Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libpython3_10-1_0-3.10.14-1.2 RPM for aarch64

From OpenSuSE Ports Tumbleweed for aarch64

Name: libpython3_10-1_0 Distribution: openSUSE Tumbleweed
Version: 3.10.14 Vendor: openSUSE
Release: 1.2 Build date: Sun Mar 24 01:43:14 2024
Group: Unspecified Build host: reproducible
Size: 3415936 Source RPM: python310-core-3.10.14-1.2.src.rpm
Summary: Python Interpreter shared library
Python is an interpreted, object-oriented programming language, and is
often compared to Tcl, Perl, Scheme, or Java.  You can find an overview
of Python in the documentation and tutorials included in the python-doc
(HTML) or python-doc-pdf (PDF) packages.

This package contains libpython3.2 shared library for embedding in
other applications.






* Sun Mar 24 2024 Matej Cepl <>
  - Add old-libexpat.patch making the test suite work with
    libexpat < 2.6.0 (gh#python/cpython#117187).
* Fri Mar 22 2024 Matej Cepl <>
  - Because of bsc#1189495 we have to revert use of %autopatch.
* Thu Mar 21 2024 Matej Cepl <>
  - Update 3.10.14:
    - gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0
      to address CVE-2023-52425, and control of the new reparse
      deferral functionality was exposed with new APIs
    - gh-109858: zipfile is now protected from the “quoted-overlap”
      zipbomb to address CVE-2024-0450. It now raises BadZipFile
      when attempting to read an entry that overlaps with another
      entry or central directory. (bsc#1221854)
    - gh-91133: tempfile.TemporaryDirectory cleanup no longer
      dereferences symlinks when working around file system
      permission errors to address CVE-2023-6597 (bsc#1219666)
    - gh-115197: urllib.request no longer resolves the hostname
      before checking it against the system’s proxy bypass list on
      macOS and Windows
    - gh-81194: a crash in socket.if_indextoname() with a specific
      value (UINT_MAX) was fixed. Relatedly, an integer overflow in
      socket.if_indextoname() on 64-bit non-Windows platforms was
    - gh-113659: .pth files with names starting with a dot or
      containing the hidden file attribute are now skipped
    - gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer
      read out of bounds
    - gh-114572: ssl.SSLContext.cert_store_stats() and
      ssl.SSLContext.get_ca_certs() now correctly lock access to
      the certificate store, when the ssl.SSLContext is shared
      across multiple threads
  - Remove upstreamed patches:
    - CVE-2023-6597-TempDir-cleaning-symlink.patch
    - libexpat260.patch
  - Readjust patches:
    - F00251-change-user-install-location.patch
    - fix_configure_rst.patch
    - python-3.3.0b1-localpath.patch
    - skip-test_pyobject_freed_is_freed.patch
  - Port to %autosetup and %autopatch.
* Wed Mar 06 2024 Pedro Monreal <>
  - Use the system-wide crypto-policies [bsc#1211301]
    * Use the system default cipher list instead of hardcoded values
    * Add the --with-ssl-default-suites=openssl configure option
* Fri Feb 23 2024 Matej Cepl <>
  - (bsc#1219666, CVE-2023-6597) Add
    CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
    gh#python/cpython!99930) fixing symlink bug in cleanup of
* Tue Feb 20 2024 Matej Cepl <>
  - Remove double definition of /usr/bin/idle%%{version} in
* Thu Feb 15 2024 Daniel Garcia <>
  - Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
    with Expat 2.6.0, gh#python/cpython#115289
* Mon Dec 18 2023 Matej Cepl <>
  - Refresh CVE-2023-27043-email-parsing-errors.patch to
    gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
  - Thus we can remove Revert-gh105127-left-tests.patch, which is
    now useless.
* Mon Sep 04 2023 Daniel Garcia <>
  - Add fix-sphinx-72.patch to make it work with latest sphinx version
  - Update to 3.10.13 (bsc#1214692):
    - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
      vulnerable to a bypass of the TLS handshake and included
      protections (like certificate verification) and treating sent
      unencrypted data as if it were post-handshake TLS encrypted data.
      Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
      Gregory P. Smith.
    - gh-107845: tarfile.data_filter() now takes the location of
      symlinks into account when determining their target, so it will no
      longer reject some valid tarballs with
    - gh-107565: Update multissltests and GitHub CI workflows to use
      OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
    - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
    * consumed was not set.
* Thu Aug 03 2023 Matej Cepl <>
  - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
    partially reverting CVE-2023-27043-email-parsing-errors.patch,
    because of the regression in gh#python/cpython#106669.
* Wed Jul 19 2023 Matej Cepl <>
  - Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for
    stabilizing FLAG_REF usage (required for reproduceability;
* Tue Jul 11 2023 Matej Cepl <>
  - (bsc#1210638, CVE-2023-27043) Add
    CVE-2023-27043-email-parsing-errors.patch, which detects email
    address parsing errors and returns empty tuple to indicate the
    parsing error (old API).
* Wed Jun 28 2023 Matej Cepl <>
  - Update to 3.10.12:
    - gh-103142: The version of OpenSSL used in Windows and
      Mac installers has been upgraded to 1.1.1u to address
      CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
      as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
      fixed previously in 1.1.1t (gh-101727).
    - gh-102153: urllib.parse.urlsplit() now strips leading C0
      control and space characters following the specification for
      URLs defined by WHATWG in response to CVE-2023-24329
    - gh-99889: Fixed a security in flaw in uu.decode() that could
      allow for directory traversal based on the input if no
      out_file was specified.
    - gh-104049: Do not expose the local on-disk
      location in directory indexes produced by
    - gh-103935: trace.__main__ now uses io.open_code() for files
      to be executed instead of raw open().
    - gh-102953: The extraction methods in tarfile, and
      shutil.unpack_archive(), have a new filter argument that
      allows limiting tar features than may be surprising or
      dangerous, such as creating files outside the destination
      directory. See Extraction filters for details (fixing
      CVE-2007-4559, bsc#1203750).
  - Remove upstreamed patches:
    - CVE-2023-24329-blank-URL-bypass.patch
    - CVE-2007-4559-filter-tarfile_extractall.patch
* Tue Jun 20 2023 Matej Cepl <>
  - Add bpo-37596-make-set-marshalling.patch making marshalling of
    `set` and `frozenset` deterministic (bsc#1211765).
* Thu Apr 27 2023 Matej Cepl <>
  - Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
    CVE-2007-4559 (bsc#1203750) by adding the filter for
    tarfile.extractall (PEP 706).
* Thu Apr 27 2023 Matej Cepl <>
  - Update to 3.10.11:
    - Core and Builtins
    - gh-102416: Do not memoize incorrectly automatically
      generated loop rules in the parser. Patch by Pablo Galindo.
    - gh-102356: Fix a bug that caused a crash when deallocating
      deeply nested filter objects. Patch by Marta Gómez Macías.
    - gh-102397: Fix segfault from race condition in signal
      handling during garbage collection. Patch by Kumar Aditya.
    - gh-102126: Fix deadlock at shutdown when clearing thread
      states if any finalizer tries to acquire the runtime head
      lock. Patch by Kumar Aditya.
    - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal
      module. Patch by Max Bachmann.
    - gh-101967: Fix possible segfault in
      positional_only_passed_as_keyword function, when new list
    - gh-101765: Fix SystemError / segmentation fault in iter
      __reduce__ when internal access of builtins.__dict__ keys
      mutates the iter object.
    - Library
    - gh-102947: Improve traceback when dataclasses.fields() is
      called on a non-dataclass. Patch by Alex Waygood
    - gh-101979: Fix a bug where parentheses in the metavar
      argument to argparse.ArgumentParser.add_argument() were
      dropped. Patch by Yeojin Kim.
    - gh-102179: Fix os.dup2() error message for negative fds.
    - gh-101961: For the binary mode, fileinput.hookcompressed()
      doesn’t set the encoding value even if the value is
      None. Patch by Gihwan Kim.
    - gh-101936: The default value of fp becomes io.BytesIO
      if HTTPError is initialized without a designated fp
      parameter. Patch by Long Vo.
    - gh-101566: In zipfile, apply fix for extractall on the
      underlying zipfile after being wrapped in Path.
    - gh-101997: Upgrade pip wheel bundled with ensurepip (pip
    - gh-101892: Callable iterators no longer raise SystemError
      when the callable object exhausts the iterator but forgets
      to either return a sentinel value or raise StopIteration.
    - gh-97786: Fix potential undefined behaviour in corner cases
      of floating-point-to-time conversions.
    - gh-101517: Fixed bug where bdb looks up the source line
      with linecache with a lineno=None, which causes it to fail
      with an unhandled exception.
    - gh-101673: Fix a pdb bug where ll clears the changes to
      local variables.
    - gh-96931: Fix incorrect results from
    - gh-88233: Correctly preserve “extra” fields in zipfile
      regardless of their ordering relative to a zip64 “extra.”
    - gh-95495: When built against OpenSSL 3.0, the ssl module
      had a bug where it reported unauthenticated EOFs (i.e.
      without close_notify) as a clean TLS-level EOF. It now
      raises SSLEOFError, matching the behavior in previous
      versions of OpenSSL. The options attribute on SSLContext
      also no longer includes OP_IGNORE_UNEXPECTED_EOF by
      default. This option may be set to specify the previous
      OpenSSL 3.0 behavior.
    - gh-94440: Fix a concurrent.futures.process bug where
      ProcessPoolExecutor shutdown could hang after a future has
      been quickly submitted and canceled.
    - Documentation
    - gh-103112: Add docstring to
      to fix pydoc output.
    - gh-85417: Update cmath documentation to clarify behaviour
      on branch cuts.
    - gh-97725: Fix asyncio.Task.print_stack() description for
      file=None. Patch by Oleg Iarygin.
    - Tests
    - gh-102980: Improve test coverage on pdb.
    - gh-102537: Adjust the error handling strategy in
      test_zoneinfo.TzPathTest.python_tzpath_context. Patch by
      Paul Ganssle.
    - gh-101377: Improved test_locale_calendar_formatweekday of
    - Build
    - gh-102711: Fix -Wstrict-prototypes compiler warnings.
  - Removed upstreamed:
    - invalid-json.patch
* Mon Mar 13 2023 Matej Cepl <>
  - Add invalid-json.patch fixing invalid JSON in
    Doc/howto/logging-cookbook.rst (somehow similar to
* Wed Mar 01 2023 Matej Cepl <>
  - Update to 3.10.10:
    Bug fixes and regressions handling, no change of behaviour and
    no security bugs fixed.
  - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
    bsc#1208471) blocklists bypass via the urllib.parse component
    when supplying a URL that starts with blank characters
* Tue Feb 21 2023 Matej Cepl <>
  - Add provides for readline and sqlite3 to the main Python
* Fri Jan 27 2023 Thorsten Kukuk <>
  - Disable NIS for new products, it's deprecated and gets removed
* Thu Dec 08 2022 Matej Cepl <>
  - Update to 3.10.9:
    - python -m http.server no longer allows terminal
      control characters sent within a garbage request to be
      printed to the stderr server lo This is done by changing
      the http.server BaseHTTPRequestHandler .log_message method
      to replace control characters with a \xHH hex escape before
    - Avoid publishing list of active per-interpreter
      audit hooks via the gc module
    - The IDNA codec decoder used on DNS hostnames by
      socket or asyncio related name resolution functions no
      longer involves a quadratic algorithm. This prevents a
      potential CPU denial of service if an out-of-spec excessive
      length hostname involving bidirectional characters were
      decoded. Some protocols such as urllib http 3xx redirects
      potentially allow for an attacker to supply such a name.
    - Update bundled libexpat to 2.5.0
    - Port XKCP’s fix for the buffer overflows in SHA-3
    - On Linux the multiprocessing module returns
      to using filesystem backed unix domain sockets for
      communication with the forkserver process instead of the
      Linux abstract socket namespace. Only code that chooses
      to use the “forkserver” start method is affected Abstract
      sockets have no permissions and could allow any user
      on the system in the same network namespace (often the
      whole system) to inject code into the multiprocessing
      forkserver process. This was a potential privilege
      escalation. Filesystem based socket permissions restrict
      this to the forkserver process user as was the default in
      Python 3.8 and earlier This prevents Linux CVE-2022-42919
    - Fix a reference bug in _imp.create_builtin()
      after the creation of the first sub-interpreter for modules
      builtins and sys. Patch by Victor Stinner.
    - Fixed a bug that was causing a buffer overflow if
      the tokenizer copies a line missing the newline caracter
      from a file that is as long as the available tokenizer
      buffer. Patch by Pablo galindo
    - Update faulthandler to emit an error message with
      the proper unexpected signal number. Patch by Dong-hee Na.
    - Fix subscription of types.GenericAlias instances
      containing bare generic types: for example tuple[A, T][int],
      where A is a generic type, and T is a type variable.
    - Fix detection of MAC addresses for uuid on certain
      OSs. Patch by Chaim Sanders
    - Print exception class name instead of its string
      representation when raising errors from ctypes calls.
    - Allow pdb to locate source for frozen modules in
      the standard library.
    - Raise ValueError instead of SystemError when
      methods of uninitialized io.IncrementalNewlineDecoder objects
      are called. Patch by Oren Milman.
    - Fix a possible assertion failure in io.FileIO when
      the opener returns an invalid file descriptor.
    - Also escape s in the http.server
      BaseHTTPRequestHandler.log_message so that it is technically
      possible to parse the line and reconstruct what the original
      data was. Without this a xHH is ambiguious as to if it is a
      hex replacement we put in or the characters r”x” came through
      in the original request line.
    - asyncio.get_event_loop() now only emits a
      deprecation warning when a new event loop was created
      implicitly. It no longer emits a deprecation warning if the
      current event loop was set.
    - Fix bug when calling trace.CoverageResults with
      valid infile.
    - Fix a bug in handling class cleanups in
      unittest.TestCase. Now addClassCleanup() uses separate lists
      for different TestCase subclasses, and doClassCleanups() only
      cleans up the particular class.
    - Release the GIL when calling termios APIs to avoid
      blocking threads.
    - Fix ast.increment_lineno() to also cover
      ast.TypeIgnore when changing line numbers.
    - Fixed bug where inspect.signature() reported
      incorrect arguments for decorated methods.
    - Fix SystemError in ctypes when exception was not
      set during __initsubclass__.
    - Fix statistics.NormalDist pickle with 0 and 1
    - Update the bundled copy of pip to version 22.3.1.
    - Apply bugfixes from importlib_metadata 4.11.4,
      namely: In PathDistribution._name_from_stem, avoid
      including parts of the extension in the result. In
      PathDistribution._normalized_name, ensure names loaded from
      the stem of the filename are also normalized, ensuring
      duplicate entry points by packages varying only by
      non-normalized name are hidden.
    - Clean up refleak on failed module initialisation in
    - Clean up refleaks on failed module initialisation
      in in _pickle
    - Clean up refleak on failed module initialisation in
    - Fix memory leak in math.dist() when both points
      don’t have the same dimension. Patch by Kumar Aditya.
    - Fix argument typechecks in _overlapped.WSAConnect()
      and _overlapped.Overlapped.WSASendTo() functions.
    - Fix internal error in the re module which in
      very rare circumstances prevented compilation of a regular
      expression containing a conditional expression without the
      “else” branch.
    - Fix asyncio.StreamWriter.drain() to call
      protocol.connection_lost callback only once on Windows.
    - Add a mutex to unittest.mock.NonCallableMock to
      protect concurrent access to mock attributes.
    - Fix hang on Windows in subprocess.wait_closed() in
      asyncio with ProactorEventLoop. Patch by Kumar Aditya.
    - Fix infinite loop in unittest when a
      self-referencing chained exception is raised
    - tkinter.Text.count() raises now an exception for
      options starting with “-” instead of silently ignoring them.
    - On uname_result, restored expectation that _fields
      and _asdict would include all six properties including
    - Update the bundled copies of pip and setuptools to
      versions 22.3 and 65.5.0 respectively.
    - Fix bug in urllib.parse.urlparse() that causes
      certain port numbers containing whitespace, underscores,
      plus and minus signs, or non-ASCII digits to be incorrectly
    - Allow venv to pass along PYTHON* variables to
      ensurepip and pip when they do not impact path resolution
    - On macOS, fix a crash in syslog.syslog() in
      multi-threaded applications. On macOS, the libc syslog()
      function is not thread-safe, so syslog.syslog() no longer
      releases the GIL to call it. Patch by Victor Stinner.
    - Allow BUILTINS to be a valid field name for frozen
    - Make sure patch.dict() can be applied on async
    - To avoid apparent memory leaks when
      asyncio.open_connection() raises, break reference cycles
      generated by local exception and future instances (which has
      exception instance as its member var). Patch by Dong Uk,
    - Prevent error when activating venv in nested fish
    - Restrict use of sockets instead of pipes for stdin
      of subprocesses created by asyncio to AIX platform only.
    - shutil.copytree() now applies the
      ignore_dangling_symlinks argument recursively.
    - Fix IndexError in argparse.ArgumentParser when a
      store_true action is given an explicit argument.
    - Document that calling variadic functions with
      ctypes requires special care on macOS/arm64 (and possibly
      other platforms).
    - Skip test_normalization() of test_unicodedata
      if it fails to download NormalizationTest.txt file from Patch by Victor Stinner.
    - Some C API tests were moved into the new
      Lib/test/test_capi/ directory.
    - Fix -Wimplicit-int, -Wstrict-prototypes, and
    - Wimplicit-function-declaration compiler warnings in
      configure checks.
    - Fix -Wimplicit-int compiler warning in configure
      check for PTHREAD_SCOPE_SYSTEM.
    - Specify the full path to the source location for
      make docclean (needed for cross-builds).
    - Fix NO_MISALIGNED_ACCESSES being not defined
      for the SHA3 extension when HAVE_ALIGNED_REQUIRED is
      set. Allowing builds on hardware that unaligned memory
      accesses are not allowed.
    - Fix handling of module docstrings in
  - Remove upstreamed patches:
    - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
    - CVE-2015-20107-mailcap-unsafe-filenames.patch
    - CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
    - CVE-2022-45061-DoS-by-IDNA-decode.patch
* Wed Nov 09 2022 Matej Cepl <>
  - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
    CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
    extremely long domain names.
* Thu Nov 03 2022 Matej Cepl <>
  - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
    CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
    privilege escalation via the multiprocessing forkserver start
* Fri Oct 21 2022 Matej Cepl <>
  - Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to
    allow building of documentation with the latest Sphinx 5.3.0
* Wed Oct 19 2022 Matej Cepl <>
  - Update to 3.10.8:
    - Fix multiplying a list by an integer (list *= int): detect
      the integer overflow when the new allocated length is close
      to the maximum size.
    - Fix a shell code injection vulnerability in the example script. The script no
      longer uses a shell to run openssl commands. (originally
      filed as CVE-2022-37460, later withdrawn)
    - Fix command line parsing: reject -X int_max_str_digits option
      with no value (invalid) when the PYTHONINTMAXSTRDIGITS
      environment variable is set to a valid limit.
    - When ValueError is raised if an integer is larger than the
      limit, mention the sys.set_int_max_str_digits() function in
      the error message.
    - The deprecated mailcap module now refuses to inject unsafe
      text (filenames, MIME types, parameters) into shell
      commands. Instead of using such text, it will warn and act
      as if a match was not found (or for test commands, as if the
      test failed).
    - os.sched_yield() now release the GIL while calling
    - Bugfix: PyFunction_GetAnnotations() should return a borrowed
      reference. It was returning a new reference.
    - Fixed a missing incref/decref pair in
    - Fix overly-broad source position information for chained
      comparisons used as branching conditions.
    - Fix undefined behaviour in _testcapimodule.c.
    - At Python exit, sometimes a thread holding the GIL can
      wait forever for a thread (usually a daemon thread) which
      requested to drop the GIL, whereas the thread already
      exited. To fix the race condition, the thread which requested
      the GIL drop now resets its request before exiting.
    - Fix a possible assertion failure, fatal error, or SystemError
      if a line tracing event raises an exception while opcode
      tracing is enabled.
    - Fix undefined behaviour in C code of null pointer arithmetic.
    - Do not expose KeyWrapper in _functools.
    - When loading a file with invalid UTF-8 inside a multi-line
      string, a correct SyntaxError is emitted.
    - Disable incorrect pickling of the C implemented classmethod
    - Fix AttributeError missing name and obj attributes in       .
      object.__getattribute__() bpo-42316: Document some places   .
      where an assignment expression needs parentheses            .
    - Wrap network errors consistently in urllib FTP support, so
      the test suite doesn’t fail when a network is available but
      the public internet is not reachable.
    - Fixes AttributeError when subprocess.check_output() is used
      with argument input=None and either of the arguments encoding
      or errors are used.
    - Avoid spurious tracebacks from asyncio when default executor
      cleanup is delayed until after the event loop is closed (e.g.
      as the result of a keyboard interrupt).
    - Avoid a crash in the C version of
      asyncio.Future.remove_done_callback() when an evil argument
      is passed.
    - Remove tokenize.NL check from tabnanny.
    - Make Semaphore run faster.
    - Fix generation of the default name of
      tkinter.Checkbutton. Previously, checkbuttons in different
      parent widgets could have the same short name and share
      the same state if arguments “name” and “variable” are not
      specified. Now they are globally unique.
    - Update bundled libexpat to 2.4.9
    - Fix race condition in asyncio where process_exited() called
      before the pipe_data_received() leading to inconsistent
    - Fixed check in multiprocessing.resource_tracker that
      guarantees that the length of a write to a pipe is not
      greater than PIPE_BUF.
    - Corrected type annotation for dataclass attribute
      pstats.FunctionProfile.ncalls to be str.
    - Fix the faulthandler implementation of
      faulthandler.register(signal, chain=True) if the sigaction()
      function is not available: don’t call the previous signal
      handler if it’s NULL.
    - In inspect, fix overeager replacement of “typing.” in
      formatting annotations.
    - Fix asyncio.streams.StreamReaderProtocol to keep a strong
      reference to the created task, so that it’s not garbage
    - Fix handling compiler warnings (SyntaxWarning and
      DeprecationWarning) in codeop.compile_command() when checking
      for incomplete input. Previously it emitted warnings and
      raised a SyntaxError. Now it always returns None for
      incomplete input without emitting any warnings.
    - Fixed flickering of the turtle window when the tracer is
      turned off.
    - Allow asyncio.StreamWriter.drain() to be awaited concurrently
      by multiple tasks.
    - Fix broken asyncio.Semaphore when acquire is cancelled.
    - Fix ast.unparse() when ImportFrom.level is None
    - Improve performance of urllib.request.getproxies_environment
      when there are many environment variables
    - Fix ! in c domain ref target syntax via a patch, so
      it works as intended to disable ref target resolution.
    - Clarified the conflicting advice given in the ast
      documentation about ast.literal_eval() being “safe” for use
      on untrusted input while at the same time warning that it
      can crash the process. The latter statement is true and is
      deemed unfixable without a large amount of work unsuitable
      for a bugfix. So we keep the warning and no longer claim that
      literal_eval is safe.
    - Update tutorial introduction output to use 3.10+ SyntaxError
      invalid range.
  - Remove upstreamed test-int-timing.patch.
* Sun Sep 18 2022 Andreas Schwab <>
  - test-int-timing.patch: gh-96710: Make the test timing more lenient for
    the int/str DoS regression test. (#96717)
* Sun Sep 11 2022 Matej Cepl <>
  - Update to 3.10.7:
    - Fix for CVE-2020-10735 (bsc#1203125) Converting between int
      and str in bases other than 2 (binary), 4, 8 (octal), 16
      (hexadecimal), or 32 such as base 10 (decimal) now raises
      a ValueError if the number of digits in string form is above
      a limit to avoid potential denial of service attacks due to
      the algorithmic complexity.
    - Other bug fixes:
    - Fixed a bug that caused _PyCode_GetExtra to return garbage
      for negative indexes.
    - Fix format string in _PyPegen_raise_error_known_location
      that can lead to memory corruption on some 64bit systems.
      The function was building a tuple with i (int) instead of
      n (Py_ssize_t) for Py_ssize_t arguments.
    - Fix misleading contents of error message when converting an
      all-whitespace string to float.
    - coroutine.throw() now properly initializes the frame.f_back
      when resuming a stack of coroutines. This allows e.g.
      traceback.print_stack() to work correctly when an exception
      (such as CancelledError) is thrown into a coroutine.
    - ast.parse() will no longer parse function definitions with
      positional-only params when passed feature_version less
      than (3, 8).
    - Correct conversion of numbers.Rational’s to float.
    - Fix a performance regression in logging
      TimedRotatingFileHandler. Only check for special files when
      the rollover time has passed.
    - Fix unused localName parameter in the Attr class in
    - Update bundled pip to 22.2.2.
    - Fail gracefully if EPERM or ENOSYS is raised when loading
      crypt methods. This may happen when trying to load MD5 on
      a Linux kernel with FIPS enabled.
    - Improve discoverability of the higher level
      concurrent.futures module by providing clearer links from
      the lower level threading and multiprocessing modules.
    - Update the default RFC base URL from deprecated to
    - Fix stylesheet not working in Windows CHM htmlhelp docs.
    - The documentation now lists which members of C structs are
      part of the Limited API/Stable ABI.
    - Mitigate the inherent race condition from using
      find_unused_port() in testSockName() by trying to find an
      unused port a few times before failing.
    - Build and test with OpenSSL 1.1.1q
    - Document handling of extensions in Save As dialogs.
    - Include prompts when saving Shell (interactive input and
* Wed Aug 17 2022 Dirk Müller <>
  - fix to refer to the python 3.10 package versions
* Tue Aug 02 2022 Matej Cepl <>
  - Update to 3.10.6:
    - gh-87389: http.server: Fix an open redirection vulnerability
      in the HTTP server when an URI path starts with //.
      Vulnerability discovered, and initial fix proposed, by Hamza
      Avvan. (bsc#1202624, CVE-2021-28861)
    - gh-92888: Fix memoryview use after free when accessing the
      backing buffer in certain cases.
    - gh-95355: _PyPegen_Parser_New now properly detects token
      memory allocation errors. Patch by Honglin Zhu.
    - gh-94938: Fix error detection in some builtin functions when
      keyword argument name is an instance of a str subclass with
      overloaded __eq__ and __hash__. Previously it could cause
      SystemError or other undesired behavior.
    - gh-94949: ast.parse() will no longer parse parenthesized
      context managers when passed feature_version less than
      (3, 9). Patch by Shantanu Jain.
    - gh-94947: ast.parse() will no longer parse assignment
      expressions when passed feature_version less than
      (3, 8). Patch by Shantanu Jain.
    - gh-94869: Fix the column offsets for some expressions in
      multi-line f-strings ast nodes. Patch by Pablo Galindo.
    - gh-91153: Fix an issue where a bytearray item assignment
      could crash if it’s resized by the new value’s __index__()
    - gh-94329: Compile and run code with unpacking of extremely
      large sequences (1000s of elements). Such code failed to
      compile. It now compiles and runs correctly.
    - gh-94360: Fixed a tokenizer crash when reading encoded
      files with syntax errors from stdin with non utf-8 encoded
      text. Patch by Pablo Galindo
    - gh-94192: Fix error for dictionary literals with invalid
      expression as value.
    - gh-93964: Strengthened compiler overflow checks to prevent
      crashes when compiling very large source files.
    - gh-93671: Fix some exponential backtrace case happening with
      deeply nested sequence patterns in match statements. Patch by
      Pablo Galindo
    - gh-93021: Fix the __text_signature__ for __get__() methods
      implemented in C. Patch by Jelle Zijlstra.
    - gh-92930: Fixed a crash in _pickle.c from mutating
      collections during __reduce__ or persistent_id.
    - gh-92914: Always round the allocated size for lists up to the
      nearest even number.
    - gh-92858: Improve error message for some suites with syntax
      error before ‘:’
    - gh-95339: Update bundled pip to 22.2.1.
    - gh-95045: Fix GC crash when deallocating _lsprof.Profiler by
      untracking it before calling any callbacks. Patch by Kumar
    - gh-95087: Fix IndexError in parsing invalid date in the email
    - gh-95199: Upgrade bundled setuptools to 63.2.0.
    - gh-95194: Upgrade bundled pip to 22.2.
    - gh-93899: Fix check for existence of os.EFD_CLOEXEC,
      os.EFD_NONBLOCK and os.EFD_SEMAPHORE flags on older kernel
      versions where these flags are not present. Patch by Kumar
    - gh-95166: Fix to cancel the
      currently waiting on future on an error - e.g. TimeoutError
      or KeyboardInterrupt.
    - gh-93157: Fix fileinput module didn’t support errors option
      when inplace is true.
    - gh-94821: Fix binding of unix socket to empty address
      on Linux to use an available address from the abstract
      namespace, instead of “0”.
    - gh-94736: Fix crash when deallocating an instance of a
      subclass of _multiprocessing.SemLock. Patch by Kumar Aditya.
    - gh-94637: SSLContext.set_default_verify_paths() now releases
      the GIL around SSL_CTX_set_default_verify_paths call. The
      function call performs I/O and CPU intensive work.
    - gh-94510: Re-entrant calls to sys.setprofile() and
      sys.settrace() now raise RuntimeError. Patch by Pablo
    - gh-92336: Fix bug where linecache.getline() fails on bad
      files with UnicodeDecodeError or SyntaxError. It now returns
      an empty string as per the documentation.
    - gh-89988: Fix memory leak in pickle.Pickler when looking up
      dispatch_table. Patch by Kumar Aditya.
    - gh-94254: Fixed types of struct module to be immutable. Patch
      by Kumar Aditya.
    - gh-94245: Fix pickling and copying of typing.Tuple[()].
    - gh-94207: Made _struct.Struct GC-tracked in order to fix a
      reference leak in the _struct module.
    - gh-94101: Manual instantiation of ssl.SSLSession objects is
      no longer allowed as it lead to misconfigured instances that
      crashed the interpreter when attributes where accessed on
    - gh-84753: inspect.iscoroutinefunction(),
      inspect.isgeneratorfunction(), and
      inspect.isasyncgenfunction() now properly return True
      for duck-typed function-like objects like instances of
    - This makes inspect.iscoroutinefunction() consistent with the
      behavior of asyncio.iscoroutinefunction(). Patch by Mehdi
    - gh-83499: Fix double closing of file description in tempfile.
    - gh-79512: Fixed names and __module__ value of weakref classes
      ReferenceType, ProxyType, CallableProxyType. It makes them
    - gh-90494: copy.copy() and copy.deepcopy() now always raise
      a TypeError if __reduce__() returns a tuple with length 6
      instead of silently ignore the 6th item or produce incorrect
    - gh-90549: Fix a multiprocessing bug where a global named
      resource (such as a semaphore) could leak when a child
      process is spawned (as opposed to forked).
    - gh-79579: sqlite3 now correctly detects DML queries with
      leading comments. Patch by Erlend E. Aasland.
    - gh-93421: Update sqlite3.Cursor.rowcount when a DML
      statement has run to completion. This fixes the row count
      for SQL queries like UPDATE ... RETURNING. Patch by Erlend
      E. Aasland.
    - gh-91810: Suppress writing an XML declaration in open
      files in ElementTree.write() with encoding='unicode' and
    - gh-93353: Fix the importlib.resources.as_file() context
      manager to remove the temporary file if destroyed late
      during Python finalization: keep a local reference to the
      os.remove() function. Patch by Victor Stinner.
    - gh-83658: Make multiprocessing.Pool raise an exception if
      maxtasksperchild is not None or a positive int.
    - gh-74696: shutil.make_archive() no longer temporarily changes
      the current working directory during creation of standard
      .zip or tar archives.
    - gh-91577: Move imports in SharedMemory methods to module
      level so that they can be executed late in python
    - bpo-47231: Fixed an issue with inconsistent trailing slashes
      in tarfile longname directories.
    - bpo-46755: In QueueHandler, clear stack_info from LogRecord
      to prevent stack trace from being written twice.
    - bpo-46053: Fix OSS audio support on NetBSD.
    - bpo-46197: Fix ensurepip environment isolation for subprocess
      running pip.
    - bpo-45924: Fix asyncio incorrect traceback when future’s
      exception is raised multiple times. Patch by Kumar Aditya.
    - bpo-34828: sqlite3.Connection.iterdump() now handles
      databases that use AUTOINCREMENT in one or more tables.
    - gh-94321: Document the PEP 246 style protocol type
    - gh-86128: Document a limitation in ThreadPoolExecutor where
      its exit handler is executed before any handlers in atexit.
    - gh-61162: Clarify sqlite3 behavior when Using the connection
      as a context manager.
    - gh-87260: Align sqlite3 argument specs with the actual
    - gh-86986: The minimum Sphinx version required to build the
      documentation is now 3.2.
    - gh-88831: Augmented documentation of
      asyncio.create_task(). Clarified the need to keep strong
      references to tasks and added a code snippet detailing how to
      to this.
    - bpo-47161: Document that pathlib.PurePath does not collapse
      initial double slashes because they denote UNC paths.
    - gh-95280: Fix problem with test_ssl test_get_ciphers on
      systems that require perfect forward secrecy (PFS) ciphers.
    - gh-95212: Make multiprocessing test case
      test_shared_memory_recreate parallel-safe.
    - gh-91330: Added more tests for dataclasses to cover behavior
      with data descriptor-based fields.
    - gh-94208: test_ssl is now checking for supported TLS version
      and protocols in more tests.
    - gh-93951: In test_bdb.StateTestCase.test_skip, avoid
      including auxiliary importers.
    - gh-93957: Provide nicer error reporting from subprocesses in
    - gh-57539: Increase calendar test coverage for
    - gh-92886: Fixing tests that fail when running with
      optimizations (-O) in
    - bpo-47016: Create a GitHub Actions workflow for verifying
      bundled pip and setuptools. Patch by Illia Volochii and Adam
    - gh-94841: Fix the possible performance regression of
      PyObject_Free() compiled with MSVC version 1932.
    - gh-95511: Fix the Shell context menu copy-with-prompts bug of
      copying an extra line when one selects whole lines.
    - gh-95471: In the Edit menu, move Select All and add a new
    - gh-95411: Enable using IDLE’s module browser with .pyw files.
    - gh-89610: Add .pyi as a recognized extension for IDLE on
      macOS. This allows opening stub files by double clicking on
      them in the Finder.
    - gh-94538: Fix Argument Clinic output to custom file
      destinations. Patch by Erlend E. Aasland.
    - gh-94430: Allow parameters named module and self with custom
      C names in Argument Clinic. Patch by Erlend E. Aasland
    - gh-94930: Fix SystemError raised when
      PyArg_ParseTupleAndKeywords() is used with # in (...) but
      without PY_SSIZE_T_CLEAN defined.
    - gh-94864: Fix PyArg_Parse* with deprecated format units “u”
      and “Z”. It returned 1 (success) when warnings are turned
      into exceptions.
  - Reapply patches
    - bpo-31046_ensurepip_honours_prefix.patch
    - fix_configure_rst.patch
    - no-skipif-doctests.patch
    - skip-test_pyobject_freed_is_freed.patch
* Sun Jul 31 2022 Stephan Kulow <>
  - Extend distutils-reproducible-compile.patch with a workaround
    for non reproducible pyc files issue 93317
* Thu Jul 21 2022 Matej Cepl <>
  - Switch from %primary_interpreter to prjconf-defined
    %primary_python (gh#openSUSE/python-rpm-macros#127).
* Thu Jun 09 2022 Matej Cepl <>
  - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
    CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
    command injection in the mailcap module.
  - Fix building of documentation and the universal configuration of the
* Mon Jun 06 2022 Matej Cepl <>
  - Update to 3.10.5:
    - Core and Builtins
    - gh-93418: Fixed an assert where an f-string has an equal
      sign ‘=’ following an expression, but there’s no trailing
      brace. For example, f”{i=”.
    - gh-91924: Fix __ltrace__ debug feature if the stdout
      encoding is not UTF-8. Patch by Victor Stinner.
    - gh-93061: Backward jumps after async for loops are no
      longer given dubious line numbers.
    - gh-93065: Fix contextvars HAMT implementation to handle
      iteration over deep trees.
    - The bug was discovered and fixed by Eli Libman. See
      MagicStack/immutables#84 for more details.
    - gh-92311: Fixed a bug where setting frame.f_lineno to jump
      over a list comprehension could misbehave or crash.
    - gh-92112: Fix crash triggered by an evil custom mro() on
      a metaclass.
    - gh-92036: Fix a crash in subinterpreters related to the
      garbage collector. When a subinterpreter is deleted,
      untrack all objects tracked by its GC. To prevent a crash
      in deallocator functions expecting objects to be tracked by
      the GC, leak a strong reference to these objects on
      purpose, so they are never deleted and their deallocator
      functions are not called. Patch by Victor Stinner.
    - gh-91421: Fix a potential integer overflow in
    - bpo-47212: Raise IndentationError instead of SyntaxError
      for a bare except with no following indent. Improve
      SyntaxError locations for an un-parenthesized generator
      used as arguments. Patch by Matthieu Dartiailh.
    - bpo-47182: Fix a crash when using a named unicode character
      like "\N{digit nine}" after the main interpreter has been
      initialized a second time.
    - bpo-47117: Fix a crash if we fail to decode characters in
      interactive mode if the tokenizer buffers are
      uninitialized. Patch by Pablo Galindo.
    - bpo-39829: Removed the __len__() call when initializing
      a list and moved initializing to list_extend. Patch by
      Jeremiah Pascual.
    - bpo-46962: Classes and functions that unconditionally
      declared their docstrings ignoring the
    - -without-doc-strings compilation flag no longer do so.
    - The classes affected are ctypes.UnionType,
      pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and
    - The functions affected are 24 methods in ctypes.
    - Patch by Oleg Iarygin.
    - bpo-36819: Fix crashes in built-in encoders with error
      handlers that return position less or equal than the
      starting position of non-encodable characters.
    - Library
    - gh-93156: Accessing the pathlib.PurePath.parents sequence
      of an absolute path using negative index values produced
      incorrect results.
    - gh-89973: Fix re.error raised in fnmatch if the pattern
      contains a character range with upper bound lower than
      lower bound (e.g. [c-a]). Now such ranges are interpreted
      as empty ranges.
    - gh-93010: In a very special case, the email package tried
      to append the nonexistent InvalidHeaderError to the defect
      list. It should have been InvalidHeaderDefect.
    - gh-92839: Fixed crash resulting from calling
      bisect.insort() or bisect.insort_left() with the key
      argument not equal to None.
    - gh-91581: utcfromtimestamp() no longer attempts to resolve
      fold in the pure Python implementation, since the fold is
      never 1 in UTC. In addition to being slightly faster in the
      common case, this also prevents some errors when the
      timestamp is close to datetime.min. Patch by Paul Ganssle.
    - gh-92530: Fix an issue that occurred after interrupting
    - gh-92049: Forbid pickling constants re._constants.SUCCESS
      etc. Previously, pickling did not fail, but the result
      could not be unpickled.
    - bpo-47029: Always close the read end of the pipe used by
      multiprocessing.Queue after the last write of buffered data
      to the write end of the pipe to avoid BrokenPipeError at
      garbage collection and at multiprocessing.Queue.close()
      calls. Patch by Géry Ogam.
    - gh-91401: Provide a fail-safe way to disable subprocess use
      of vfork() via a private subprocess._USE_VFORK attribute.
      While there is currently no known need for this, if you
      find a need please only set it to False. File a CPython
      issue as to why you needed it and link to that from
      a comment in your code. This attribute is documented as
      a footnote in 3.11.
    - gh-91910: Add missing f prefix to f-strings in error
      messages from the multiprocessing and asyncio modules.
    - gh-91810: ElementTree method write() and function
      tostring() now use the text file’s encoding (“UTF-8” if not
      available) instead of locale encoding in XML declaration
      when encoding="unicode" is specified.
    - gh-91832: Add required attribute to argparse.Action repr
    - gh-91700: Compilation of regular expression containing
      a conditional expression (?(group)...) now raises an
      appropriate re.error if the group number refers to not
      defined group. Previously an internal RuntimeError was
    - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown
      the per test event loop executor before returning from its
      run method so that a not yet stopped or garbage collected
      executor state does not persist beyond the test.
    - gh-90568: Parsing \N escapes of Unicode Named Character
      Sequences in a regular expression raises now re.error
      instead of TypeError.
    - gh-91595: Fix the comparison of character and integer
      inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu.
    - gh-90622: Worker processes for
      concurrent.futures.ProcessPoolExecutor are no longer
      spawned on demand (a feature added in 3.9) when the
      multiprocessing context start method is "fork" as that can
      lead to deadlocks in the child processes due to a fork
      happening while threads are running.
    - gh-91575: Update case-insensitive matching in the re module
      to the latest Unicode version.
    - gh-91581: Remove an unhandled error case in the
      C implementation of calls to datetime.fromtimestamp with no
      time zone (i.e. getting a local time from an epoch
      timestamp). This should have no user-facing effect other
      than giving a possibly more accurate error message when
      called with timestamps that fall on 10000-01-01 in the
      local time. Patch by Paul Ganssle.
    - bpo-47260: Fix os.closerange() potentially being a no-op in
      a Linux seccomp sandbox.
    - bpo-39064: zipfile.ZipFile now raises zipfile.BadZipFile
      instead of ValueError when reading a corrupt zip file in
      which the central directory offset is negative.
    - bpo-47151: When subprocess tries to use vfork, it now falls
      back to fork if vfork returns an error. This allows use in
      situations where vfork isn’t allowed by the OS kernel.
    - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve
      names for socket.AF_INET or socket.AF_INET6 families.
      Resolution may not make sense for other families, like
      socket.AF_BLUETOOTH and socket.AF_UNIX.
    - bpo-43323: Fix errors in the email module if the charset
      itself contains undecodable/unencodable characters.
    - bpo-47101: hashlib.algorithms_available now lists only
      algorithms that are provided by activated crypto providers
      on OpenSSL 3.0. Legacy algorithms are not listed unless the
      legacy provider has been loaded into the default OSSL
    - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor
      exception memory leak
    - bpo-45393: Fix the formatting for await x and not x in the
      operator precedence table when using the help() system.
    - bpo-46415: Fix ipaddress.ip_{address,interface,network}
      raising TypeError instead of ValueError if given invalid
      tuple as address parameter.
    - bpo-28249: Set doctest.DocTest.lineno to None when object
      does not have __doc__.
    - bpo-45138: Fix a regression in the sqlite3 trace callback
      where bound parameters were not expanded in the passed
      statement string. The regression was introduced in Python
      3.10 by bpo-40318. Patch by Erlend E. Aasland.
    - bpo-44493: Add missing terminated NUL in sockaddr_un’s
    - This was potentially observable when using non-abstract
      AF_UNIX datagram sockets to processes written in another
      programming language.
    - bpo-42627: Fix incorrect parsing of Windows registry proxy
    - bpo-36073: Raise ProgrammingError instead of segfaulting on
      recursive usage of cursors in sqlite3 converters. Patch by
      Sergey Fedoseev.
    - Documentation
    - gh-86438: Clarify that -W and PYTHONWARNINGS are matched
      literally and case-insensitively, rather than as regular
      expressions, in warnings.
    - gh-92240: Added release dates for “What’s New in Python
      3.X” for 3.0, 3.1, 3.2, 3.8 and 3.10
    - gh-91888: Add a new gh role to the documentation to link to
      GitHub issues.
    - gh-91783: Document security issues concerning the use of
      the function shutil.unpack_archive()
    - gh-91547: Remove “Undocumented modules” page.
    - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of
    - bpo-38668: Update the introduction to documentation for
      os.path to remove warnings that became irrelevant after the
      implementations of PEP 383 and PEP 529.
    - bpo-47138: Pin Jinja to a version compatible with Sphinx
      version 3.2.1.
    - bpo-46962: All docstrings in code snippets are now wrapped
      into PyDoc_STR() to follow the guideline of PEP 7’s
      Documentation Strings paragraph. Patch by Oleg Iarygin.
    - bpo-26792: Improve the docstrings of runpy.run_module() and
      runpy.run_path(). Original patch by Andrew Brezovsky.
    - bpo-40838: Document that inspect.getdoc(),
      inspect.getmodule(), and inspect.getsourcefile() might
      return None.
    - bpo-45790: Adjust inaccurate phrasing in Defining Extension
      Types: Tutorial about the ob_base field and the macros used
      to access its contents.
    - bpo-42340: Document that in some circumstances
      KeyboardInterrupt may cause the code to enter an
      inconsistent state. Provided a sample workaround to avoid
      it if needed.
    - bpo-41233: Link the errnos referenced in
      Doc/library/exceptions.rst to their respective section in
      Doc/library/errno.rst, and vice versa. Previously this was
      only done for EINTR and InterruptedError. Patch by Yan
      “yyyyyyyan” Orestes.
    - bpo-38056: Overhaul the Error Handlers documentation in
    - bpo-13553: Document tkinter.Tk args.
    - Tests
    - gh-92886: Fixing tests that fail when running with
      optimizations (-O) in
    - gh-92670: Skip
      test_shutil.TestCopy.test_copyfile_nonexistent_dir test on
      AIX as the test uses a trailing slash to force the OS
      consider the path as a directory, but on AIX the trailing
      slash has no effect and is considered as a file.
    - gh-91904: Fix initialization of
      PYTHONREGRTEST_UNICODE_GUARD which prevented running
      regression tests on non-UTF-8 locale.
    - gh-91607: Fix test_concurrent_futures to test the correct
      multiprocessing start method context in several cases where
      the test logic mixed this up.
    - bpo-47205: Skip test for sched_getaffinity() and
      sched_setaffinity() error case on FreeBSD.
    - bpo-47104: Rewrite asyncio.to_thread() tests to use
    - bpo-29890: Add tests for ipaddress.IPv4Interface and
      ipaddress.IPv6Interface construction with tuple arguments.
      Original patch and tests by louisom.
    - Tools/Demos
    - gh-91583: Fix regression in the code generated by Argument
      Clinic for functions with the defining_class parameter.
* Tue May 10 2022 Matej Cepl <>
  - Refresh bluez-devel-vendor.tar.xz
* Thu May 05 2022 Matej Cepl <>
  - Switch primary_interpreter from python38 to python310 for
    Factory (only)
* Sat Mar 26 2022 Matej Cepl <>
  - Update to 3.10.4:
    - bpo-46968: Check for the existence of the “sys/auxv.h” header
      in faulthandler to avoid compilation problems in systems
      where this header doesn’t exist. Patch by Pablo Galindo
    - bpo-23691: Protect the re.finditer() iterator from
    - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to
      avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception
      when reading a ZipFile from multiple threads.
    - bpo-38256: Fix binascii.crc32() when it is compiled to use
      zlib’c crc32 to work properly on inputs 4+GiB in length
      instead of returning the wrong result. The workaround prior
      to this was to always feed the function data in increments
      smaller than 4GiB or to just call the zlib module function.
    - bpo-39394: A warning about inline flags not at the start of
      the regular expression now contains the position of the flag.
    - bpo-47061: Deprecate the various modules listed by PEP 594:
    - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt,
      imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd,
      sndhdr, spwd, sunau, telnetlib, uu, xdrlib
    - bpo-2604: Fix bug where doctests using globals would fail
      when run multiple times.
    - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
    - bpo-47022: The asynchat, asyncore and smtpd modules have been
      deprecated since at least Python 3.6. Their documentation and
      deprecation warnings and have now been updated to note they
      will removed in Python 3.12 (PEP 594).
    - bpo-46421: Fix a unittest issue where if the command was
      invoked as python -m unittest and the filename(s) began with
      a dot (.), a ValueError is returned.
    - bpo-40296: Fix supporting generic aliases in pydoc.
  - Update to 3.10.3:
    - bpo-46940: Avoid overriding AttributeError metadata
      information for nested attribute access calls. Patch by Pablo
    - bpo-46852: Rename the private undocumented
      float.__set_format__() method to float.__setformat__() to fix
      a typo introduced in Python 3.7. The method is only used by
      test_float. Patch by Victor Stinner.
    - bpo-46794: Bump up the libexpat version into 2.4.6
    - bpo-46820: Fix parsing a numeric literal immediately (without
      spaces) followed by “not in” keywords, like in 1not in x. Now
      the parser only emits a warning, not a syntax error.
    - bpo-46762: Fix an assert failure in debug builds when a ‘<’,
      ‘>’, or ‘=’ is the last character in an f-string that’s
      missing a closing right brace.
    - bpo-46724: Make sure that all backwards jumps use the
      JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an
      argument of (2**32)+offset.
    - bpo-46732: Correct the docstring for the __bool__() method.
      Patch by Jelle Zijlstra.
    - bpo-46707: Avoid potential exponential backtracking when
      producing some syntax errors involving lots of brackets.
      Patch by Pablo Galindo.
    - bpo-40479: Add a missing call to va_end() in
    - bpo-46615: When iterating over sets internally in
      setobject.c, acquire strong references to the resulting items
      from the set. This prevents crashes in corner-cases of
      various set operations where the set gets mutated.
    - bpo-45773: Remove two invalid “peephole” optimizations from
      the bytecode compiler.
    - bpo-43721: Fix docstrings of getter, setter, and deleter to
      clarify that they create a new copy of the property.
    - bpo-46503: Fix an assert when parsing some invalid N escape
      sequences in f-strings.
    - bpo-46417: Fix a race condition on setting a type __bases__
      attribute: the internal function add_subclass() now gets the
      PyTypeObject.tp_subclasses member after calling
      PyWeakref_NewRef() which can trigger a garbage collection
      which can indirectly modify PyTypeObject.tp_subclasses. Patch
      by Victor Stinner.
    - bpo-46383: Fix invalid signature of _zoneinfo’s module_free
      function to resolve a crash on wasm32-emscripten platform.
    - bpo-46070: Py_EndInterpreter() now explicitly untracks all
      objects currently tracked by the GC. Previously, if an object
      was used later by another interpreter, calling
      PyObject_GC_UnTrack() on the object crashed if the previous
      or the next object of the PyGC_Head structure became
      a dangling pointer. Patch by Victor Stinner.
    - bpo-46339: Fix a crash in the parser when retrieving the
      error text for multi-line f-strings expressions that do not
      start in the first line of the string. Patch by Pablo Galindo
    - bpo-46240: Correct the error message for unclosed parentheses
      when the tokenizer doesn’t reach the end of the source when
      the error is reported. Patch by Pablo Galindo
    - bpo-46091: Correctly calculate indentation levels for lines
      with whitespace character that are ended by line continuation
      characters. Patch by Pablo Galindo
    - bpo-43253: Fix a crash when closing transports where the
      underlying socket handle is already invalid on the Proactor
      event loop.
    - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3,
      including bugfix for EntryPoint.extras, which was returning
      match objects and not the extras strings.
    - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip
    - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically
      determine size of signal handler stack size CPython allocates
      using getauxval(AT_MINSIGSTKSZ). This changes allows for
      Python extension’s request to Linux kernel to use AMX_TILE
      instruction set on Sapphire Rapids Xeon processor to succeed,
      unblocking use of the ISA in frameworks.
    - bpo-46955: Expose asyncio.base_events.Server as
      asyncio.Server. Patch by Stefan Zabka.
    - bpo-23325: The signal module no longer assumes that SIG_IGN
      and SIG_DFL are small int singletons.
    - bpo-46932: Update bundled libexpat to 2.4.7
    - bpo-25707: Fixed a file leak in
      xml.etree.ElementTree.iterparse() when the iterator is not
      exhausted. Patch by Jacob Walls.
    - bpo-44886: Inherit asyncio proactor datagram transport from
    - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect()
      for selector-based event loops. Patch by Thomas Grainger.
    - bpo-46811: Make test suite support Expat >=2.4.5
    - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to
      transport-based APIs.
    - bpo-46784: Fix libexpat symbols collisions with user
      dynamically loaded or statically linked libexpat in embedded
    - bpo-39327: shutil.rmtree() can now work with VirtualBox
      shared folders when running from the guest operating-system.
    - bpo-46756: Fix a bug in
      urllib.request.HTTPPasswordMgr.find_user_password() and
      which allowed to bypass authorization. For example, access to
      URI was allowed if the user was authorized
      for URI
    - bpo-46643: In typing.get_type_hints(), support evaluating
      stringified ParamSpecArgs and ParamSpecKwargs annotations.
      Patch by Gregory Beauregard.
    - bpo-45863: When the tarfile module creates a pax format
      archive, it will put an integer representation of timestamps
      in the ustar header (if possible) for the benefit of older
      unarchivers, in addition to the existing full-precision
      timestamps in the pax extended header.
    - bpo-46676: Make typing.ParamSpec args and kwargs equal to
      themselves. Patch by Gregory Beauregard.
    - bpo-46672: Fix NameError in asyncio.gather() when initial
      type check fails.
    - bpo-46655: In typing.get_type_hints(), support evaluating
      bare stringified TypeAlias annotations. Patch by Gregory
    - bpo-45948: Fixed a discrepancy in the C implementation of the
      xml.etree.ElementTree module. Now, instantiating an
      xml.etree.ElementTree.XMLParser with a target=None keyword
      provides a default xml.etree.ElementTree.TreeBuilder target
      as the Python implementation does.
    - bpo-46521: Fix a bug in the codeop module that was
      incorrectly identifying invalid code involving string quotes
      as valid code.
    - bpo-46581: Brings ParamSpec propagation for GenericAlias in
      line with Concatenate (and others).
    - bpo-46591: Make the IDLE doc URL on the About IDLE dialog
    - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
    - bpo-46487: Add the get_write_buffer_limits method to
      asyncio.transports.WriteTransport and to the SSL transport.
    - bpo-45173: Note the configparser deprecations will be removed
      in Python 3.12.
    - bpo-46539: In typing.get_type_hints(), support evaluating
      stringified ClassVar and Final annotations inside Annotated.
      Patch by Gregory Beauregard.
    - bpo-46491: Allow typing.Annotated to wrap typing.Final and
      typing.ClassVar. Patch by Gregory Beauregard.
    - bpo-46436: Fix command-line option -d/--directory in module
      http.server which is ignored when combined with command-line
      option --cgi. Patch by Géry Ogam.
    - bpo-41403: Make mock.patch() raise a TypeError with
      a relevant error message on invalid arg. Previously it
      allowed a cryptic AttributeError to escape.
    - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid
      potential REDoS by limiting ambiguity in consecutive
    - bpo-46469: asyncio generic classes now return
      types.GenericAlias in __class_getitem__ instead of the same
    - bpo-46434: pdb now gracefully handles help when __doc__ is
      missing, for example when run with pregenerated optimized
      .pyc files.
    - bpo-46333: The __eq__() and __hash__() methods of
      typing.ForwardRef now honor the module parameter of
      typing.ForwardRef. Forward references from different modules
      are now differentiated.
    - bpo-46246: Add missing __slots__ to
      importlib.metadata.DeprecatedList. Patch by Arie Bovenberg.
    - bpo-46266: Improve day constants in calendar.
    - Now all constants (MONDAY … SUNDAY) are documented, tested,
      and added to __all__.
    - bpo-46232: The ssl module now handles certificates with bit
      strings in DN correctly.
    - bpo-43118: Fix a bug in inspect.signature() that was causing
      it to fail on some subclasses of classes with
      a __text_signature__ referencing module globals. Patch by
      Weipeng Hong.
    - bpo-26552: Fixed case where failing asyncio.ensure_future()
      did not close the coroutine. Patch by Kumar Aditya.
    - bpo-21987: Fix an issue with tarfile.TarFile.getmember()
      getting a directory name with a trailing slash.
    - bpo-20392: Fix inconsistency with uppercase file extensions
      in MimeTypes.guess_type(). Patch by Kumar Aditya.
    - bpo-46080: Fix exception in argparse help text generation if
      a argparse.BooleanOptionalAction argument’s default is
      argparse.SUPPRESS and it has help specified. Patch by Felix
    - bpo-44439: Fix .write() method of a member file in ZipFile,
      when the input data is an object that supports the buffer
      protocol, the file length may be wrong.
    - bpo-45703: When a namespace package is imported before
      another module from the same namespace is created/installed
      in a different sys.path location while the program is
      running, calling the importlib.invalidate_caches() function
      will now also guarantee the new module is noticed.
    - bpo-24959: Fix bug where unittest sometimes drops frames from
      tracebacks of exceptions raised in tests.
    - bpo-44791: Fix substitution of ParamSpec in Concatenate with
      different parameter expressions. Substitution with a list of
      types returns now a tuple of types. Substitution with
      Concatenate returns now a Concatenate with concatenated lists
      of arguments.
    - bpo-14156: argparse.FileType now supports an argument of ‘-’
      in binary mode, returning the .buffer attribute of
      sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and
      ‘a’ are treated equivalently to ‘w’ when argument is ‘-’.
      Patch contributed by Josh Rosenberg
    - bpo-46463: Fixes script used when building the
      CHM documentation file
    - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is
      built with undefined behavior sanitizer (UBSAN): disable
      UBSAN on the faulthandler_sigfpe() function. Patch by Victor
    - bpo-46708: Prevent default asyncio event loop policy
      modification warning after test_asyncio execution.
    - bpo-46678: The function make_legacy_pyc in
      Lib/test/support/ no longer fails when
      PYTHONPYCACHEPREFIX is set to a directory on a different
      device from where tempfiles are stored.
    - bpo-46616: Ensures test_importlib.test_windows cleans up
      registry keys after completion.
    - bpo-44359: test_ftplib now silently ignores socket errors to
      prevent logging unhandled threading exceptions. Patch by
      Victor Stinner.
    - bpo-46542: Fix a Python crash in test_lib2to3 when using
      Python built in debug mode: limit the recursion limit. Patch
      by Victor Stinner.
    - bpo-46576: test_peg_generator now disables compiler
      optimization when testing compilation of its own C extensions
      to significantly speed up the testing on non-debug builds of
    - bpo-46542: Fix test_json tests checking for RecursionError:
      modify these tests to use support.infinite_recursion(). Patch
      by Victor Stinner.
    - bpo-13886: Skip test_builtin PTY tests on non-ASCII
      characters if the readline module is loaded. The readline
      module changes input() behavior, but test_builtin is not
      intented to test the readline module. Patch by Victor
    - bpo-38472: Fix GCC detection in when
      cross-compiling. The C compiler is now run with LC_ALL=C.
      Previously, the detection failed with a German locale.
    - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro
      and pyconfig.h no longer defines reserved symbol
    - bpo-45296: Clarify close, quit, and exit in IDLE. In the File
      menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current
      one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows).
      In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there
      are no other windows, this also exits IDLE.
    - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch
      by Alex Waygood and Terry Jan Reedy.
    - bpo-46433: The internal function _PyType_GetModuleByDef now
      correctly handles inheritance patterns involving static
    - bpo-14916: Fixed bug in the tokenizer that prevented
      PyRun_InteractiveOne from parsing from the provided FD.
* Thu Mar 24 2022 David Anes <>
  - (bsc#1196784, CVE-2022-25236) Rename patch:
    support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
    and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
    as it was fully patched against CVE-2022-25236.
* Tue Feb 22 2022 Steve Kowalik <>
  - Add patch support-expat-245.patch:
    * Support Expat >= 2.4.5
* Tue Feb 15 2022 Matej Cepl <>
  - bsc#1195831 Obsolete older "most modern" versions of python
    packages (python39 for python310 and so forth). For next
    versions it is necessary just to edit the macro.
* Tue Jan 25 2022 Matej Cepl <>
  - Remove second superfluous BR rpm-build-python
* Tue Jan 25 2022 Matej Cepl <>
  - Remove second superfluous BR rpm-build-python
  - Add fix_configure_rst.patch, which removes duplicate link
    targets and make documentation with old Sphinx in SLE
  - Skip test_capi (bsc#1195140 and bpo#37169)
* Wed Jan 19 2022 Matej Cepl <>
  - Update to 3.10.2:
    Bugfix only
    - bpo#46347 memory leak in PyEval_EvalCodeEx (especially
      visible with Cython code)
    - and many others
* Wed Dec 08 2021 Matej Cepl <>
  - Upgrade to 3.10.1 (jsc#SLE-18038):
    - PEP 623 – Deprecate and prepare for the removal of the wstr
      member in PyUnicodeObject.
    - PEP 604 – Allow writing union types as X | Y
    - PEP 612 – Parameter Specification Variables
    - PEP 626 – Precise line numbers for debugging and other tools.
    - PEP 618 – Add Optional Length-Checking To zip.
    - bpo-12782: Parenthesized context managers are now officially
    - PEP 632 – Deprecate distutils module.
    - PEP 613 – Explicit Type Aliases
    - PEP 634 – Structural Pattern Matching: Specification
    - PEP 635 – Structural Pattern Matching: Motivation and
    - PEP 636 – Structural Pattern Matching: Tutorial
    - PEP 644 – Require OpenSSL 1.1.1 or newer
    - PEP 624 – Remove Py_UNICODE encoder APIs
    - PEP 597 – Add optional EncodingWarning
  - Patches readjusted:
    - bpo-31046_ensurepip_honours_prefix.patch
    - python-3.3.0b1-fix_date_time_compiler.patch
* Sat Dec 04 2021 Matej Cepl <>
  - Remove pdb_adjust_breakpoints.patch and instead just adjust location
    of the test breakpoint in Lib/test/ via sed, because we
    have shortened Lib/ by removing the shebang (bpo#45964).
* Thu Dec 02 2021 Matej Cepl <>
  - Add pdb_adjust_breakpoints.patch fixing expectd results in
* Mon Nov 29 2021 Matej Cepl <>
  - Remove shebangs from from python-base libraries in _libdir
  - Readjust patches:
    - bpo-31046_ensurepip_honours_prefix.patch
    - decimal.patch
    - python-3.3.0b1-fix_date_time_compiler.patch
* Tue Nov 16 2021 Matej Cepl <>
  - Move rpm-build-python construct to correct place.
* Wed Oct 13 2021 Dominique Leuenberger <>
  - BuildRequire rpm-build-python: The provider to inject python(abi)
    has been moved there. rpm-build pulls rpm-build-python
    automatically in when building anything against python3-base, but
    this implies that the initial build of python3-base does not
    trigger the automatic installation.
* Tue Oct 05 2021 Matej Cepl <>
  - Final release of 3.10.0:
    Complete list on,
    but highlights are:
    - PEP 623 – Deprecate and prepare for the removal of the wstr
      member in PyUnicodeObject.
    - PEP 604 – Allow writing union types as X | Y
    - PEP 612 – Parameter Specification Variables
    - PEP 626 – Precise line numbers for debugging and other
    - PEP 618 – Add Optional Length-Checking To zip.
    - PEP 632 – Deprecate distutils module.
    - PEP 613 – Explicit Type Aliases
    - PEP 634 – Structural Pattern Matching: Specification
    - PEP 635 – Structural Pattern Matching: Motivation and
    - PEP 636 – Structural Pattern Matching: Tutorial
    - PEP 644 – Require OpenSSL 1.1.1 or newer
    - PEP 624 – Remove Py_UNICODE encoder APIs
    - PEP 597 – Add optional EncodingWarning
    - bpo-12782: Parenthesized context managers are now officially
* Mon Aug 30 2021 Matej Cepl <>
  - Switch on option --with-system-libmpdec (bsc#1189356).
* Fri Aug 27 2021 Andreas Schwab <>
  - Reenable profileopt with qemu emulation, test_faulthandler is no longer
    run during profiling
* Thu Aug 12 2021 Andreas Schwab <>
  - test_faulthandler is still problematic under qemu linux-user emulation,
    disable it there
* Wed Aug 11 2021 Matej Cepl <>
  - Update to 3.10.0rc1 (the penultimate prerelease), which contains
    plenty of small bugfixes among others:
    - bpo#38605: from __future__ import annotations (PEP 563) used to be
      on this list in previous pre-releases but it has been postponed to
      Python 3.11 due to some compatibility concerns.
    - bpo-44600: Fix incorrect line numbers while tracing some failed
      patterns in match statements. Patch by Charles Burkland.
    - plenty of modifications in types.Union
* Wed Jul 21 2021 Matej Cepl <>
  - Update to 3.10.0b4:
  - Remove python3-imp-returntype.patch which has been upstreamed.
* Mon Jun 07 2021 Matej Cepl <>
  - Update to 3.10.0b2:
    - PEP 623 -- Deprecate and prepare for the removal of the wstr
      member in PyUnicodeObject.
    - PEP 604 -- Allow writing union types as X | Y
    - PEP 612 -- Parameter Specification Variables
    - PEP 626 -- Precise line numbers for debugging and other
    - PEP 618 -- Add Optional Length-Checking To zip.
    - bpo-12782: Parenthesized context managers are now officially
    - PEP 632 -- Deprecate distutils module.
    - PEP 613 -- Explicit Type Aliases
    - PEP 634 -- Structural Pattern Matching: Specification
    - PEP 635 -- Structural Pattern Matching: Motivation and
    - PEP 636 -- Structural Pattern Matching: Tutorial
    - PEP 644 -- Require OpenSSL 1.1.1 or newer
    - PEP 624 -- Remove Py_UNICODE encoder APIs
    - PEP 597 -- Add optional EncodingWarning
  - Removed patches (assumed upstream):
    - sphinx-update-removed-function.patch
* Sat Jun 05 2021 Matej Cepl <>
  - Revert previous skip over test_capi
  - Add skip-test_pyobject_freed_is_freed.patch to skip failing
    test on SLE-15.
* Fri Jun 04 2021 Dirk Müller <>
  - allow build with Sphinx >= 3.x
* Wed Jun 02 2021 Dan Čermák <>
  - Exclude test_capi on Leap (test fails there)
* Fri May 21 2021 Matej Cepl <>
  - Stop providing "python" symbol (bsc#1185588), which means
    python2 currently.
* Wed May 05 2021 Matej Cepl <>
  - Update to 3.9.5:
    * Security
    - bpo-43434: Creating a sqlite3.Connection object now also
      produces a sqlite3.connect auditing event. Previously this
      event was only produced by sqlite3.connect() calls. Patch
      by Erlend E. Aasland.
    - bpo-43882: The presence of newline or tab characters in
      parts of a URL could allow some forms of attacks.
    - Following the controlling specification for URLs defined by
      WHATWG urllib.parse() now removes ASCII newlines and tabs
      from URLs, preventing such attacks.
    - bpo-43472: Ensures interpreter-level audit hooks receive
      the cpython.PyInterpreterState_New event when called
      through the _xxsubinterpreters module.
    - bpo-36384: ipaddress module no longer accepts any leading
      zeros in IPv4 address strings. Leading zeros are ambiguous
      and interpreted as octal notation by some libraries. For
      example the legacy function socket.inet_aton() treats
      leading zeros as octal notatation. glibc implementation of
      modern inet_pton() does not accept any leading zeros. For
      a while the ipaddress module used to accept ambiguous
      leading zeros.
    - bpo-43075: Fix Regular Expression Denial of Service (ReDoS)
      vulnerability in urllib.request.AbstractBasicAuthHandler.
      The ReDoS-vulnerable regex has quadratic worst-case
      complexity and it allows cause a denial of service when
      identifying crafted invalid RFCs. This ReDoS issue is on
      the client side and needs remote attackers to control the
      HTTP server.
    - bpo-42800: Audit hooks are now fired for frame.f_code,
      traceback.tb_frame, and generator code/frame attribute
    * Core and Builtins
    - bpo-43105: Importlib now resolves relative paths when
      creating module spec objects from file locations.
    - bpo-42924: Fix bytearray repetition incorrectly copying
      data from the start of the buffer, even if the data is
      offset within the buffer (e.g. after reassigning a slice at
      the start of the bytearray to a shorter byte string).
    * Library
    - bpo-43993: Update bundled pip to 21.1.1.
    - bpo-43937: Fixed the turtle module working with non-default
      root window.
    - bpo-43930: Update bundled pip to 21.1 and setuptools to
    - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now
      returns a consistent error message when cadata contains no
      valid certificate.
    - bpo-43607: urllib can now convert Windows paths with \\?\
      prefixes into URL paths.
    - bpo-43284: platform.win32_ver derives the windows version
      from sys.getwindowsversion().platform_version which in turn
      derives the version from kernel32.dll (which can be of
      a different version than Windows itself). Therefore change
      the platform.win32_ver to determine the version using the
      platform module’s _syscmd_ver private function to return an
      accurate version.
    - bpo-42248: [Enum] ensure exceptions raised in _missing__
      are released
    - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1
      to suppress deprecation warnings. Python requires OpenSSL
      1.1.1 APIs.
    - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants
      (OpenSSL 3.0.0)
    - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback
      function a second time when first call has signaled an
      error condition.
    - bpo-43788: The header files for ssl error codes are now
      OpenSSL version-specific. Exceptions will now show correct
      reason and library codes. The script has
      been rewritten to use OpenSSL’s text file with error codes.
    - bpo-43655: tkinter dialog windows are now recognized as
      dialogs by window managers on macOS and X Window.
    - bpo-43534: turtle.textinput() and turtle.numinput() create
      now a transient window working on behalf of the canvas
    - bpo-43522: Fix problem with hostname_checks_common_name.
      OpenSSL does not copy hostflags from struct SSL_CTX to
      struct SSL.
    - bpo-42967: Allow bytes separator argument in
      urllib.parse.parse_qs and urllib.parse.parse_qsl when
      parsing str query strings. Previously, this raised
      a TypeError.
    - bpo-43176: Fixed processing of a dataclass that inherits
      from a frozen dataclass with no fields. It is now correctly
      detected as an error.
    - bpo-41735: Fix thread locks in zlib module may go wrong in
      rare case. Patch by Ma Lin.
    - bpo-36470: Fix dataclasses with InitVars and replace().
      Patch by Claudiu Popa.
    - bpo-32745: Fix a regression in the handling of ctypes’
      ctypes.c_wchar_p type: embedded null characters would cause
      a ValueError to be raised. Patch by Zackery Spytz.
    * Documentation
    - bpo-43959: The documentation on the PyContextVar C-API was
    - bpo-43938: Update dataclasses documentation to express that
      FrozenInstanceError is derived from AttributeError.
    - bpo-43755: Update documentation to reflect that
      unparenthesized lambda expressions can no longer be the
      expression part in an if clause in comprehensions and
      generator expressions since Python 3.9.
    - bpo-43739: Fixing the example code in
      Doc/extending/extending.rst to declare and initialize the
      pmodule variable to be of the right type.
    * Tests
    - bpo-43961: Fix
      test_logging.test_namer_rotator_inheritance() on Windows:
      use os.replace() rather than os.rename(). Patch by Victor
    - bpo-43842: Fix a race condition in the SMTP test of
      test_logging. Don’t close a file descriptor (socket) from
      a different thread while asyncore.loop() is polling the
      file descriptor. Patch by Victor Stinner.
    - bpo-43811: Tests multiple OpenSSL versions on GitHub
      Actions. Use ccache to speed up testing.
    - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy
      protocols TLS 1.0 and 1.1. Tests are failing with
  - Refreshed patches:
    - bpo-31046_ensurepip_honours_prefix.patch
    - python-3.3.0b1-fix_date_time_compiler.patch
  - Add vendorized files from bluez-devel to enable building support for
* Sun May 02 2021 Ben Greiner <>
  - Make sure to close the file after the exception
    has been raised in order to avoid ResourceWarnings when the
    failing import is part of a try...except block.
* Wed Apr 28 2021 Matej Cepl <>
  - Update to 3.9.4:
    - bpo#43710: Reverted the fix for
      as it changed the PyThreadState struct size and broke the 3.9.x ABI
      in the 3.9.3 release (visible on 32-bit platforms using binaries
      compiled using an earlier version of Python 3.9.x headers).
    - bpo#26053: Fixed bug where the pdb interactive run command echoed
      the args from the shell command line, even if those have been
      overridden at the pdb prompt.
    - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
      feature of the pydoc module which could be abused to read
      arbitrary files on the disk (directory traversal
      vulnerability). Moreover, even source code of Python modules
      can contain sensitive data like passwords. Vulnerability
      reported by David Schwörer.
    - bpo#43285: ftplib no longer trusts the IP address value
      returned from the server in response to the PASV command by
      default. This prevents a malicious FTP server from using the
      response to probe IPv4 address and port combinations on the
      client network. Code that requires the former vulnerable
      behavior may set a trust_server_pasv_ipv4_address attribute
      on their ftplib.FTP instances to True to re-enable it.
    - bpo#43439: Add audit hooks for gc.get_objects(),
      gc.get_referrers() and gc.get_referents(). Patch by Pablo
    - bpo#43660: Fix crash that happens when replacing sys.stderr
      with a callable that can remove the object while an exception
      is being printed. Patch by Pablo Galindo.
    - bpo#43555: Report the column offset for SyntaxError for
      invalid line continuation characters. Patch by Pablo Galindo.
    - bpo#43517: Fix misdetection of circular imports when using
      from pkg.mod import attr, which caused false positives in
      non-trivial multi-threaded code.
    - bpo#35883: Python no longer fails at startup with a fatal
      error if a command line argument contains an invalid Unicode
      character. The Py_DecodeLocale() function now escapes byte
      sequences which would be decoded as Unicode characters
      outside the [U+0000; U+10ffff] range.
    - bpo#43406: Fix a possible race condition where
      PyErr_CheckSignals tries to execute a non-Python signal
    - bpo#42500: Improve handling of exceptions near recursion
      limit. Converts a number of Fatal Errors in RecursionErrors.
    - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query
      and fragment in the URL of the server.
    - bpo#35930: Raising an exception raised in a “future” instance
      will create reference cycles.
    - bpo#43577: Fix deadlock when using ssl.SSLContext debug
      callback with ssl.SSLContext.sni_callback().
    - bpo#43521: ast.unparse can now render NaNs and empty sets.
    - bpo#43423: subprocess.communicate() no longer raises an
      IndexError when there is an empty stdout or stderr IO buffer
      during a timeout on Windows.
    - bpo#27820: Fixed long-standing bug of smtplib.SMTP where
      doing AUTH LOGIN with initial_response_ok=False will fail.
      The cause is that SMTP.auth_login _always_ returns a password
      if provided with a challenge string, thus non-compliant with
      the standard for AUTH LOGIN. Also fixes bug with the test for
    - bpo#43332: Improves the networking efficiency of http.client
      when using a proxy via set_tunnel(). Fewer small send calls
      are made during connection setup.
    - bpo#43399: Fix ElementTree.extend not working on iterators
      when using the Python implementation
    - bpo#43316: The python -m gzip command line application now
      properly fails when detecting an unsupported extension. It
      exits with a non-zero exit code and prints an error message
      to stderr.
    - bpo#43260: Fix TextIOWrapper can not flush internal buffer
      forever after very large text is written.
    - bpo#42782: Fail fast in shutil.move() to avoid creating
      destination directories on failure.
    - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn
      introduced in Python 3.7.
    - bpo#43199: Answer “Why is there no goto?” in the Design and
      History FAQ.
    - bpo#43407: Clarified that a result from time.monotonic(),
      time.perf_counter(), time.process_time(), or
      time.thread_time() can be compared with the result from any
      following call to the same function - not just the next
      immediate call.
    - bpo#27646: Clarify that ‘yield from <expr>’ works with any
      iterable, not just iterators.
    - bpo#36346: Update some deprecated unicode APIs which are
      documented as “will be removed in 4.0” to “3.12”. See PEP 623
      for detail.
    - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale:
      skip the test if setlocale() fails. Patch by Victor Stinner.
    - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL
      security level policy.
    - bpo#43288: Fix test_importlib to correctly skip Unicode file
      tests if the fileystem does not support them.
    - bpo#43617: Improve Check for presence of
      autoconf-archive package and remove our copies of M4 macros.
    - bpo#42225: Document that IDLE can fail on Unix either from
      misconfigured IP masquerage rules or failure displaying
      complex colored (non-ascii) characters.
    - bpo#43283: Document why printing to IDLE’s Shell is often
      slower than printing to a system terminal and that it can be
      made faster by pre-formatting a single string before
* Fri Feb 19 2021 Matej Cepl <>
  - Update to 3.9.2:
    - bpo#42938 (bsc#1181126): Avoid static buffers when computing
      the repr of ctypes.c_double and ctypes.c_longdouble
      values. This issue was assigned CVE-2021-3177.
    - bpo#42967 (bsc#1182379): Fix web cache poisoning
      vulnerability by defaulting the query args separator to &,
      and allowing the user to choose a custom separator. This
      issue was assigned CVE-2021-23336.
  - Upstreamed patches were removed:
    - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
    - bsc1167501-invalid-alignment.patch
    - skip_random_failing_tests.patch
    - CVE-2019-5010-null-defer-x509-cert-DOS.patch
* Tue Feb 09 2021 Steve Kowalik <>
  - Add Obsoletes for python3-base when primary interpreter is set to
    properly replace it during upgrades.  (bsc#1181324)
* Mon Feb 08 2021 Matej Cepl <>
  - Update to 3.9.1:
    Security bugs:
    - Prevented potential DoS attack via CPU and RAM exhaustion
      when processing malformed Apple Property List files in binary
    - The plistlib module no longer accepts entity declarations in
      XML plist files to avoid XML vulnerabilities. This should not
      affect users as entity declarations are not used in regular
      plist files.
    - Add volatile to the accumulator variable in
      hmac.compare_digest, making constant-time-defeating
      optimizations less likely.
    Core and Builtins
    - Allow assignment expressions in set literals and set
      comprehensions as per PEP 572. Patch by Pablo Galindo.
    - Fix a regression introduced by the new parser, where an
      unparenthesized walrus operator was not allowed within
      generator expressions.
    - types.GenericAlias objects can now be the targets of
    - Fixed a bug in the PEG parser that was causing crashes in
      debug mode. Now errors are checked in left-recursive rules to
      avoid cases where such errors do not get handled in time and
      appear as long-distance crashes in other places.
    - Fixed a possible crash in the PEG parser when checking for
      the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo
    - Fix handling of errors during creation of PyFunctionObject,
      which resulted in operations on uninitialized memory. Patch
      by Yonatan Goldschmidt.
    - Fix a bug in the parser, where a curly brace following
      a primary didn’t fail immediately. This led to invalid
      expressions like a {b} to throw a SyntaxError with a wrong
      offset, or invalid expressions ending with a curly brace like
      a { to not fail immediately in the REPL.
    - Fix possible buffer overflow in the new parser when checking
      for continuation lines. Patch by Pablo Galindo.
    - Run the parser two times. On the first run, disable all the
      rules that only generate better error messages to gain
      performance. If there’s a parse failure, run the parser
      a second time with those enabled.
    - Document the default implementation of object.__eq__.
    - Fix peephole optimizer misoptimize conditional jump
      + JUMP_IF_NOT_EXC_MATCH pair.
    - The garbage collector now tracks all user-defined classes.
      Patch by Brandt Bucher.
    - Fixed potential issues with removing not completely
      initialized module from sys.modules when import fails.
    - Star-unpacking is now allowed for with item’s targets in the
      PEG parser.
    - Fixed stack overflow in issubclass() and isinstance() when
      getting the __bases__ attribute leads to infinite recursion.
    - When loading a native module and a load failure occurs,
      prevent a possible UnicodeDecodeError when not running in
      a UTF-8 locale by decoding the load error message using the
      current locale’s encoding.
    - Correctly count control blocks in ‘except’ in compiler.
      Ensures that a syntax error, rather a fatal error, occurs for
      deeply nested, named exception handlers.
    - types.GenericAlias will now raise a TypeError when attempting
      to initialize with a keyword argument. Previously, this would
      cause the interpreter to crash if the interpreter was
      compiled with debug symbols. This does not affect
      interpreters compiled for release. Patch by Ken Jin.
    - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly
      parsed. Replace the special purpose getallmatchingheaders
      with generic get_all method and add relevant tests.
    - inspect.findsource() now raises OSError instead of IndexError
      when co_lineno of a code object is greater than the file
      length. This can happen, for example, when a file is edited
      after it was imported. PR by Irit Katriel.
    - Fix handling of trailing comments by inspect.getsource().
    - ChainMap.__iter__ no longer calls __getitem__ on underlying
    - TracebackException no longer holds a reference to the
      exception’s traceback object. Consequently, instances of
      TracebackException for equivalent but non-equal exceptions
      now compare as equal.
    - We fixed an issue in pickle.whichmodule in which importing
      multiprocessing could change the how pickle identifies which
      module an object belongs to, potentially breaking the
      unpickling of those objects.
    - Clarify the error message for asyncio.IncompleteReadError
      when expected is None.
    - Extracting a symlink from a tarball should succeed and
      overwrite the symlink if it already exists. The fix is to
      remove the existing file or symlink before extraction. Based
      on patch by Chris AtLee, Jeffrey Kintscher, and Senthil
    - Fixed The function accepts now the
      representation of the default state as empty sequence (as
      returned by The structure of the result is now
      the same on all platform and does not depend on the value of
    - Fix various issues with typing.Literal parameter handling
      (flatten, deduplicate, use type to cache key). Patch provided
      by Yurii Karabas.
    - Fix the threading.Thread class at fork: do nothing if the
      thread is already stopped (ex: fork called at Python exit).
      Previously, an error was logged in the child process.
    - The onerror callback from shutil.rmtree now receives correct
      function when fails.
    - Fix os.sendfile() on illumos.
    - Fixed writing binary Plist files larger than 4 GiB.
    - The repr() of typing types containing Generic Alias Types
      previously did not show the parameterized types in the
      GenericAlias. They have now been changed to do so.
    - webbrowser: Ignore NotADirectoryError when calling
    - binhex.binhex() consisently writes macOS 9 line endings.
    - Fix a stack overflow error for asyncio Task or Future repr().
    - The overflow occurs under some circumstances when a Task or
      Future recursively returns itself.
    - Fix memory leak in subprocess.Popen() in case an uid (gid)
      specified in user (group, extra_groups) overflows uid_t
    - Improve asyncio.wait function to create the futures set just
      one time.
    - InvalidFileException and RecursionError are now the only
      errors caused by loading malformed binary Plist file
      (previously ValueError and TypeError could be raised in some
      specific cases).
    - Pickling heap types implemented in C with protocols 0 and
      1 raises now an error instead of producing incorrect data.
    - plistlib: fix parsing XML plists with hexadecimal integer
    - Fix an incorrectly formatted error from
      _codecs.charmap_decode() when called with a mapped value
      outside the range of valid Unicode code points. PR by Max
    - Fix pickling pure Python datetime.time subclasses. Patch by
      Dean Inwood.
    - Fixed a bug that was causing ctypes.util.find_library() to
      return None when triying to locate a library in an
      environment when gcc>=9 is available and ldconfig is not.
      Patch by Pablo Galindo
    - C14N 2.0 serialisation in xml.etree.ElementTree failed for
      unprefixed attributes when a default namespace was defined.
    - Fix a bug in the symtable module that was causing
      module-scope global variables to not be reported as both
      local and global. Patch by Pablo Galindo.
    - str() for the type attribute of the tkinter.Event object
      always returns now the numeric code returned by Tk instead of
      the name of the event type.
    - fix tkinter.EventType Enum so all members are strings, and
      none are tuples
    - Fix SQLite3 segfault when backing up closed database. Patch
      contributed by Peter David McCormick.
    - Fix the tarfile module to write only basename of TAR file to
      GZIP compression header.
    - Allow ctypes.wintypes to be imported on non-Windows systems.
    - shutil.which() now ignores empty entries in PATHEXT instead
      of treating them as a match.
    - Fix time-of-check/time-of-action issue in
    - Fix --outfile for cProfile / profile not writing the output
      file in the original directory when the program being
      profiled changes the working directory. PR by Anthony
    - ZipFile truncates files to avoid corruption when a shorter
      comment is provided in append (“a”) mode. Patch by Jan Mazur.
    - Fixed KeyError exception when flattening an email to a string
      attempts to replace a non-existent Content-Transfer-Encoding
    - Fix the URL for the IMAP protocol documents.
    - Document __format__ functionality for IP addresses.
    - Clarify that subscription expressions are also valid for
      certain classes and types in the standard library, and for
      user-defined classes and types if the classmethod
      __class_getitem__() is provided.
    - Documented generic alias type and types.GenericAlias. Also
      added an entry in glossary for generic types.
    - In Programming FAQ “Sequences (Tuples/Lists)” section, add
      “How do you remove multiple items from a list”.
    - Fix RemovedInSphinx40Warning when building the documentation.
      Patch by Dong-hee Na.
    - Update the refcounts info of PyType_FromModuleAndSpec.
    - Fix tarfile’s extractfile documentation
    - Document some restrictions on the default string
      representations of numeric classes.
    - Reenable test_gdb on gdb 9.2 and newer: bug is
      fixed in gdb 10.1.
    - Fix test_asyncio.test_call_later() race condition: don’t
      measure asyncio performance in the call_later() unit test.
      The test failed randomly on the CI.
    - Include _testinternalcapi module in Windows installer for
      test suite
    - Fix test_logging.test_race_between_set_target_and_flush():
      the test now waits until all threads complete to avoid
      leaking running threads.
    - Avoid a test failure in test_lib2to3 if the module has
      already imported at the time the test executes. Patch by
      Pablo Galindo.
    - Tests for CJK codecs no longer call eval() on content
      received via HTTP.
    - Fix test_site.test_license_exists_at_url(): call
      urllib.request.urlcleanup() to reset the global
      urllib.request._opener. Patch by Victor Stinner.
    - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is
      not available
    - Add tests for SIGINT handling in the runpy module.
    - Fixed a failure in test_tk.test_widgets.ScaleTest happening
      when executing the test with Tk 8.6.10.
    - Fix a race condition in “make regen-all” when make -jN option
      is used to run jobs in parallel. The script now
      only use atomic write to write files. Moveover, generated
      files are now left unchanged if the content does not change,
      to not change the file modification time.
    - Update Py_UNREACHABLE to use __builtin_unreachable() if only
      the compiler is able to use it. Patch by Dong-hee Na.
    - Addressed three compiler warnings found by undefined behavior
      sanitizer (ubsan).
    - Fix reporting offset of the RE error in searchengine.
    - Get docstrings for IDLE calltips more often by using
    - Mostly finish using ttk widgets, mainly for editor, settings,
      and searches. Some patches by Mark Roseman.
    - Use ‘IDLE Shell’ as shell title
    - Rewrite the Calltips doc section.
    - In calltips, stop reminding that ‘/’ marks the end of
      positional-only arguments.
    - Typing opening and closing parentheses inside the parentheses
      of a function call will no longer cause unnecessary
      “flashing” off and on of an existing open call-tip, e.g. when
      typed in a string literal.
    C API
    - Fix potential crash in deallocating method objects when
      dynamically allocated PyMethodDef’s lifetime is managed
      through the self argument of a PyCFunction.
    - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are
      available again in limited API.
  - Readjustet and reapplied patches:
    - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
    - bpo-31046_ensurepip_honours_prefix.patch
    - python-3.3.0b1-fix_date_time_compiler.patch
    - skip_random_failing_tests.patch
    - sphinx-update-removed-function.patch
* Fri Jan 29 2021 Matej Cepl <>
  - Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
    bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
    _ctypes/callproc.c, which may lead to remote code execution.
* Tue Jan 05 2021 Matej Cepl <>
  - (bsc#1180125) We really don't Require python-rpm-macros package.
    Unnecessary dependency.



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue May 28 01:02:35 2024