Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python311 for openSUSE:Factory checked in at 2022-12-09 13:18:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python311 (Old) and /work/SRC/openSUSE:Factory/.python311.new.1835 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python311" Fri Dec 9 13:18:00 2022 rev:11 rq:1041729 version:3.11.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python311/python311.changes 2022-11-10 14:23:40.974824587 +0100 +++ /work/SRC/openSUSE:Factory/.python311.new.1835/python311.changes 2022-12-09 13:19:21.951506804 +0100 @@ -1,0 +2,360 @@ +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl <mc...@suse.com> + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (âpython<MAJOR>â, âpython<MAJOR>.<MINOR>â). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by âcompleteâ + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters râxâ came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points donât have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the âelseâ + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with â-â instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus ++++ 163 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/python311/python311.changes ++++ and /work/SRC/openSUSE:Factory/.python311.new.1835/python311.changes Old: ---- 98437-sphinx.locale._-as-gettext-in-pyspecific.patch CVE-2022-45061-DoS-by-IDNA-decode.patch Python-3.11.0.tar.xz Python-3.11.0.tar.xz.asc New: ---- Python-3.11.1.tar.xz Python-3.11.1.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python311.spec ++++++ --- /var/tmp/diff_new_pack.w0diFv/_old 2022-12-09 13:19:22.663510587 +0100 +++ /var/tmp/diff_new_pack.w0diFv/_new 2022-12-09 13:19:22.663510587 +0100 @@ -67,7 +67,7 @@ %define tarversion %{version} %endif # We don't process beta signs well -%define folderversion 3.11.0 +%define folderversion %{tarversion} %define tarname Python-%{tarversion} %define sitedir %{_libdir}/python%{python_version} # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 @@ -103,7 +103,7 @@ %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.0 +Version: 3.11.1 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -166,12 +166,6 @@ # PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mc...@suse.com # Makes Python resilient to changes of API of libexpat Patch36: support-expat-CVE-2022-25236-patched.patch -# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mc...@suse.com -# this patch makes things totally awesome -Patch37: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch -# PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244 mc...@suse.com -# Avoid DoS by decoding IDNA for too long domain names -Patch38: CVE-2022-45061-DoS-by-IDNA-decode.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -438,8 +432,6 @@ %endif %patch35 -p1 %patch36 -p1 -%patch37 -p1 -%patch38 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac ++++++ Python-3.11.0.tar.xz -> Python-3.11.1.tar.xz ++++++ /work/SRC/openSUSE:Factory/python311/Python-3.11.0.tar.xz /work/SRC/openSUSE:Factory/.python311.new.1835/Python-3.11.1.tar.xz differ: char 26, line 1 ++++++ bpo-31046_ensurepip_honours_prefix.patch ++++++ --- /var/tmp/diff_new_pack.w0diFv/_old 2022-12-09 13:19:22.779511203 +0100 +++ /var/tmp/diff_new_pack.w0diFv/_new 2022-12-09 13:19:22.783511224 +0100 @@ -15,7 +15,7 @@ --- a/Doc/library/ensurepip.rst +++ b/Doc/library/ensurepip.rst -@@ -57,8 +57,9 @@ is at least as recent as the one availab +@@ -59,8 +59,9 @@ is at least as recent as the one availab By default, ``pip`` is installed into the current virtual environment (if one is active) or into the system site packages (if there is no active virtual environment). The installation location can be controlled @@ -26,7 +26,7 @@ * ``--root <dir>``: Installs ``pip`` relative to the given root directory rather than the root of the currently active virtual environment (if any) or the default root for the current Python installation. -@@ -90,7 +91,7 @@ Module API +@@ -92,7 +93,7 @@ Module API Returns a string specifying the available version of pip that will be installed when bootstrapping an environment. @@ -35,7 +35,7 @@ altinstall=False, default_pip=False, \ verbosity=0) -@@ -100,6 +101,8 @@ Module API +@@ -102,6 +103,8 @@ Module API If *root* is ``None``, then installation uses the default install location for the current environment. @@ -44,7 +44,7 @@ *upgrade* indicates whether or not to upgrade an existing installation of an earlier version of ``pip`` to the available version. -@@ -120,6 +123,8 @@ Module API +@@ -122,6 +125,8 @@ Module API *verbosity* controls the level of output to :data:`sys.stdout` from the bootstrapping operation. @@ -139,7 +139,7 @@ --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1751,7 +1751,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni +@@ -1756,7 +1756,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni install|*) ensurepip="" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ @@ -148,7 +148,7 @@ fi altinstall: commoninstall -@@ -1761,7 +1761,7 @@ altinstall: commoninstall +@@ -1766,7 +1766,7 @@ altinstall: commoninstall install|*) ensurepip="--altinstall" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ ++++++ fix_configure_rst.patch ++++++ --- /var/tmp/diff_new_pack.w0diFv/_old 2022-12-09 13:19:22.795511287 +0100 +++ /var/tmp/diff_new_pack.w0diFv/_new 2022-12-09 13:19:22.799511309 +0100 @@ -29,7 +29,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -6768,7 +6768,7 @@ C API +@@ -7355,7 +7355,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name ++++++ python-3.3.0b1-fix_date_time_compiler.patch ++++++ --- /var/tmp/diff_new_pack.w0diFv/_old 2022-12-09 13:19:22.883511755 +0100 +++ /var/tmp/diff_new_pack.w0diFv/_new 2022-12-09 13:19:22.891511798 +0100 @@ -4,7 +4,7 @@ --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1234,11 +1234,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ +@@ -1235,11 +1235,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ $(DTRACE_OBJS) \ $(srcdir)/Modules/getbuildinfo.c $(CC) -c $(PY_CORE_CFLAGS) \ ++++++ subprocess-raise-timeout.patch ++++++ --- /var/tmp/diff_new_pack.w0diFv/_old 2022-12-09 13:19:22.943512074 +0100 +++ /var/tmp/diff_new_pack.w0diFv/_new 2022-12-09 13:19:22.943512074 +0100 @@ -4,7 +4,7 @@ --- a/Lib/test/test_subprocess.py +++ b/Lib/test/test_subprocess.py -@@ -272,7 +272,8 @@ class ProcessTestCase(BaseTestCase): +@@ -278,7 +278,8 @@ class ProcessTestCase(BaseTestCase): "time.sleep(3600)"], # Some heavily loaded buildbots (sparc Debian 3.x) require # this much time to start and print.