Revisions of python312
buildservice-autocommit
accepted
request 1168659
from
Matej Cepl (mcepl)
(revision 46)
Matej Cepl (mcepl)
(revision 46)
baserev update by copy to link target
Matej Cepl (mcepl)
accepted
request 1168530
from
Daniel Garcia (dgarcia)
(revision 45)
- Add CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to fix tests with patched libexpat below 2.6.0 that doesn't update the version number, just in 15.6. - Drop libexpat260.patch, not needed anymore. This patch is merged with the CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to keep working on 15.6. - Add fix-test-recursion-limit-15.6.patch, gh#python/cpython#115083.
Matej Cepl (mcepl)
committed
(revision 43)
- Update to 3.12.3:
- Security¶
- gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
(CVE-2023-52425, bsc#1219559) by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
- gh-115399: Update bundled libexpat to 2.6.0 (bsc#1222075)
- gh-115243: Fix possible crashes in
collections.deque.index() when the deque is concurrently
modified.
- gh-114572: ssl.SSLContext.cert_store_stats() and
ssl.SSLContext.get_ca_certs() now correctly lock access to
the certificate store, when the ssl.SSLContext is shared
across multiple threads.
- Core and Builtins
- gh-109120: Added handle of incorrect star expressions, e.g
f(3, *). Patch by Grigoryev Semyon
- gh-99108: Updated the hashlib built-in HACL* project C code
from upstream that we use for many implementations when
they are not present via OpenSSL in a given build. This
also avoids the rare potential for a C symbol name one
definition rule linking issue.
- gh-116735: For INSTRUMENTED_CALL_FUNCTION_EX, set arg0 to
sys.monitoring.MISSING instead of None for CALL event.
- gh-113964: Starting new threads and process creation
through os.fork() are now only prevented once all
non-daemon threads exit.
buildservice-autocommit
accepted
request 1157646
from
Factory Maintainer (factory-maintainer)
(revision 42)
Factory Maintainer (factory-maintainer)
(revision 42)
baserev update by copy to link target
Matej Cepl (mcepl)
accepted
request 1155683
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 41)
buildservice-autocommit
accepted
request 1153616
from
Matej Cepl (mcepl)
(revision 40)
Matej Cepl (mcepl)
(revision 40)
baserev update by copy to link target
Matej Cepl (mcepl)
committed
(revision 39)
- (bsc#1219666, CVE-2023-6597) Add CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from gh#python/cpython!99930) fixing symlink bug in cleanup of tempfile.TemporaryDirectory.
buildservice-autocommit
accepted
request 1148455
from
Matej Cepl (mcepl)
(revision 38)
Matej Cepl (mcepl)
(revision 38)
baserev update by copy to link target
Matej Cepl (mcepl)
committed
(revision 37)
- Switch to %%autopatch. Let’s try it as an experiment, and if we
need conditional patch, we should put condition inside of it.
- Remove double definition of /usr/bin/idle%%{version} in
%%files.
buildservice-autocommit
accepted
request 1146839
from
Matej Cepl (mcepl)
(revision 36)
Matej Cepl (mcepl)
(revision 36)
baserev update by copy to link target
Matej Cepl (mcepl)
accepted
request 1146789
from
Daniel Garcia (dgarcia)
(revision 35)
- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser with Expat 2.6.0, gh#python/cpython#115288
Matej Cepl (mcepl)
committed
(revision 33)
- (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which rejects malformed addresses in email.parseaddr() (gh#python/cpython!111116) Detect email address parsing errors and return empty tuple to indicate the parsing error (old API). Add an optional 'strict' parameter to getaddresses() and parseaddr() functions. Patch by Thomas Dwyer.
buildservice-autocommit
accepted
request 1145177
from
Matej Cepl (mcepl)
(revision 32)
Matej Cepl (mcepl)
(revision 32)
baserev update by copy to link target
Matej Cepl (mcepl)
accepted
request 1145175
from
Daniel Garcia (dgarcia)
(revision 31)
- Update to 3.12.2:
- Security
- gh-113659: Skip .pth files with names starting with a dot or
hidden file attribute.
- Core and Builtins
- gh-114887: Changed socket type validation in
create_datagram_endpoint() to accept all non-stream sockets.
This fixes a regression in compatibility with raw sockets.
- gh-114388: Fix a RuntimeWarning emitted when assign an
integer-like value that is not an instance of int to an
attribute that corresponds to a C struct member of type T_UINT
and T_ULONG. Fix a double RuntimeWarning emitted when assign a
negative integer value to an attribute that corresponds to a C
struct member of type T_UINT.
- gh-113703: Fix a regression in the codeop module that was
causing it to incorrectly identify incomplete f-strings. Patch
by Pablo Galindo
- gh-89811: Check for a valid tp_version_tag before performing
bytecode specializations that rely on this value being usable.
- gh-113602: Fix an error that was causing the parser to try to
overwrite existing errors and crashing in the process. Patch by
Pablo Galindo
- gh-113297: Fix segfault in the compiler on with statement with
19 context managers.
- gh-106905: Use per AST-parser state rather than global state to
track recursion depth within the AST parser to prevent potential
race condition due to simultaneous parsing.
- The issue primarily showed up in 3.11 by multithreaded users of
ast.parse(). In 3.12 a change to when garbage collection can be
triggered prevented the race condition from occurring.
- gh-112943: Correctly compute end column offsets for multiline
tokens in the tokenize module. Patch by Pablo Galindo
- gh-112716: Fix SystemError in the import statement and in
__reduce__() methods of builtin types when __builtins__ is not a
dict.
- gh-94606: Fix UnicodeEncodeError when
email.message.get_payload() reads a message with a Unicode
surrogate character and the message content is not well-formed
for surrogateescape encoding. Patch by Sidney Markowitz.
- Library
- gh-114965: Update bundled pip to 24.0
- gh-114959: tarfile no longer ignores errors when trying to
extract a directory on top of a file.
- gh-109475: Fix support of explicit option value “–” in argparse
(e.g. --option=--).
- gh-110190: Fix ctypes structs with array on Windows ARM64
platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by
Diego Russo
- gh-113280: Fix a leak of open socket in rare cases when error
occurred in ssl.SSLSocket creation.
- gh-77749: email.policy.EmailPolicy.fold() now always encodes
non-ASCII characters in headers if utf8 is false.
- gh-114492: Make the result of termios.tcgetattr() reproducible
on Alpine Linux. Previously it could leave a random garbage in
some fields.
- gh-113267: Revert changes in gh-106584 which made calls of
TestResult methods startTest() and stopTest() unbalanced.
- gh-75128: Ignore an OSError in
asyncio.BaseEventLoop.create_server() when IPv6 is available but
the interface cannot actually support it.
- gh-114257: Dismiss the FileNotFound error in
ctypes.util.find_library() and just return None on Linux.
- gh-114328: The tty.setcbreak() and new tty.cfmakecbreak() no
longer clears the terminal input ICRLF flag. This fixes a
regression introduced in 3.12 that no longer matched how OSes
define cbreak mode in their stty(1) manual pages.
- gh-101438: Avoid reference cycle in ElementTree.iterparse. The
iterator returned by ElementTree.iterparse may hold on to a file
descriptor. The reference cycle prevented prompt clean-up of the
file descriptor if the returned iterator was not exhausted.
- gh-104522: OSError raised when run a subprocess now only has
filename attribute set to cwd if the error was caused by a
failed attempt to change the current directory.
- gh-114149: Enum: correctly handle tuple subclasses in custom
__new__.
- gh-109534: Fix a reference leak in
asyncio.selector_events.BaseSelectorEventLoop when SSL
handshakes fail. Patch contributed by Jamie Phan.
- gh-114077: Fix possible OverflowError in
socket.socket.sendfile() when pass count larger than 2 GiB on
32-bit platform.
- gh-114014: Fixed a bug in fractions.Fraction where an invalid
string using d in the decimals part creates a different error
compared to other invalid letters/characters. Patch by Jeremiah
Gabriel Pascual.
- gh-113951: Fix the behavior of tag_unbind() methods of
tkinter.Text and tkinter.Canvas classes with three arguments.
Previously, widget.tag_unbind(tag, sequence, funcid) destroyed
the current binding for sequence, leaving sequence unbound, and
deleted the funcid command. Now it removes only funcid from the
binding for sequence, keeping other commands, and deletes the
funcid command. It leaves sequence unbound only if funcid was
the last bound command.
- gh-113877: Fix tkinter method winfo_pathname() on 64-bit
Windows.
- gh-113661: unittest runner: Don’t exit 5 if tests were skipped.
The intention of exiting 5 was to detect issues where the test
suite wasn’t discovered at all. If we skipped tests, it was
correctly discovered.
- gh-113781: Silence unraisable AttributeError when warnings are
emitted during Python finalization.
- gh-112932: Restore the ability for zipfile to extractall from
zip files with a “/” directory entry in them as is commonly
added to zips by some wiki or bug tracker data exporters.
- gh-113594: Fix UnicodeEncodeError in email when re-fold lines
that contain unknown-8bit encoded part followed by
non-unknown-8bit encoded part.
- gh-113538: In asyncio.StreamReaderProtocol.connection_made(),
there is callback that logs an error if the task wrapping the
“connected callback” fails. This callback would itself fail if
the task was cancelled. Prevent this by checking whether the
task was cancelled first. If so, close the transport but don’t
log an error.
- gh-85567: Fix resource warnings for unclosed files in pickle and
pickletools command line interfaces.
- gh-101225: Increase the backlog for
multiprocessing.connection.Listener objects created by
multiprocessing.manager and multiprocessing.resource_sharer to
significantly reduce the risk of getting a connection refused
error when creating a multiprocessing.connection.Connection to
them.
- gh-113543: Make sure that webbrowser.MacOSXOSAScript sends
webbrowser.open audit event.
- gh-113028: When a second reference to a string appears in the
input to pickle, and the Python implementation is in use, we are
guaranteed that a single copy gets pickled and a single object
is shared when reloaded. Previously, in protocol 0, when a
string contained certain characters (e.g. newline) it resulted
in duplicate objects.
- gh-113421: Fix multiprocessing logger for %(filename)s.
- gh-111784: Fix segfaults in the _elementtree module. Fix first
segfault during deallocation of _elementtree.XMLParser instances
by keeping strong reference to pyexpat module in module state
for capsule lifetime. Fix second segfault which happens in the
same deallocation process by keeping strong reference to
_elementtree module in XMLParser structure for _elementtree
module lifetime.
- gh-113407: Fix import of unittest.mock when CPython is built
without docstrings.
- gh-113320: Fix regression in Python 3.12 where Protocol classes
that were not marked as runtime-checkable would be unnecessarily
introspected, potentially causing exceptions to be raised if the
protocol had problematic members. Patch by Alex Waygood.
- gh-113358: Fix rendering tracebacks for exceptions with a broken
__getattr__.
- gh-113214: Fix an AttributeError during asyncio SSL protocol
aborts in SSL-over-SSL scenarios.
- gh-113246: Update bundled pip to 23.3.2.
- gh-113199: Make http.client.HTTPResponse.read1 and
http.client.HTTPResponse.readline close IO after reading all
data when content length is known. Patch by Illia Volochii.
- gh-113188: Fix shutil.copymode() and shutil.copystat() on
Windows. Previously they worked differenly if dst is a symbolic
link: they modified the permission bits of dst itself rather
than the file it points to if follow_symlinks is true or src is
not a symbolic link, and did not modify the permission bits if
follow_symlinks is false and src is a symbolic link.
- gh-61648: Detect line numbers of properties in doctests.
- gh-112559: signal.signal() and signal.getsignal() no longer call
repr on callable handlers. asyncio.run() and
asyncio.Runner.run() no longer call repr on the task results.
Patch by Yilei Yang.
- gh-110190: Fix ctypes structs with array on PPC64LE platform by
setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo.
- gh-79429: Ignore FileNotFoundError when remove a temporary
directory in the multiprocessing finalizer.
- gh-81194: Fix a crash in socket.if_indextoname() with specific
value (UINT_MAX). Fix an integer overflow in
socket.if_indextoname() on 64-bit non-Windows platforms.
- gh-112343: Improve handling of pdb convenience variables to
avoid replacing string contents.
- gh-111615: Fix a regression caused by a fix to gh-93162 whereby
you couldn’t configure a QueueHandler without specifying
handlers.
- gh-111049: Fix crash during garbage collection of the io.BytesIO
buffer object.
- gh-110345: Show the Tcl/Tk patchlevel (rather than version) in
tkinter._test().
- gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now
raises BadZipFile when try to read an entry that overlaps with
other entry or central directory.
- gh-114440: On Windows, closing the connection writer when
cleaning up a broken multiprocessing.Queue queue is now done for
all queues, rather than only in concurrent.futures manager
thread. This can prevent a deadlock when a multiprocessing
worker process terminates without cleaning up. This completes
the backport of patches by Victor Stinner and Serhiy Storchaka.
- gh-38807: Fix race condition in trace. Instead of checking if a
directory exists and creating it, directly call os.makedirs()
with the kwarg exist_ok=True.
- gh-75705: Set unixfrom envelope in mailbox.mbox and
mailbox.MMDF.
- gh-106233: Fix stacklevel in InvalidTZPathWarning during
zoneinfo module import.
- gh-105102: Allow ctypes.Union to be nested in ctypes.Structure
when the system endianness is the opposite of the classes.
- gh-104282: Fix null pointer dereference in
lzma._decode_filter_properties() due to improper handling of BCJ
filters with properties of zero length. Patch by Radislav
Chugunov.
- gh-102512: When os.fork() is called from a foreign thread (aka
_DummyThread), the type of the thread in a child process is
changed to _MainThread. Also changed its name and daemonic
status, it can be now joined.
- bpo-35928: io.TextIOWrapper now correctly handles the decoding
buffer after read() and write().
- bpo-26791: shutil.move() now moves a symlink into a directory
when that directory is the target of the symlink. This provides
the same behavior as the mv shell command. The previous behavior
raised an exception. Patch by Jeffrey Kintscher.
- bpo-36959: Fix some error messages for invalid ISO format string
combinations in strptime() that referred to directives not
contained in the format string. Patch by Gordon P. Hemsley.
- bpo-18060: Fixed a class inheritance issue that can cause
segfaults when deriving two or more levels of subclasses from a
base class of Structure or Union.
- Documentation
- gh-110746: Improved markup for valid options/values for methods
ttk.treeview.column and ttk.treeview.heading, and for Layouts.
- gh-95649: Document that the asyncio module contains code taken
from v0.16.0 of the uvloop project, as well as the required MIT
licensing information.
- Tests
- gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS,
where system tar can include more information in the archive
than shutil.make_archive.
- gh-105089: Fix
test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write
test in AIX by doing a bitwise AND of 0xFFFF on mode , so that
it will be in sync with zinfo.external_attr
- bpo-40648: Test modes that file can get with chmod() on Windows.
- Build
- gh-112305: Fixed the check-clean-src step performed on out of
tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h
files and recommend appropriate source tree cleanup steps to get
a working build again.
- gh-112867: Fix the build for the case that
WITH_PYMALLOC_RADIX_TREE=0 set.
- bpo-11102: The os.major(), os.makedev(), and os.minor()
functions are now available on HP-UX v3.
- bpo-36351: Do not set ipv6type when cross-compiling.
- IDLE
- gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and
‘object’.
- gh-72284: Improve the lists of features, editor key bindings,
and shell key bingings in the IDLE doc.
- gh-113903: Fix rare failure of test.test_idle, in
test_configdialog.
- gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and
3.12.1.
- gh-113269: Fix test_editor hang on macOS Catalina.
- gh-112898: Fix processing unsaved files when quitting IDLE on
macOS.
- gh-103820: Revise IDLE bindings so that events from mouse button
4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not
mistaken for scrolling.
- bpo-13586: Enter the selected text when opening the “Replace”
dialog.
- Tools/Demos
- gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and
multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.
- gh-115015: Fix a bug in Argument Clinic that generated incorrect
code for methods with no parameters that use the METH_METHOD |
METH_FASTCALL | METH_KEYWORDS calling convention. Only the
positional parameter count was checked; any keyword argument
passed would be silently accepted.
- Refresh patches:
- bpo-31046_ensurepip_honours_prefix.patch
- fix_configure_rst.patch
- no-skipif-doctests.patch
- python-3.3.0b1-fix_date_time_compiler.patch
- python-3.3.0b1-localpath.patch
- python-3.3.0b1-test-posix_fadvise.patch
- skip-test_pyobject_freed_is_freed.patch
- subprocess-raise-timeout.patch
buildservice-autocommit
accepted
request 1133398
from
Daniel Garcia (dgarcia)
(revision 30)
Daniel Garcia (dgarcia)
(revision 30)
baserev update by copy to link target
Daniel Garcia (dgarcia)
committed
(revision 29)
- Update patch fix_configure_rst.patch
- Update to 3.12.1 (CVE-2023-6507, bsc#1217939):
- Core and Builtins
- gh-112125: Fix None.__ne__(None) returning NotImplemented
instead of False
- gh-112625: Fixes a bug where a bytearray object could be
cleared while iterating over an argument in the
bytearray.join() method that could result in reading memory
after it was freed.
- gh-105967: Workaround a bug in Apple’s macOS platform zlib
library where zlib.crc32() and binascii.crc32() could produce
incorrect results on multi-gigabyte inputs. Including when
using zipfile on zips containing large data.
- gh-112356: Stopped erroneously deleting a LOAD_NULL bytecode
instruction when optimized twice.
- gh-111058: Change coro.cr_frame/gen.gi_frame to return None
after the coroutine/generator has been closed. This fixes a bug
where getcoroutinestate() and getgeneratorstate() return the
wrong state for a closed coroutine/generator.
- gh-112388: Fix an error that was causing the parser to try to
overwrite tokenizer errors. Patch by pablo Galindo
- gh-112387: Fix error positions for decoded strings with
backwards tokenize errors. Patch by Pablo Galindo
- gh-112367: Avoid undefined behaviour when using the perf
trampolines by not freeing the code arenas until shutdown.
Patch by Pablo Galindo
- gh-112243: Don’t include comments in f-string debug
expressions. Patch by Pablo Galindo
- gh-112266: Change docstrings of __dict__ and __weakref__.
- gh-111654: Fix runtime crash when some error happens in opcode
buildservice-autocommit
accepted
request 1126824
from
Daniel Garcia (dgarcia)
(revision 28)
Daniel Garcia (dgarcia)
(revision 28)
baserev update by copy to link target
Daniel Garcia (dgarcia)
committed
(revision 27)
- Remove F00251-change-user-install-location.patch, that patch breaks the python-rpm-macros usage with multibuild
Displaying revisions 1 - 20 of 46
