Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python311 for openSUSE:Factory 
checked in at 2022-12-09 13:18:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python311 (Old)
 and      /work/SRC/openSUSE:Factory/.python311.new.1835 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python311"

Fri Dec  9 13:18:00 2022 rev:11 rq:1041729 version:3.11.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/python311/python311.changes      2022-11-10 
14:23:40.974824587 +0100
+++ /work/SRC/openSUSE:Factory/.python311.new.1835/python311.changes    
2022-12-09 13:19:21.951506804 +0100
@@ -1,0 +2,360 @@
+Thu Dec  8 14:59:50 UTC 2022 - Matej Cepl <mc...@suse.com>
+
+- Update to 3.11.1:
+  - python -m http.server no longer allows terminal control
+    characters sent within a garbage request to be printed
+    to the stderr server lo This is done by changing the
+    http.server BaseHTTPRequestHandler .log_message method to
+    replace control characters with a \xHH hex escape before
+    printin
+  - Avoid publishing list of active per-interpreter audit hooks
+    via the gc module
+  - The IDNA codec decoder used on DNS hostnames by socket or
+    asyncio related name resolution functions no longer involves
+    a quadratic algorithm. This prevents a potential CPU denial
+    of service if an out-of-spec excessive length hostname
+    involving bidirectional characters were decoded. Some
+    protocols such as urllib http 3xx redirects potentially allow
+    for an attacker to supply such a name (CVE-2022-45061).
+  - Update bundled libexpat to 2.5.0
+  - Fix a shell code injection vulnerability in the
+    get-remote-certificate.py example script. The script no
+    longer uses a shell to run openssl commands. Issue reported
+    and initial fix by Caleb Shortt. Patch by Victor Stinner.
+  - Fix a crash when an object which does not have a dictionary
+    frees its instance values.
+  - Fix a bug in the tokenizer that could cause infinite
+    recursion when showing syntax warnings that happen in the
+    first line of the source. Patch by Pablo Galindo
+  - Fix an issue that could cause frames to be visible to Python
+    code as they are being torn down, possibly leading to memory
+    corruption or hard crashes of the interpreter.
+  - Fix a reference bug in _imp.create_builtin() after the
+    creation of the first sub-interpreter for modules builtins
+    and sys. Patch by Victor Stinner.
+  - Fixed a bug that was causing a buffer overflow if the
+    tokenizer copies a line missing the newline caracter from a
+    file that is as long as the available tokenizer buffer. Patch
+    by Pablo galindo
+  - Fix bug where an ExceptionGroup subclass can wrap a
+    BaseException.
+  - Fix zip path for venv created from a non-installed python on
+    POSIX platforms.
+  - Fix an issue that could potentially cause incorrect error
+    handling for some bytecode instructions.
+  - Fix an issue that prevented PyThreadState and
+    PyInterpreterState memory from being freed properly.
+  - Fix failure in except* with unhashable exceptions.
+  - Fix calculation of sys._base_executable when inside a POSIX
+    virtual environment using copies of the python binary when
+    the base installation does not provide the executable name
+    used by the venv. Calculation will fall back to alternative
+    names (“python<MAJOR>”, “python<MAJOR>.<MINOR>”).
+  - Update faulthandler to emit an error message with the proper
+    unexpected signal number. Patch by Dong-hee Na.
+  - Fix location of SyntaxError for a try block with both except
+    and except*.
+  - Fix the error reporting positions of specialized traceback
+    anchors when the source line contains Unicode characters.
+  - Fix subscription of type aliases containing bare generic
+    types or types like TypeVar: for example tuple[A, T][int] and
+    tuple[TypeVar, T][int], where A is a generic type, and T is a
+    type variable.
+  - Lower the recursion depth for marshal on WASI to support
+    wasmtime 2.0/main.
+  - Fix multiple crashes in debug mode when str subclasses are
+    used instead of str itself.
+  - Fix an issue where member descriptors (such as those for
+    __slots__) could behave incorrectly or crash instead of
+    raising a TypeError when accessed via an instance of an
+    invalid type.
+  - Suppress ImportError for invalid query for help()
+    command. Patch by Dong-hee Na.
+  - Fix detection of MAC addresses for uuid on certain OSs. Patch
+    by Chaim Sanders
+  - Print exception class name instead of its string
+    representation when raising errors from ctypes calls.
+  - os.sched_yield() now release the GIL while calling
+    sched_yield(2). Patch by Dong-hee Na.
+  - Fix an issue that could delay the specialization of PRECALL
+    instructions.
+  - Bugfix: PyFunction_GetAnnotations() should return a borrowed
+    reference. It was returning a new reference.
+  - Ensure that all Python frame objects are backed by “complete”
+    frames.
+  - Fixed a missing incref/decref pair in
+    Exception.__setstate__(). Patch by Ofey Chan.
+  - Fix the Python path configuration used to initialized
+    sys.path at Python startup. Paths are no longer encoded
+    to UTF-8/strict to avoid encoding errors if it contains
+    surrogate characters (bytes paths are decoded with the
+    surrogateescape error handler). Patch by Victor Stinner.
+  - Fix overly-broad source position information for chained
+    comparisons used as branching conditions.
+  - At Python exit, sometimes a thread holding the GIL can
+    wait forever for a thread (usually a daemon thread) which
+    requested to drop the GIL, whereas the thread already
+    exited. To fix the race condition, the thread which requested
+    the GIL drop now resets its request before exiting. Issue
+    discovered and analyzed by Mingliang ZHAO. Patch by Victor
+    Stinner.
+  - Fix a possible assertion failure, fatal error, or SystemError
+    if a line tracing event raises an exception while opcode
+    tracing is enabled.
+  - Fix undefined behaviour in C code of null pointer arithmetic.
+  - Make sure that all frame objects created are created from
+    valid interpreter frames. Prevents the possibility of invalid
+    frames in backtraces and signal handlers.
+  - Disable incorrect pickling of the C implemented classmethod
+    descriptors.
+  - On WASI ENOTCAPABLE is now mapped to PermissionError. The
+    errno modules exposes the new error number. getpath.py now
+    ignores PermissionError when it cannot open landmark files
+    pybuilddir.txt and pyenv.cfg.
+  - Allow pdb to locate source for frozen modules in the standard
+    library.
+  - Raise ValueError instead of SystemError when methods of
+    uninitialized io.IncrementalNewlineDecoder objects are
+    called. Patch by Oren Milman.
+  - Fix a possible assertion failure in io.FileIO when the opener
+    returns an invalid file descriptor.
+  - Also escape s in the http.server
+    BaseHTTPRequestHandler.log_message so that it is technically
+    possible to parse the line and reconstruct what the original
+    data was. Without this a xHH is ambiguious as to if it is a
+    hex replacement we put in or the characters r”x” came through
+    in the original request line.
+  - asyncio.get_event_loop() now only emits a deprecation warning
+    when a new event loop was created implicitly. It no longer
+    emits a deprecation warning if the current event loop was
+    set.
+  - Fix bug when calling trace.CoverageResults with valid infile.
+  - Fix a bug in handling class cleanups in
+    unittest.TestCase. Now addClassCleanup() uses separate lists
+    for different TestCase subclasses, and doClassCleanups() only
+    cleans up the particular class.
+  - Release the GIL when calling termios APIs to avoid blocking
+    threads.
+  - Fix ast.increment_lineno() to also cover ast.TypeIgnore when
+    changing line numbers.
+  - Fix bug in urllib.parse.urlparse() that causes URL schemes
+    that begin with a digit, a plus sign, or a minus sign to be
+    parsed incorrectly.
+  - Check the number of arguments in substitution in user
+    generics containing a TypeVarTuple and one or more TypeVar.
+  - Fix substitution of ParamSpec followed by TypeVarTuple in
+    generic aliases.
+  - Fix substitution of TypeVarTuple and ParamSpec together in
+    user generics.
+  - Fixed bug where inspect.signature() reported incorrect
+    arguments for decorated methods.
+  - Fix SystemError in ctypes when exception was not set during
+    __initsubclass__.
+  - Remove older version of
+    _SSLProtocolTransport.get_write_buffer_limits in
+    asyncio.sslproto
+  - fix negative numbers failing in verify()
+  - Fix statistics.NormalDist pickle with 0 and 1 protocols.
+  - enum.auto() is now correctly activated when combined with
+    other assignment values. E.g. ONE = auto(), 'some text' will
+    now evaluate as (1, 'some text').
+  - Update the bundled copy of pip to version 22.3.1.
+  - Clean up refleak on failed module initialisation in _zoneinfo
+  - Clean up refleaks on failed module initialisation in in
+    _pickle
+  - Clean up refleak on failed module initialisation in _io.
+  - Fix memory leak in math.dist() when both points don’t have
+    the same dimension. Patch by Kumar Aditya.
+  - [3.11] Applied changes from importlib_metadata 4.11.4
+    through 4.13, including compatibility and robustness
+    fixes for Distribution objects without _normalized_name,
+    disallowing invalid inputs to Distribution.from_name, and
+    refined behaviors in PathDistribution._name_from_stem and
+    PathDistribution._normalized_name.
+  - Fix argument typechecks in _overlapped.WSAConnect() and
+    _overlapped.Overlapped.WSASendTo() functions.
+  - Prevent crashing in traceback when retrieving the byte-offset
+    for some source files that contain certain unicode
+    characters.
+  - Fix internal error in the re module which in very rare
+    circumstances prevented compilation of a regular expression
+    containing a conditional expression without the “else”
+    branch.
+  - Fix asyncio.StreamWriter.drain() to call
+    protocol.connection_lost callback only once on Windows.
+  - Add a mutex to unittest.mock.NonCallableMock to protect
+    concurrent access to mock attributes.
+  - Fix hang on Windows in subprocess.wait_closed() in asyncio
+    with ProactorEventLoop. Patch by Kumar Aditya.
+  - Fix infinite loop in unittest when a self-referencing chained
+    exception is raised
+  - tkinter.Text.count() raises now an exception for options
+    starting with “-” instead of silently ignoring them.
+  - On uname_result, restored expectation that _fields and
+    _asdict would include all six properties including processor.
+  - A createSocket() method was added to SysLogHandler.
+  - Fix bug in urllib.parse.urlparse() that causes certain port
+    numbers containing whitespace, underscores, plus and minus
++++ 163 more lines (skipped)
++++ between /work/SRC/openSUSE:Factory/python311/python311.changes
++++ and /work/SRC/openSUSE:Factory/.python311.new.1835/python311.changes

Old:
----
  98437-sphinx.locale._-as-gettext-in-pyspecific.patch
  CVE-2022-45061-DoS-by-IDNA-decode.patch
  Python-3.11.0.tar.xz
  Python-3.11.0.tar.xz.asc

New:
----
  Python-3.11.1.tar.xz
  Python-3.11.1.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python311.spec ++++++
--- /var/tmp/diff_new_pack.w0diFv/_old  2022-12-09 13:19:22.663510587 +0100
+++ /var/tmp/diff_new_pack.w0diFv/_new  2022-12-09 13:19:22.663510587 +0100
@@ -67,7 +67,7 @@
 %define tarversion %{version}
 %endif
 # We don't process beta signs well
-%define         folderversion 3.11.0
+%define         folderversion %{tarversion}
 %define         tarname    Python-%{tarversion}
 %define         sitedir         %{_libdir}/python%{python_version}
 # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
@@ -103,7 +103,7 @@
 %define dynlib() 
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 %bcond_without profileopt
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.11.0
+Version:        3.11.1
 Release:        0
 Summary:        Python 3 Interpreter
 License:        Python-2.0
@@ -166,12 +166,6 @@
 # PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 
mc...@suse.com
 # Makes Python resilient to changes of API of libexpat
 Patch36:        support-expat-CVE-2022-25236-patched.patch
-# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch 
gh#python/cpython#98366 mc...@suse.com
-# this patch makes things totally awesome
-Patch37:        98437-sphinx.locale._-as-gettext-in-pyspecific.patch
-# PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244 
mc...@suse.com
-# Avoid DoS by decoding IDNA for too long domain names
-Patch38:        CVE-2022-45061-DoS-by-IDNA-decode.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -438,8 +432,6 @@
 %endif
 %patch35 -p1
 %patch36 -p1
-%patch37 -p1
-%patch38 -p1
 
 # drop Autoconf version requirement
 sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac

++++++ Python-3.11.0.tar.xz -> Python-3.11.1.tar.xz ++++++
/work/SRC/openSUSE:Factory/python311/Python-3.11.0.tar.xz 
/work/SRC/openSUSE:Factory/.python311.new.1835/Python-3.11.1.tar.xz differ: 
char 26, line 1

++++++ bpo-31046_ensurepip_honours_prefix.patch ++++++
--- /var/tmp/diff_new_pack.w0diFv/_old  2022-12-09 13:19:22.779511203 +0100
+++ /var/tmp/diff_new_pack.w0diFv/_new  2022-12-09 13:19:22.783511224 +0100
@@ -15,7 +15,7 @@
 
 --- a/Doc/library/ensurepip.rst
 +++ b/Doc/library/ensurepip.rst
-@@ -57,8 +57,9 @@ is at least as recent as the one availab
+@@ -59,8 +59,9 @@ is at least as recent as the one availab
  By default, ``pip`` is installed into the current virtual environment
  (if one is active) or into the system site packages (if there is no
  active virtual environment). The installation location can be controlled
@@ -26,7 +26,7 @@
  * ``--root <dir>``: Installs ``pip`` relative to the given root directory
    rather than the root of the currently active virtual environment (if any)
    or the default root for the current Python installation.
-@@ -90,7 +91,7 @@ Module API
+@@ -92,7 +93,7 @@ Module API
     Returns a string specifying the available version of pip that will be
     installed when bootstrapping an environment.
  
@@ -35,7 +35,7 @@
                          altinstall=False, default_pip=False, \
                          verbosity=0)
  
-@@ -100,6 +101,8 @@ Module API
+@@ -102,6 +103,8 @@ Module API
     If *root* is ``None``, then installation uses the default install location
     for the current environment.
  
@@ -44,7 +44,7 @@
     *upgrade* indicates whether or not to upgrade an existing installation
     of an earlier version of ``pip`` to the available version.
  
-@@ -120,6 +123,8 @@ Module API
+@@ -122,6 +125,8 @@ Module API
     *verbosity* controls the level of output to :data:`sys.stdout` from the
     bootstrapping operation.
  
@@ -139,7 +139,7 @@
  
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -1751,7 +1751,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni
+@@ -1756,7 +1756,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni
                        install|*) ensurepip="" ;; \
                esac; \
                $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \
@@ -148,7 +148,7 @@
        fi
  
  altinstall: commoninstall
-@@ -1761,7 +1761,7 @@ altinstall: commoninstall
+@@ -1766,7 +1766,7 @@ altinstall: commoninstall
                        install|*) ensurepip="--altinstall" ;; \
                esac; \
                $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \

++++++ fix_configure_rst.patch ++++++
--- /var/tmp/diff_new_pack.w0diFv/_old  2022-12-09 13:19:22.795511287 +0100
+++ /var/tmp/diff_new_pack.w0diFv/_new  2022-12-09 13:19:22.799511309 +0100
@@ -29,7 +29,7 @@
     Create a Python.framework rather than a traditional Unix install. Optional
 --- a/Misc/NEWS
 +++ b/Misc/NEWS
-@@ -6768,7 +6768,7 @@ C API
+@@ -7355,7 +7355,7 @@ C API
  - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
  
  - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name

++++++ python-3.3.0b1-fix_date_time_compiler.patch ++++++
--- /var/tmp/diff_new_pack.w0diFv/_old  2022-12-09 13:19:22.883511755 +0100
+++ /var/tmp/diff_new_pack.w0diFv/_new  2022-12-09 13:19:22.891511798 +0100
@@ -4,7 +4,7 @@
 
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -1234,11 +1234,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \
+@@ -1235,11 +1235,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \
                $(DTRACE_OBJS) \
                $(srcdir)/Modules/getbuildinfo.c
        $(CC) -c $(PY_CORE_CFLAGS) \


++++++ subprocess-raise-timeout.patch ++++++
--- /var/tmp/diff_new_pack.w0diFv/_old  2022-12-09 13:19:22.943512074 +0100
+++ /var/tmp/diff_new_pack.w0diFv/_new  2022-12-09 13:19:22.943512074 +0100
@@ -4,7 +4,7 @@
 
 --- a/Lib/test/test_subprocess.py
 +++ b/Lib/test/test_subprocess.py
-@@ -272,7 +272,8 @@ class ProcessTestCase(BaseTestCase):
+@@ -278,7 +278,8 @@ class ProcessTestCase(BaseTestCase):
                       "time.sleep(3600)"],
                      # Some heavily loaded buildbots (sparc Debian 3.x) require
                      # this much time to start and print.

Reply via email to