-
Notifications
You must be signed in to change notification settings - Fork 4
/
.rev
793 lines (790 loc) · 33.4 KB
/
.rev
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
<revisionlist>
<revision rev="1" vrev="1">
<srcmd5>b7e6d74cefa085d3150c319932991ffa</srcmd5>
<version>3.10.0rc1</version>
<time>1628758148</time>
<user>RBrownSUSE</user>
<comment>DO NOT SWITCH ON BUILDING OF PYTHON310-* PACKAGES YET!</comment>
<requestid>911469</requestid>
</revision>
<revision rev="2" vrev="2">
<srcmd5>2b58758aa659d596aa7f9662df83d555</srcmd5>
<version>3.10.0rc1</version>
<time>1629101488</time>
<user>RBrownSUSE</user>
<comment></comment>
<requestid>911981</requestid>
</revision>
<revision rev="3" vrev="3">
<srcmd5>f2f1f5053e93792219dc38e629171b21</srcmd5>
<version>3.10.0rc1</version>
<time>1630265635</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>914825</requestid>
</revision>
<revision rev="4" vrev="4">
<srcmd5>f3198445765383e5ab5e18c29712f176</srcmd5>
<version>3.10.0rc1</version>
<time>1630697166</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>915061</requestid>
</revision>
<revision rev="5" vrev="1">
<srcmd5>0967f3a60f1e0bd1f612443bcb76623a</srcmd5>
<version>3.10.0</version>
<time>1633542590</time>
<user>dimstar_suse</user>
<comment>- Final release of 3.10.0:
Complete list on https://www.python.org/downloads/release/python-3100/,
but highlights are:
- PEP 623 – Deprecate and prepare for the removal of the wstr
member in PyUnicodeObject.
- PEP 604 – Allow writing union types as X | Y
- PEP 612 – Parameter Specification Variables
- PEP 626 – Precise line numbers for debugging and other
tools.
- PEP 618 – Add Optional Length-Checking To zip.
- PEP 632 – Deprecate distutils module.
- PEP 613 – Explicit Type Aliases
- PEP 634 – Structural Pattern Matching: Specification
- PEP 635 – Structural Pattern Matching: Motivation and
Rationale
- PEP 636 – Structural Pattern Matching: Tutorial
- PEP 644 – Require OpenSSL 1.1.1 or newer
- PEP 624 – Remove Py_UNICODE encoder APIs
- PEP 597 – Add optional EncodingWarning
- bpo-12782: Parenthesized context managers are now officially
allowed.
</comment>
<requestid>923364</requestid>
</revision>
<revision rev="6" vrev="2">
<srcmd5>c316605a8d414aa5c200ff6ff33d1384</srcmd5>
<version>3.10.0</version>
<time>1634141187</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>925075</requestid>
</revision>
<revision rev="7" vrev="3">
<srcmd5>e50ba946cc9fa4c2944cb7733a285d54</srcmd5>
<version>3.10.0</version>
<time>1637108064</time>
<user>dimstar_suse</user>
<comment>- Move rpm-build-python construct to correct place.</comment>
<requestid>931817</requestid>
</revision>
<revision rev="8" vrev="4">
<srcmd5>fae1c7e625804d16943cf40eb07a64b1</srcmd5>
<version>3.10.0</version>
<time>1638480624</time>
<user>dimstar_suse</user>
<comment>- Add pdb_adjust_breakpoints.patch fixing expectd results in
test_pdb_breakpoints_preserved_across_interactive_sessions
(bpo#45964).
- Remove shebangs from from python-base libraries in _libdir
(bsc#1193179).
- Readjust patches:
- bpo-31046_ensurepip_honours_prefix.patch
- decimal.patch
- python-3.3.0b1-fix_date_time_compiler.patch
</comment>
<requestid>935211</requestid>
</revision>
<revision rev="9" vrev="5">
<srcmd5>15c4a4e2af0db9aebfa80920127bc0bd</srcmd5>
<version>3.10.0</version>
<time>1638740766</time>
<user>dimstar_suse</user>
<comment>- Remove pdb_adjust_breakpoints.patch and instead just adjust location
of the test breakpoint in Lib/test/test_pdb.py via sed, because we
have shortened Lib/pdb.py by removing the shebang (bpo#45964).</comment>
<requestid>935695</requestid>
</revision>
<revision rev="10" vrev="1">
<srcmd5>66aee5ced4b564d43a769e70b064ba8b</srcmd5>
<version>3.10.1</version>
<time>1638997771</time>
<user>dimstar_suse</user>
<comment>- Upgrade to 3.10.1:
- PEP 623 – Deprecate and prepare for the removal of the wstr
member in PyUnicodeObject.
- PEP 604 – Allow writing union types as X | Y
- PEP 612 – Parameter Specification Variables
- PEP 626 – Precise line numbers for debugging and other tools.
- PEP 618 – Add Optional Length-Checking To zip.
- bpo-12782: Parenthesized context managers are now officially
allowed.
- PEP 632 – Deprecate distutils module.
- PEP 613 – Explicit Type Aliases
- PEP 634 – Structural Pattern Matching: Specification
- PEP 635 – Structural Pattern Matching: Motivation and
Rationale
- PEP 636 – Structural Pattern Matching: Tutorial
- PEP 644 – Require OpenSSL 1.1.1 or newer
- PEP 624 – Remove Py_UNICODE encoder APIs
- PEP 597 – Add optional EncodingWarning
- Patches readjusted:
- bpo-31046_ensurepip_honours_prefix.patch
- python-3.3.0b1-fix_date_time_compiler.patch
</comment>
<requestid>936508</requestid>
</revision>
<revision rev="11" vrev="1">
<srcmd5>7f87513464ca1f9907a1525f75b7d2e5</srcmd5>
<version>3.10.2</version>
<time>1642951540</time>
<user>dimstar_suse</user>
<comment>THIS SHOULD GO TO STAGING:D (TOGETHER WITH SR#947585)
- Update to 3.10.2:
Bugfix only
- bpo#46347 memory leak in PyEval_EvalCodeEx (especially
visible with Cython code)
- and many others
</comment>
<requestid>947756</requestid>
</revision>
<revision rev="12" vrev="2">
<srcmd5>e9f631ef6d48b7667f041a76539bc1a2</srcmd5>
<version>3.10.2</version>
<time>1643926533</time>
<user>dimstar_suse</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>950519</requestid>
</revision>
<revision rev="13" vrev="3">
<srcmd5>34a8c642ed611841fc8beae020ff367d</srcmd5>
<version>3.10.2</version>
<time>1645629936</time>
<user>dimstar_suse</user>
<comment>- Add patch support-expat-245.patch:
* Support Expat >= 2.4.5</comment>
<requestid>956585</requestid>
</revision>
<revision rev="14" vrev="1">
<srcmd5>730bd32886b6e8ec7fe98c34b86e5bd9</srcmd5>
<version>3.10.4</version>
<time>1648841683</time>
<user>dimstar_suse</user>
<comment>- Update to 3.10.4:
- bpo-46968: Check for the existence of the “sys/auxv.h” header
in faulthandler to avoid compilation problems in systems
where this header doesn’t exist. Patch by Pablo Galindo
- bpo-23691: Protect the re.finditer() iterator from
re-entering.
- bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to
avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception
when reading a ZipFile from multiple threads.
- bpo-38256: Fix binascii.crc32() when it is compiled to use
zlib’c crc32 to work properly on inputs 4+GiB in length
instead of returning the wrong result. The workaround prior
to this was to always feed the function data in increments
smaller than 4GiB or to just call the zlib module function.
- bpo-39394: A warning about inline flags not at the start of
the regular expression now contains the position of the flag.
- bpo-47061: Deprecate the various modules listed by PEP 594:
- aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt,
imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd,
sndhdr, spwd, sunau, telnetlib, uu, xdrlib
- bpo-2604: Fix bug where doctests using globals would fail
when run multiple times.
- bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
- bpo-47022: The asynchat, asyncore and smtpd modules have been
deprecated since at least Python 3.6. Their documentation and
deprecation warnings and have now been updated to note they
will removed in Python 3.12 (PEP 594).
- bpo-46421: Fix a unittest issue where if the command was
invoked as python -m unittest and the filename(s) began with
a dot (.), a ValueError is returned.</comment>
<requestid>965119</requestid>
</revision>
<revision rev="15" vrev="1">
<srcmd5>8597e05f84476b62ebf3c8a73caac4ff</srcmd5>
<version>3.10.5</version>
<time>1655245906</time>
<user>dimstar_suse</user>
<comment>Synchronize the changelog with SLE, so that we can update from Factory.</comment>
<requestid>981085</requestid>
</revision>
<revision rev="16" vrev="2">
<srcmd5>dd78f2086e07ba245c0ccd06dd8da836</srcmd5>
<version>3.10.5</version>
<time>1655972520</time>
<user>dimstar_suse</user>
<comment>- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- Fix building of documentation and the universal configuration of the
%primary_interpreter.
- Switch primary_interpreter from python38 to python310 for
Factory (only)
- (bsc#1196784, CVE-2022-25236) Rename patch:
support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
as it was fully patched against CVE-2022-25236.</comment>
<requestid>983936</requestid>
</revision>
<revision rev="17" vrev="3">
<srcmd5>63da7f44e7102c927be6b5af5425aec4</srcmd5>
<version>3.10.5</version>
<time>1659106018</time>
<user>RBrownFactory</user>
<comment>- Switch from %primary_interpreter to prjconf-defined
%primary_python (gh#openSUSE/python-rpm-macros#127).
</comment>
<requestid>990684</requestid>
</revision>
<revision rev="18" vrev="1">
<srcmd5>eab08a0d39e78bbebf969a3f2be1af13</srcmd5>
<version>3.10.6</version>
<time>1660144340</time>
<user>dimstar_suse</user>
<comment>- Update to 3.10.6:
- gh-87389: http.server: Fix an open redirection vulnerability
in the HTTP server when an URI path starts with //.
Vulnerability discovered, and initial fix proposed, by Hamza
Avvan.
- gh-92888: Fix memoryview use after free when accessing the
backing buffer in certain cases.
- gh-95355: _PyPegen_Parser_New now properly detects token
memory allocation errors. Patch by Honglin Zhu.
- gh-94938: Fix error detection in some builtin functions when
keyword argument name is an instance of a str subclass with
overloaded __eq__ and __hash__. Previously it could cause
SystemError or other undesired behavior.
- gh-94949: ast.parse() will no longer parse parenthesized
context managers when passed feature_version less than
(3, 9). Patch by Shantanu Jain.
- gh-94947: ast.parse() will no longer parse assignment
expressions when passed feature_version less than
(3, 8). Patch by Shantanu Jain.
- gh-94869: Fix the column offsets for some expressions in
multi-line f-strings ast nodes. Patch by Pablo Galindo.
- gh-91153: Fix an issue where a bytearray item assignment
could crash if it’s resized by the new value’s __index__()
method.
- gh-94329: Compile and run code with unpacking of extremely
large sequences (1000s of elements). Such code failed to
compile. It now compiles and runs correctly.
- gh-94360: Fixed a tokenizer crash when reading encoded
files with syntax errors from stdin with non utf-8 encoded
text. Patch by Pablo Galindo
- gh-94192: Fix error for dictionary literals with invalid
expression as value.
- gh-93964: Strengthened compiler overflow checks to prevent
crashes when compiling very large source files.
- gh-93671: Fix some exponential backtrace case happening with
deeply nested sequence patterns in match statements. Patch by
Pablo Galindo
- gh-93021: Fix the __text_signature__ for __get__() methods
implemented in C. Patch by Jelle Zijlstra.
- gh-92930: Fixed a crash in _pickle.c from mutating
collections during __reduce__ or persistent_id.
- gh-92914: Always round the allocated size for lists up to the
nearest even number.
- gh-92858: Improve error message for some suites with syntax
error before ‘:’
- gh-95339: Update bundled pip to 22.2.1.
- gh-95045: Fix GC crash when deallocating _lsprof.Profiler by
untracking it before calling any callbacks. Patch by Kumar
Aditya.
- gh-95087: Fix IndexError in parsing invalid date in the email
module.
- gh-95199: Upgrade bundled setuptools to 63.2.0.
- gh-95194: Upgrade bundled pip to 22.2.
- gh-93899: Fix check for existence of os.EFD_CLOEXEC,
os.EFD_NONBLOCK and os.EFD_SEMAPHORE flags on older kernel
versions where these flags are not present. Patch by Kumar
Aditya.
- gh-95166: Fix concurrent.futures.Executor.map() to cancel the
currently waiting on future on an error - e.g. TimeoutError
or KeyboardInterrupt.
- gh-93157: Fix fileinput module didn’t support errors option
when inplace is true.
- gh-94821: Fix binding of unix socket to empty address
on Linux to use an available address from the abstract
namespace, instead of “0”.
- gh-94736: Fix crash when deallocating an instance of a
subclass of _multiprocessing.SemLock. Patch by Kumar Aditya.
- gh-94637: SSLContext.set_default_verify_paths() now releases
the GIL around SSL_CTX_set_default_verify_paths call. The
function call performs I/O and CPU intensive work.
- gh-94510: Re-entrant calls to sys.setprofile() and
sys.settrace() now raise RuntimeError. Patch by Pablo
Galindo.
- gh-92336: Fix bug where linecache.getline() fails on bad
files with UnicodeDecodeError or SyntaxError. It now returns
an empty string as per the documentation.
- gh-89988: Fix memory leak in pickle.Pickler when looking up
dispatch_table. Patch by Kumar Aditya.
- gh-94254: Fixed types of struct module to be immutable. Patch
by Kumar Aditya.
- gh-94245: Fix pickling and copying of typing.Tuple[()].
- gh-94207: Made _struct.Struct GC-tracked in order to fix a
reference leak in the _struct module.
- gh-94101: Manual instantiation of ssl.SSLSession objects is
no longer allowed as it lead to misconfigured instances that
crashed the interpreter when attributes where accessed on
them.
- gh-84753: inspect.iscoroutinefunction(),
inspect.isgeneratorfunction(), and
inspect.isasyncgenfunction() now properly return True
for duck-typed function-like objects like instances of
unittest.mock.AsyncMock.
- This makes inspect.iscoroutinefunction() consistent with the
behavior of asyncio.iscoroutinefunction(). Patch by Mehdi
ABAAKOUK.
- gh-83499: Fix double closing of file description in tempfile.
- gh-79512: Fixed names and __module__ value of weakref classes
ReferenceType, ProxyType, CallableProxyType. It makes them
pickleable.
- gh-90494: copy.copy() and copy.deepcopy() now always raise
a TypeError if __reduce__() returns a tuple with length 6
instead of silently ignore the 6th item or produce incorrect
result.
- gh-90549: Fix a multiprocessing bug where a global named
resource (such as a semaphore) could leak when a child
process is spawned (as opposed to forked).
- gh-79579: sqlite3 now correctly detects DML queries with
leading comments. Patch by Erlend E. Aasland.
- gh-93421: Update sqlite3.Cursor.rowcount when a DML
statement has run to completion. This fixes the row count
for SQL queries like UPDATE ... RETURNING. Patch by Erlend
E. Aasland.
- gh-91810: Suppress writing an XML declaration in open
files in ElementTree.write() with encoding='unicode' and
xml_declaration=None.
- gh-93353: Fix the importlib.resources.as_file() context
manager to remove the temporary file if destroyed late
during Python finalization: keep a local reference to the
os.remove() function. Patch by Victor Stinner.
- gh-83658: Make multiprocessing.Pool raise an exception if
maxtasksperchild is not None or a positive int.
- gh-74696: shutil.make_archive() no longer temporarily changes
the current working directory during creation of standard
.zip or tar archives.
- gh-91577: Move imports in SharedMemory methods to module
level so that they can be executed late in python
finalization.
- bpo-47231: Fixed an issue with inconsistent trailing slashes
in tarfile longname directories.
- bpo-46755: In QueueHandler, clear stack_info from LogRecord
to prevent stack trace from being written twice.
- bpo-46053: Fix OSS audio support on NetBSD.
- bpo-46197: Fix ensurepip environment isolation for subprocess
running pip.
- bpo-45924: Fix asyncio incorrect traceback when future’s
exception is raised multiple times. Patch by Kumar Aditya.
- bpo-34828: sqlite3.Connection.iterdump() now handles
databases that use AUTOINCREMENT in one or more tables.
- gh-94321: Document the PEP 246 style protocol type
sqlite3.PrepareProtocol.
- gh-86128: Document a limitation in ThreadPoolExecutor where
its exit handler is executed before any handlers in atexit.
- gh-61162: Clarify sqlite3 behavior when Using the connection
as a context manager.
- gh-87260: Align sqlite3 argument specs with the actual
implementation.
- gh-86986: The minimum Sphinx version required to build the
documentation is now 3.2.
- gh-88831: Augmented documentation of
asyncio.create_task(). Clarified the need to keep strong
references to tasks and added a code snippet detailing how to
to this.
- bpo-47161: Document that pathlib.PurePath does not collapse
initial double slashes because they denote UNC paths.
- gh-95280: Fix problem with test_ssl test_get_ciphers on
systems that require perfect forward secrecy (PFS) ciphers.
- gh-95212: Make multiprocessing test case
test_shared_memory_recreate parallel-safe.
- gh-91330: Added more tests for dataclasses to cover behavior
with data descriptor-based fields.
- gh-94208: test_ssl is now checking for supported TLS version
and protocols in more tests.
- gh-93951: In test_bdb.StateTestCase.test_skip, avoid
including auxiliary importers.
- gh-93957: Provide nicer error reporting from subprocesses in
test_venv.EnsurePipTest.test_with_pip.
- gh-57539: Increase calendar test coverage for
calendar.LocaleTextCalendar.formatweekday().
- gh-92886: Fixing tests that fail when running with
optimizations (-O) in test_zipimport.py
- bpo-47016: Create a GitHub Actions workflow for verifying
bundled pip and setuptools. Patch by Illia Volochii and Adam
Turner.
- gh-94841: Fix the possible performance regression of
PyObject_Free() compiled with MSVC version 1932.
- gh-95511: Fix the Shell context menu copy-with-prompts bug of
copying an extra line when one selects whole lines.
- gh-95471: In the Edit menu, move Select All and add a new
separator.
- gh-95411: Enable using IDLE’s module browser with .pyw files.
- gh-89610: Add .pyi as a recognized extension for IDLE on
macOS. This allows opening stub files by double clicking on
them in the Finder.
- gh-94538: Fix Argument Clinic output to custom file
destinations. Patch by Erlend E. Aasland.
- gh-94430: Allow parameters named module and self with custom
C names in Argument Clinic. Patch by Erlend E. Aasland
- gh-94930: Fix SystemError raised when
PyArg_ParseTupleAndKeywords() is used with # in (...) but
without PY_SSIZE_T_CLEAN defined.
- gh-94864: Fix PyArg_Parse* with deprecated format units “u”
and “Z”. It returned 1 (success) when warnings are turned
into exceptions.
- Reapply patches
- bpo-31046_ensurepip_honours_prefix.patch
- fix_configure_rst.patch
- no-skipif-doctests.patch
- skip-test_pyobject_freed_is_freed.patch
</comment>
<requestid>992411</requestid>
</revision>
<revision rev="19" vrev="2">
<srcmd5>3509cb34042dbcab894f20c11c062883</srcmd5>
<version>3.10.6</version>
<time>1661159079</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>998410</requestid>
</revision>
<revision rev="20" vrev="3">
<srcmd5>465fe249cbdac8e57e9d3c832c55c947</srcmd5>
<version>3.10.6</version>
<time>1662063016</time>
<user>dimstar_suse</user>
<comment>Add references to bsc#1202624, CVE-2021-28861</comment>
<requestid>1000538</requestid>
</revision>
<revision rev="21" vrev="1">
<srcmd5>02217475b20c7c277c782e28dd397a36</srcmd5>
<version>3.10.7</version>
<time>1663438087</time>
<user>dimstar_suse</user>
<comment>- Update to 3.10.7:
- Fix for CVE-2020-10735 (bsc#1203125) Converting between int
and str in bases other than 2 (binary), 4, 8 (octal), 16
(hexadecimal), or 32 such as base 10 (decimal) now raises
a ValueError if the number of digits in string form is above
a limit to avoid potential denial of service attacks due to
the algorithmic complexity.
- Other bug fixes:
- Fixed a bug that caused _PyCode_GetExtra to return garbage
for negative indexes.
- Fix format string in _PyPegen_raise_error_known_location
that can lead to memory corruption on some 64bit systems.
The function was building a tuple with i (int) instead of
n (Py_ssize_t) for Py_ssize_t arguments.
- Fix misleading contents of error message when converting an
all-whitespace string to float.
- coroutine.throw() now properly initializes the frame.f_back
when resuming a stack of coroutines. This allows e.g.
traceback.print_stack() to work correctly when an exception
(such as CancelledError) is thrown into a coroutine.
- ast.parse() will no longer parse function definitions with
positional-only params when passed feature_version less
than (3, 8).
- Correct conversion of numbers.Rational’s to float.
- Fix a performance regression in logging
TimedRotatingFileHandler. Only check for special files when
the rollover time has passed.
- Fix unused localName parameter in the Attr class in
xml.dom.minidom.
- Update bundled pip to 22.2.2.</comment>
<requestid>1002508</requestid>
</revision>
<revision rev="22" vrev="2">
<srcmd5>e23ad529b00caa7feb7c313cf66378ad</srcmd5>
<version>3.10.7</version>
<time>1663763935</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>1004684</requestid>
</revision>
<revision rev="23" vrev="1">
<srcmd5>ea077215ab57419e8d02a2c3f3ca8031</srcmd5>
<version>3.10.8</version>
<time>1666978110</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>1031406</requestid>
</revision>
<revision rev="24" vrev="2">
<srcmd5>8eb418a4df3ef5cfa3de808ca710abc8</srcmd5>
<version>3.10.8</version>
<time>1667655992</time>
<user>dimstar_suse</user>
<comment>- Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
privilege escalation via the multiprocessing forkserver start
method.
</comment>
<requestid>1033570</requestid>
</revision>
<revision rev="25" vrev="3">
<srcmd5>2e47c0318d40fbc158838801110fa715</srcmd5>
<version>3.10.8</version>
<time>1668271192</time>
<user>dimstar_suse</user>
<comment>- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
</comment>
<requestid>1034962</requestid>
</revision>
<revision rev="26" vrev="1">
<srcmd5>a9aa8958eba1bccddd6aff4e4823729e</srcmd5>
<version>3.10.9</version>
<time>1670867950</time>
<user>dimstar_suse</user>
<comment>- Update to 3.10.9:
- python -m http.server no longer allows terminal
control characters sent within a garbage request to be
printed to the stderr server lo This is done by changing
the http.server BaseHTTPRequestHandler .log_message method
to replace control characters with a \xHH hex escape before
printin
- Avoid publishing list of active per-interpreter
audit hooks via the gc module
- The IDNA codec decoder used on DNS hostnames by
socket or asyncio related name resolution functions no
longer involves a quadratic algorithm. This prevents a
potential CPU denial of service if an out-of-spec excessive
length hostname involving bidirectional characters were
decoded. Some protocols such as urllib http 3xx redirects
potentially allow for an attacker to supply such a name.
- Update bundled libexpat to 2.5.0
- Port XKCP’s fix for the buffer overflows in SHA-3
(CVE-2022-37454).
- On Linux the multiprocessing module returns
to using filesystem backed unix domain sockets for
communication with the forkserver process instead of the
Linux abstract socket namespace. Only code that chooses
to use the “forkserver” start method is affected Abstract
sockets have no permissions and could allow any user
on the system in the same network namespace (often the
whole system) to inject code into the multiprocessing
forkserver process. This was a potential privilege
escalation. Filesystem based socket permissions restrict
this to the forkserver process user as was the default in</comment>
<requestid>1041730</requestid>
</revision>
<revision rev="27" vrev="2">
<srcmd5>060abb538b6c2171d33fa027352f12ce</srcmd5>
<version>3.10.9</version>
<time>1674997805</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>1061591</requestid>
</revision>
<revision rev="28" vrev="3">
<srcmd5>24ac53859331cc21eb8c1ca12ae0177b</srcmd5>
<version>3.10.9</version>
<time>1677075668</time>
<user>dimstar_suse</user>
<comment>- Add provides for readline and sqlite3 to the main Python
package.</comment>
<requestid>1066987</requestid>
</revision>
<revision rev="29" vrev="1">
<srcmd5>2e25c21c9730e143a9caf2db36630d81</srcmd5>
<version>3.10.10</version>
<time>1678043268</time>
<user>dimstar_suse</user>
<comment>- Update to 3.10.10:
Bug fixes and regressions handling, no change of behaviour and
no security bugs fixed.
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters</comment>
<requestid>1068979</requestid>
</revision>
<revision rev="30" vrev="2">
<srcmd5>43472ed5d476385a007ba95bad74ecf0</srcmd5>
<version>3.10.10</version>
<time>1678902769</time>
<user>dimstar_suse</user>
<comment>- Add invalid-json.patch fixing invalid JSON in
Doc/howto/logging-cookbook.rst (somehow similar to
gh#python/cpython#102582).</comment>
<requestid>1071070</requestid>
</revision>
<revision rev="31" vrev="1">
<srcmd5>69adbd37cc8024d4dcbf9a038d5fab9b</srcmd5>
<version>3.10.11</version>
<time>1685476918</time>
<user>dimstar_suse</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>1086101</requestid>
</revision>
<revision rev="32" vrev="2">
<srcmd5>f07316c3af208ccc4254f23cb1cffa97</srcmd5>
<version>3.10.11</version>
<time>1687469090</time>
<user>dimstar_suse</user>
<comment>- Add bpo-37596-make-set-marshalling.patch making marshalling of
`set` and `frozenset` deterministic (bsc#1211765).</comment>
<requestid>1094243</requestid>
</revision>
<revision rev="33" vrev="1">
<srcmd5>afd992a593d3245891da533074c2e4cf</srcmd5>
<version>3.10.12</version>
<time>1688147904</time>
<user>dimstar_suse</user>
<comment>- Update to 3.10.12:
- gh-103142: The version of OpenSSL used in Windows and
Mac installers has been upgraded to 1.1.1u to address
CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
fixed previously in 1.1.1t (gh-101727).
- gh-102153: urllib.parse.urlsplit() now strips leading C0
control and space characters following the specification for
URLs defined by WHATWG in response to CVE-2023-24329
(bsc#1208471).
- gh-99889: Fixed a security in flaw in uu.decode() that could
allow for directory traversal based on the input if no
out_file was specified.
- gh-104049: Do not expose the local on-disk
location in directory indexes produced by
http.client.SimpleHTTPRequestHandler.
- gh-103935: trace.__main__ now uses io.open_code() for files
to be executed instead of raw open().
- gh-102953: The extraction methods in tarfile, and
shutil.unpack_archive(), have a new filter argument that
allows limiting tar features than may be surprising or
dangerous, such as creating files outside the destination
directory. See Extraction filters for details (fixing
CVE-2007-4559, bsc#1203750).
- Remove upstreamed patches:
- CVE-2023-24329-blank-URL-bypass.patch
- CVE-2007-4559-filter-tarfile_extractall.patch</comment>
<requestid>1095863</requestid>
</revision>
<revision rev="34" vrev="2">
<srcmd5>b5d2e888c920d6c80ee212c90263ddb5</srcmd5>
<version>3.10.12</version>
<time>1690215152</time>
<user>anag+factory</user>
<comment>- Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for
stabilizing FLAG_REF usage (required for reproduceability;
bsc#1213463).
- (bsc#1210638, CVE-2023-27043) Add
CVE-2023-27043-email-parsing-errors.patch, which detects email
address parsing errors and returns empty tuple to indicate the
parsing error (old API).
</comment>
<requestid>1099501</requestid>
</revision>
<revision rev="35" vrev="3">
<srcmd5>8fba4667c471fc041697d5096567ef17</srcmd5>
<version>3.10.12</version>
<time>1691332152</time>
<user>dimstar_suse</user>
<comment>- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
partially reverting CVE-2023-27043-email-parsing-errors.patch,
because of the regression in gh#python/cpython#106669.
</comment>
<requestid>1102193</requestid>
</revision>
<revision rev="36" vrev="1">
<srcmd5>2539b0baccecafe21d9c42ccae94cc8c</srcmd5>
<version>3.10.13</version>
<time>1693860751</time>
<user>anag+factory</user>
<comment></comment>
<requestid>1108911</requestid>
</revision>
<revision rev="37" vrev="2">
<srcmd5>dfaafb66ab774fec1a5b3ae2f0ea180a</srcmd5>
<version>3.10.13</version>
<time>1694545362</time>
<user>anag+factory</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>1110597</requestid>
</revision>
<revision rev="38" vrev="3">
<srcmd5>24c7662bfeba35f60e02616cc5cfb012</srcmd5>
<version>3.10.13</version>
<time>1708027160</time>
<user>anag+factory</user>
<comment></comment>
<requestid>1146869</requestid>
</revision>
<revision rev="39" vrev="4">
<srcmd5>f1d1e31d2ad25138cf8818121ded9779</srcmd5>
<version>3.10.13</version>
<time>1709145872</time>
<user>anag+factory</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>1152786</requestid>
</revision>
<revision rev="40" vrev="5">
<srcmd5>c41b2b405a15997fd2d2487bc19c816a</srcmd5>
<version>3.10.13</version>
<time>1709332448</time>
<user>dimstar_suse</user>
<comment>- (bsc#1219666, CVE-2023-6597) Add
CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
gh#python/cpython!99930) fixing symlink bug in cleanup of
tempfile.TemporaryDirectory.
</comment>
<requestid>1153061</requestid>
</revision>
<revision rev="41" vrev="6">
<srcmd5>ceedc6cce11c7bcb9e6333573cff9c5d</srcmd5>
<version>3.10.13</version>
<time>1710434556</time>
<user>anag+factory</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>1157645</requestid>
</revision>
<revision rev="42" vrev="1">
<srcmd5>a94a27bdf246c590f61faba46101ca60</srcmd5>
<version>3.10.14</version>
<time>1711477482</time>
<user>anag+factory</user>
<comment>- Add old-libexpat.patch making the test suite work with
libexpat < 2.6.0 (gh#python/cpython#117187).
- Because of bsc#1189495 we have to revert use of %autopatch.
- Update 3.10.14:
- gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0
to address CVE-2023-52425, and control of the new reparse
deferral functionality was exposed with new APIs
(bsc#1219559).
- gh-109858: zipfile is now protected from the “quoted-overlap”
zipbomb to address CVE-2024-0450. It now raises BadZipFile
when attempting to read an entry that overlaps with another
entry or central directory. (bsc#1221854)
- gh-91133: tempfile.TemporaryDirectory cleanup no longer
dereferences symlinks when working around file system
permission errors to address CVE-2023-6597 (bsc#1219666)
- gh-115197: urllib.request no longer resolves the hostname
before checking it against the system’s proxy bypass list on
macOS and Windows
- gh-81194: a crash in socket.if_indextoname() with a specific
value (UINT_MAX) was fixed. Relatedly, an integer overflow in
socket.if_indextoname() on 64-bit non-Windows platforms was
fixed
- gh-113659: .pth files with names starting with a dot or
containing the hidden file attribute are now skipped
- gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer
read out of bounds
- gh-114572: ssl.SSLContext.cert_store_stats() and
ssl.SSLContext.get_ca_certs() now correctly lock access to
the certificate store, when the ssl.SSLContext is shared
across multiple threads
- Remove upstreamed patches:
- CVE-2023-6597-TempDir-cleaning-symlink.patch
- libexpat260.patch
- Readjust patches:
- F00251-change-user-install-location.patch
- fix_configure_rst.patch
- python-3.3.0b1-localpath.patch
- skip-test_pyobject_freed_is_freed.patch
- Port to %autosetup and %autopatch.
</comment>
<requestid>1161074</requestid>
</revision>
</revisionlist>