Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python311 for openSUSE:Factory
checked in at 2022-12-09 13:18:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python311 (Old)
and /work/SRC/openSUSE:Factory/.python311.new.1835 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python311"
Fri Dec 9 13:18:00 2022 rev:11 rq:1041729 version:3.11.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/python311/python311.changes 2022-11-10
14:23:40.974824587 +0100
+++ /work/SRC/openSUSE:Factory/.python311.new.1835/python311.changes
2022-12-09 13:19:21.951506804 +0100
@@ -1,0 +2,360 @@
+Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl <mc...@suse.com>
+
+- Update to 3.11.1:
+ - python -m http.server no longer allows terminal control
+ characters sent within a garbage request to be printed
+ to the stderr server lo This is done by changing the
+ http.server BaseHTTPRequestHandler .log_message method to
+ replace control characters with a \xHH hex escape before
+ printin
+ - Avoid publishing list of active per-interpreter audit hooks
+ via the gc module
+ - The IDNA codec decoder used on DNS hostnames by socket or
+ asyncio related name resolution functions no longer involves
+ a quadratic algorithm. This prevents a potential CPU denial
+ of service if an out-of-spec excessive length hostname
+ involving bidirectional characters were decoded. Some
+ protocols such as urllib http 3xx redirects potentially allow
+ for an attacker to supply such a name (CVE-2022-45061).
+ - Update bundled libexpat to 2.5.0
+ - Fix a shell code injection vulnerability in the
+ get-remote-certificate.py example script. The script no
+ longer uses a shell to run openssl commands. Issue reported
+ and initial fix by Caleb Shortt. Patch by Victor Stinner.
+ - Fix a crash when an object which does not have a dictionary
+ frees its instance values.
+ - Fix a bug in the tokenizer that could cause infinite
+ recursion when showing syntax warnings that happen in the
+ first line of the source. Patch by Pablo Galindo
+ - Fix an issue that could cause frames to be visible to Python
+ code as they are being torn down, possibly leading to memory
+ corruption or hard crashes of the interpreter.
+ - Fix a reference bug in _imp.create_builtin() after the
+ creation of the first sub-interpreter for modules builtins
+ and sys. Patch by Victor Stinner.
+ - Fixed a bug that was causing a buffer overflow if the
+ tokenizer copies a line missing the newline caracter from a
+ file that is as long as the available tokenizer buffer. Patch
+ by Pablo galindo
+ - Fix bug where an ExceptionGroup subclass can wrap a
+ BaseException.
+ - Fix zip path for venv created from a non-installed python on
+ POSIX platforms.
+ - Fix an issue that could potentially cause incorrect error
+ handling for some bytecode instructions.
+ - Fix an issue that prevented PyThreadState and
+ PyInterpreterState memory from being freed properly.
+ - Fix failure in except* with unhashable exceptions.
+ - Fix calculation of sys._base_executable when inside a POSIX
+ virtual environment using copies of the python binary when
+ the base installation does not provide the executable name
+ used by the venv. Calculation will fall back to alternative
+ names (âpython<MAJOR>â, âpython<MAJOR>.<MINOR>â).
+ - Update faulthandler to emit an error message with the proper
+ unexpected signal number. Patch by Dong-hee Na.
+ - Fix location of SyntaxError for a try block with both except
+ and except*.
+ - Fix the error reporting positions of specialized traceback
+ anchors when the source line contains Unicode characters.
+ - Fix subscription of type aliases containing bare generic
+ types or types like TypeVar: for example tuple[A, T][int] and
+ tuple[TypeVar, T][int], where A is a generic type, and T is a
+ type variable.
+ - Lower the recursion depth for marshal on WASI to support
+ wasmtime 2.0/main.
+ - Fix multiple crashes in debug mode when str subclasses are
+ used instead of str itself.
+ - Fix an issue where member descriptors (such as those for
+ __slots__) could behave incorrectly or crash instead of
+ raising a TypeError when accessed via an instance of an
+ invalid type.
+ - Suppress ImportError for invalid query for help()
+ command. Patch by Dong-hee Na.
+ - Fix detection of MAC addresses for uuid on certain OSs. Patch
+ by Chaim Sanders
+ - Print exception class name instead of its string
+ representation when raising errors from ctypes calls.
+ - os.sched_yield() now release the GIL while calling
+ sched_yield(2). Patch by Dong-hee Na.
+ - Fix an issue that could delay the specialization of PRECALL
+ instructions.
+ - Bugfix: PyFunction_GetAnnotations() should return a borrowed
+ reference. It was returning a new reference.
+ - Ensure that all Python frame objects are backed by âcompleteâ
+ frames.
+ - Fixed a missing incref/decref pair in
+ Exception.__setstate__(). Patch by Ofey Chan.
+ - Fix the Python path configuration used to initialized
+ sys.path at Python startup. Paths are no longer encoded
+ to UTF-8/strict to avoid encoding errors if it contains
+ surrogate characters (bytes paths are decoded with the
+ surrogateescape error handler). Patch by Victor Stinner.
+ - Fix overly-broad source position information for chained
+ comparisons used as branching conditions.
+ - At Python exit, sometimes a thread holding the GIL can
+ wait forever for a thread (usually a daemon thread) which
+ requested to drop the GIL, whereas the thread already
+ exited. To fix the race condition, the thread which requested
+ the GIL drop now resets its request before exiting. Issue
+ discovered and analyzed by Mingliang ZHAO. Patch by Victor
+ Stinner.
+ - Fix a possible assertion failure, fatal error, or SystemError
+ if a line tracing event raises an exception while opcode
+ tracing is enabled.
+ - Fix undefined behaviour in C code of null pointer arithmetic.
+ - Make sure that all frame objects created are created from
+ valid interpreter frames. Prevents the possibility of invalid
+ frames in backtraces and signal handlers.
+ - Disable incorrect pickling of the C implemented classmethod
+ descriptors.
+ - On WASI ENOTCAPABLE is now mapped to PermissionError. The
+ errno modules exposes the new error number. getpath.py now
+ ignores PermissionError when it cannot open landmark files
+ pybuilddir.txt and pyenv.cfg.
+ - Allow pdb to locate source for frozen modules in the standard
+ library.
+ - Raise ValueError instead of SystemError when methods of
+ uninitialized io.IncrementalNewlineDecoder objects are
+ called. Patch by Oren Milman.
+ - Fix a possible assertion failure in io.FileIO when the opener
+ returns an invalid file descriptor.
+ - Also escape s in the http.server
+ BaseHTTPRequestHandler.log_message so that it is technically
+ possible to parse the line and reconstruct what the original
+ data was. Without this a xHH is ambiguious as to if it is a
+ hex replacement we put in or the characters râxâ came through
+ in the original request line.
+ - asyncio.get_event_loop() now only emits a deprecation warning
+ when a new event loop was created implicitly. It no longer
+ emits a deprecation warning if the current event loop was
+ set.
+ - Fix bug when calling trace.CoverageResults with valid infile.
+ - Fix a bug in handling class cleanups in
+ unittest.TestCase. Now addClassCleanup() uses separate lists
+ for different TestCase subclasses, and doClassCleanups() only
+ cleans up the particular class.
+ - Release the GIL when calling termios APIs to avoid blocking
+ threads.
+ - Fix ast.increment_lineno() to also cover ast.TypeIgnore when
+ changing line numbers.
+ - Fix bug in urllib.parse.urlparse() that causes URL schemes
+ that begin with a digit, a plus sign, or a minus sign to be
+ parsed incorrectly.
+ - Check the number of arguments in substitution in user
+ generics containing a TypeVarTuple and one or more TypeVar.
+ - Fix substitution of ParamSpec followed by TypeVarTuple in
+ generic aliases.
+ - Fix substitution of TypeVarTuple and ParamSpec together in
+ user generics.
+ - Fixed bug where inspect.signature() reported incorrect
+ arguments for decorated methods.
+ - Fix SystemError in ctypes when exception was not set during
+ __initsubclass__.
+ - Remove older version of
+ _SSLProtocolTransport.get_write_buffer_limits in
+ asyncio.sslproto
+ - fix negative numbers failing in verify()
+ - Fix statistics.NormalDist pickle with 0 and 1 protocols.
+ - enum.auto() is now correctly activated when combined with
+ other assignment values. E.g. ONE = auto(), 'some text' will
+ now evaluate as (1, 'some text').
+ - Update the bundled copy of pip to version 22.3.1.
+ - Clean up refleak on failed module initialisation in _zoneinfo
+ - Clean up refleaks on failed module initialisation in in
+ _pickle
+ - Clean up refleak on failed module initialisation in _io.
+ - Fix memory leak in math.dist() when both points donât have
+ the same dimension. Patch by Kumar Aditya.
+ - [3.11] Applied changes from importlib_metadata 4.11.4
+ through 4.13, including compatibility and robustness
+ fixes for Distribution objects without _normalized_name,
+ disallowing invalid inputs to Distribution.from_name, and
+ refined behaviors in PathDistribution._name_from_stem and
+ PathDistribution._normalized_name.
+ - Fix argument typechecks in _overlapped.WSAConnect() and
+ _overlapped.Overlapped.WSASendTo() functions.
+ - Prevent crashing in traceback when retrieving the byte-offset
+ for some source files that contain certain unicode
+ characters.
+ - Fix internal error in the re module which in very rare
+ circumstances prevented compilation of a regular expression
+ containing a conditional expression without the âelseâ
+ branch.
+ - Fix asyncio.StreamWriter.drain() to call
+ protocol.connection_lost callback only once on Windows.
+ - Add a mutex to unittest.mock.NonCallableMock to protect
+ concurrent access to mock attributes.
+ - Fix hang on Windows in subprocess.wait_closed() in asyncio
+ with ProactorEventLoop. Patch by Kumar Aditya.
+ - Fix infinite loop in unittest when a self-referencing chained
+ exception is raised
+ - tkinter.Text.count() raises now an exception for options
+ starting with â-â instead of silently ignoring them.
+ - On uname_result, restored expectation that _fields and
+ _asdict would include all six properties including processor.
+ - A createSocket() method was added to SysLogHandler.
+ - Fix bug in urllib.parse.urlparse() that causes certain port
+ numbers containing whitespace, underscores, plus and minus
++++ 163 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/python311/python311.changes
++++ and /work/SRC/openSUSE:Factory/.python311.new.1835/python311.changes
Old:
----
98437-sphinx.locale._-as-gettext-in-pyspecific.patch
CVE-2022-45061-DoS-by-IDNA-decode.patch
Python-3.11.0.tar.xz
Python-3.11.0.tar.xz.asc
New:
----
Python-3.11.1.tar.xz
Python-3.11.1.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python311.spec ++++++
--- /var/tmp/diff_new_pack.w0diFv/_old 2022-12-09 13:19:22.663510587 +0100
+++ /var/tmp/diff_new_pack.w0diFv/_new 2022-12-09 13:19:22.663510587 +0100
@@ -67,7 +67,7 @@
%define tarversion %{version}
%endif
# We don't process beta signs well
-%define folderversion 3.11.0
+%define folderversion %{tarversion}
%define tarname Python-%{tarversion}
%define sitedir %{_libdir}/python%{python_version}
# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
@@ -103,7 +103,7 @@
%define dynlib()
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
-Version: 3.11.0
+Version: 3.11.1
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@@ -166,12 +166,6 @@
# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253
mc...@suse.com
# Makes Python resilient to changes of API of libexpat
Patch36: support-expat-CVE-2022-25236-patched.patch
-# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
gh#python/cpython#98366 mc...@suse.com
-# this patch makes things totally awesome
-Patch37: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
-# PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244
mc...@suse.com
-# Avoid DoS by decoding IDNA for too long domain names
-Patch38: CVE-2022-45061-DoS-by-IDNA-decode.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -438,8 +432,6 @@
%endif
%patch35 -p1
%patch36 -p1
-%patch37 -p1
-%patch38 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++++++ Python-3.11.0.tar.xz -> Python-3.11.1.tar.xz ++++++
/work/SRC/openSUSE:Factory/python311/Python-3.11.0.tar.xz
/work/SRC/openSUSE:Factory/.python311.new.1835/Python-3.11.1.tar.xz differ:
char 26, line 1
++++++ bpo-31046_ensurepip_honours_prefix.patch ++++++
--- /var/tmp/diff_new_pack.w0diFv/_old 2022-12-09 13:19:22.779511203 +0100
+++ /var/tmp/diff_new_pack.w0diFv/_new 2022-12-09 13:19:22.783511224 +0100
@@ -15,7 +15,7 @@
--- a/Doc/library/ensurepip.rst
+++ b/Doc/library/ensurepip.rst
-@@ -57,8 +57,9 @@ is at least as recent as the one availab
+@@ -59,8 +59,9 @@ is at least as recent as the one availab
By default, ``pip`` is installed into the current virtual environment
(if one is active) or into the system site packages (if there is no
active virtual environment). The installation location can be controlled
@@ -26,7 +26,7 @@
* ``--root <dir>``: Installs ``pip`` relative to the given root directory
rather than the root of the currently active virtual environment (if any)
or the default root for the current Python installation.
-@@ -90,7 +91,7 @@ Module API
+@@ -92,7 +93,7 @@ Module API
Returns a string specifying the available version of pip that will be
installed when bootstrapping an environment.
@@ -35,7 +35,7 @@
altinstall=False, default_pip=False, \
verbosity=0)
-@@ -100,6 +101,8 @@ Module API
+@@ -102,6 +103,8 @@ Module API
If *root* is ``None``, then installation uses the default install location
for the current environment.
@@ -44,7 +44,7 @@
*upgrade* indicates whether or not to upgrade an existing installation
of an earlier version of ``pip`` to the available version.
-@@ -120,6 +123,8 @@ Module API
+@@ -122,6 +125,8 @@ Module API
*verbosity* controls the level of output to :data:`sys.stdout` from the
bootstrapping operation.
@@ -139,7 +139,7 @@
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
-@@ -1751,7 +1751,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni
+@@ -1756,7 +1756,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni
install|*) ensurepip="" ;; \
esac; \
$(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \
@@ -148,7 +148,7 @@
fi
altinstall: commoninstall
-@@ -1761,7 +1761,7 @@ altinstall: commoninstall
+@@ -1766,7 +1766,7 @@ altinstall: commoninstall
install|*) ensurepip="--altinstall" ;; \
esac; \
$(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \
++++++ fix_configure_rst.patch ++++++
--- /var/tmp/diff_new_pack.w0diFv/_old 2022-12-09 13:19:22.795511287 +0100
+++ /var/tmp/diff_new_pack.w0diFv/_new 2022-12-09 13:19:22.799511309 +0100
@@ -29,7 +29,7 @@
Create a Python.framework rather than a traditional Unix install. Optional
--- a/Misc/NEWS
+++ b/Misc/NEWS
-@@ -6768,7 +6768,7 @@ C API
+@@ -7355,7 +7355,7 @@ C API
- bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
- bpo-43795: The list in :ref:`stable-abi-list` now shows the public name
++++++ python-3.3.0b1-fix_date_time_compiler.patch ++++++
--- /var/tmp/diff_new_pack.w0diFv/_old 2022-12-09 13:19:22.883511755 +0100
+++ /var/tmp/diff_new_pack.w0diFv/_new 2022-12-09 13:19:22.891511798 +0100
@@ -4,7 +4,7 @@
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
-@@ -1234,11 +1234,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \
+@@ -1235,11 +1235,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \
$(DTRACE_OBJS) \
$(srcdir)/Modules/getbuildinfo.c
$(CC) -c $(PY_CORE_CFLAGS) \
++++++ subprocess-raise-timeout.patch ++++++
--- /var/tmp/diff_new_pack.w0diFv/_old 2022-12-09 13:19:22.943512074 +0100
+++ /var/tmp/diff_new_pack.w0diFv/_new 2022-12-09 13:19:22.943512074 +0100
@@ -4,7 +4,7 @@
--- a/Lib/test/test_subprocess.py
+++ b/Lib/test/test_subprocess.py
-@@ -272,7 +272,8 @@ class ProcessTestCase(BaseTestCase):
+@@ -278,7 +278,8 @@ class ProcessTestCase(BaseTestCase):
"time.sleep(3600)"],
# Some heavily loaded buildbots (sparc Debian 3.x) require
# this much time to start and print.
