-tarfile_extractall.patch bsc#1203750 [email protected] +# PEP 706 â Filter for tarfile.extractall +Patch37: CVE-2007-4559-filter-tarfile_extractall.patch +# PATCH-FIX-UPSTREAM 103213-fetch-CONFIG_ARGS.patch gh#python/cpython#103053 [email protected] +# Fetch CONFIG_ARGS from original python instance +Patch38: 103213-fetch-CONFIG_ARGS.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 [email protected] +# Skip test_freeze_simple_script +Patch39: skip_if_buildbot-extend.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -438,6 +447,9 @@ %endif %patch35 -p1 %patch36 -p1 +%patch37 -p1 +%patch38 -p1 +%patch39 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac ++++++ 103213-fetch-CONFIG_ARGS.patch ++++++ >From d3217d12eee9eefad8444e80545b82b2a8c2be4c Mon Sep 17 00:00:00 2001 From: Ijtaba Hussain <[email protected]> Date: Mon, 3 Apr 2023 17:28:32 +0500 Subject: [PATCH 1/3] Fetch CONFIG_ARGS from original python instance instead of fetching from intermediate instance. As "make clean" is called against the intermediate instance, the build directory is cleared and the config arguments lookup fails with a ModuleNotFoundError --- Misc/NEWS.d/next/Tools-Demos/2023-04-05-07-19-36.gh-issue-103186.yEozgK.rst | 2 ++ Tools/freeze/test/freeze.py | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) --- /dev/null +++ b/Misc/NEWS.d/next/Tools-Demos/2023-04-05-07-19-36.gh-issue-103186.yEozgK.rst @@ -0,0 +1,2 @@ +``freeze`` now fetches ``CONFIG_ARGS`` from the original CPython instance +the Makefile uses to call utility scripts. Patch by Ijtaba Hussain. --- a/Tools/freeze/test/freeze.py +++ b/Tools/freeze/test/freeze.py @@ -96,7 +96,6 @@ def copy_source_tree(newroot, oldroot): if os.path.exists(os.path.join(newroot, 'Makefile')): _run_quiet([MAKE, 'clean'], newroot) - def get_makefile_var(builddir, name): regex = re.compile(rf'^{name} *=\s*(.*?)\s*$') filename = os.path.join(builddir, 'Makefile') @@ -153,7 +152,7 @@ def prepare(script=None, outdir=None): print(f'configuring python in {builddir}...') cmd = [ os.path.join(srcdir, 'configure'), - *shlex.split(get_config_var(srcdir, 'CONFIG_ARGS') or ''), + *shlex.split(get_config_var(SRCDIR, 'CONFIG_ARGS') or ''), ] ensure_opt(cmd, 'cache-file', os.path.join(outdir, 'python-config.cache')) prefix = os.path.join(outdir, 'python-installation') ++++++ CVE-2007-4559-filter-tarfile_extractall.patch ++++++ ++++ 2617 lines (skipped) ++++++ Python-3.11.2.tar.xz -> Python-3.11.3.tar.xz ++++++ /work/SRC/openSUSE:Factory/python311/Python-3.11.2.tar.xz /work/SRC/openSUSE:Factory/.python311.new.15902/Python-3.11.3.tar.xz differ: char 27, line 1 ++++++ fix_configure_rst.patch ++++++ --- /var/tmp/diff_new_pack.oqw0nX/_old 2023-06-04 00:12:19.869436667 +0200 +++ /var/tmp/diff_new_pack.oqw0nX/_new 2023-06-04 00:12:19.873436691 +0200 @@ -13,7 +13,7 @@ .. cmdoption:: --with-cxx-main=COMPILER Compile the Python ``main()`` function and link Python executable with C++ -@@ -511,13 +510,11 @@ macOS Options +@@ -527,13 +526,11 @@ macOS Options See ``Mac/README.rst``. @@ -29,7 +29,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -7621,7 +7621,7 @@ C API +@@ -7809,7 +7809,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name ++++++ no-skipif-doctests.patch ++++++ --- /var/tmp/diff_new_pack.oqw0nX/_old 2023-06-04 00:12:19.929437026 +0200 +++ /var/tmp/diff_new_pack.oqw0nX/_new 2023-06-04 00:12:19.933437050 +0200 @@ -348,7 +348,7 @@ >>> turtle.resizemode() 'noresize' @@ -1217,7 +1173,6 @@ Appearance - of the shapes's outline. + of the shape's outline. .. doctest:: - :skipif: _tkinter is None @@ -643,7 +643,7 @@ >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) >>> s = Shape("compound") -@@ -2514,7 +2433,6 @@ Changes since Python 3.0 +@@ -2518,7 +2437,6 @@ Changes since Python 3.0 .. doctest:: ++++++ skip-test_pyobject_freed_is_freed.patch ++++++ --- /var/tmp/diff_new_pack.oqw0nX/_old 2023-06-04 00:12:19.973437289 +0200 +++ /var/tmp/diff_new_pack.oqw0nX/_new 2023-06-04 00:12:19.977437313 +0200 @@ -1,10 +1,10 @@ --- - Lib/test/test_capi.py | 1 + + Lib/test/test_capi/test_misc.py | 1 + 1 file changed, 1 insertion(+) ---- a/Lib/test/test_capi.py -+++ b/Lib/test/test_capi.py -@@ -1035,6 +1035,7 @@ class PyMemDebugTests(unittest.TestCase) +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -1236,6 +1236,7 @@ class PyMemDebugTests(unittest.TestCase) def test_pyobject_forbidden_bytes_is_freed(self): self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') ++++++ skip_if_buildbot-extend.patch ++++++ --- Lib/test/support/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/Lib/test/support/__init__.py +++ b/Lib/test/support/__init__.py @@ -388,7 +388,7 @@ def skip_if_buildbot(reason=None): if not reason: reason = 'not suitable for buildbots' try: - isbuildbot = getpass.getuser().lower() == 'buildbot' + isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] except (KeyError, EnvironmentError) as err: warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) isbuildbot = False
