Overview
Request 1179195 superseded
- Update to 3.12.4:
- Security
- gh-118486: os.mkdir() on Windows now accepts mode of 0o700
to restrict the new directory to the current user. This
fixes CVE-2024-4030 affecting tempfile.mkdtemp() in
scenarios where the base temporary directory is more
permissive than the default.
- gh-116741: Update bundled libexpat to 2.6.2
- gh-117233: Detect BLAKE2, SHA3, Shake, & truncated SHA512
support in the OpenSSL-ish libcrypto library at build
time. This allows hashlib to be used with libraries that do
not to support every algorithm that upstream OpenSSL does.
- Core and Builtins
- gh-119821: Fix execution of annotation scopes within
classes when globals is set to a non-dict. Patch by Jelle
Zijlstra.
- gh-118263: Speed up os.path.normpath() with a direct C
call.
- gh-119311: Fix bug where names are unexpectedly mangled in
the bases of generic classes.
- gh-119395: Fix bug where names appearing after a generic
class are mangled as if they are in the generic class.
- gh-118507: Fix os.path.isfile() on Windows for pipes.
- gh-119213: Non-builtin modules built with argument clinic
were crashing if used in a subinterpreter before the main
interpreter. The objects that were causing the problem by
leaking between interpreters carelessly have been fixed.
- gh-119011: Fixes type.__type_params__ to return an empty
tuple instead of a descriptor.
- gh-118997: Fix _Py_ClearImmortal() assertion: use
_Py_IsImmortal() to tolerate reference count lower than
_Py_IMMORTAL_REFCNT. Fix the assertion for the stable
ABI, when a C extension is built with Python 3.11 or
lower. Patch by Victor Stinner.
- gh-118513: Fix incorrect UnboundLocalError when two
comprehensions in the same function both reference the same
name, and in one comprehension the name is bound while in
the other it’s an implicit global.
- gh-118164: Break a loop between the Python implementation
of the decimal module and the Python code for integer
to string conversion. Also optimize integer to string
conversion for values in the range from 9_000 to 135_000
decimal digits.
- gh-118272: Fix bug where generator.close does not free the
generator frame’s locals.
- gh-116767: Fix crash in compiler on ‘async with’ that has
many context managers.
- gh-117894: Prevent agen.aclose() objects being re-used
after .throw().
- gh-117881: prevent concurrent access to an async generator
via athrow().throw() or asend().throw()
- gh-115874: Fixed a possible segfault during garbage
collection of _asyncio.FutureIter objects
- Library
- gh-119819: Fix regression to allow logging configuration
with multiprocessing queue types.
- gh-89727: Fix issue with shutil.rmtree() where a
RecursionError is raised on deep directory trees.
- gh-89727: Partially fix issue with shutil.rmtree()
where a RecursionError is raised on deep directory
trees. A recursion error is no longer raised when
rmtree.avoids_symlink_attacks is false.
- gh-119118: Fix performance regression in the tokenize
module by caching the line token attribute and calculating
the column offset more efficiently.
- gh-89727: Fix issue with os.fwalk() where a RecursionError
was raised on deep directory trees by adjusting the
implementation to be iterative instead of recursive.
- gh-113892: Now, the method sock_connect of
asyncio.ProactorEventLoop raises a ValueError if given
socket is not in non-blocking mode, as well as in other
loop implementations.
- gh-119174: Fix high DPI causes turtledemo(turtle-graphics
examples) windows blurry Patch by Wulian233 and Terry Jan
Reedy
- gh-118643: Fix an AttributeError in the email module
when re-fold a long address list. Also fix more cases of
incorrect encoding of the address separator in the address
list.
- gh-58933: Make pdb return to caller frame correctly when
f_trace of the caller frame is not set
- gh-118868: Fixed issue where kwargs were no longer passed
to the logging handler QueueHandler
- gh-118164: The Python implementation of the decimal
module could appear to hang in relatively small power
cases (like 2**117) if context precision was set to a
very high value. A different method to check for exactly
representable results is used now that doesn’t rely on
computing 10**precision (which could be effectively too
large to compute).
- gh-118404: Fix inspect.signature() for non-comparable
callables.
- gh-118314: Fix an edge case in binascii.a2b_base64() strict
mode, where excessive padding is not detected when no
padding is necessary.
- gh-118042: Fix an unraisable exception in
telnetlib.Telnet.__del__() when the __init__() method was
not called.
- gh-118221: Fix a bug where sqlite3.iterdump() could fail if
a custom row factory was used. Patch by Erlend Aasland.
- gh-118013: Fix regression introduced in gh-103193 that
meant that calling inspect.getattr_static() on an instance
would cause a strong reference to that instance’s class to
persist in an internal cache in the inspect module. This
caused unexpected memory consumption if the class was
dynamically created, the class held strong references to
other objects which took up a significant amount of memory,
and the cache contained the sole strong reference to the
class. The fix for the regression leads to a slowdown
in getattr_static(), but the function should still be
significantly faster than it was in Python 3.11. Patch by
Alex Waygood.
- gh-90848: Fixed unittest.mock.create_autospec() to
configure parent mock with keyword arguments.
- gh-118168: Fix incorrect argument substitution when
typing.Unpack is used with the builtin tuple. typing.Unpack
now raises TypeError when used with certain invalid
types. Patch by Jelle Zijlstra.
- gh-118033: Fix dataclasses.dataclass() not creating a
__weakref__ slot when subclassing typing.Generic.
- gh-117535: Do not try to get the source line for made up
file name “sys” in warnings.
- gh-114053: Fix erroneous NameError when calling
typing.get_type_hints() on a class that made use of PEP 695
type parameters in a module that had from __future__ import
annotations at the top of the file. Patch by Alex Waygood.
- gh-117995: Don’t raise DeprecationWarning when a
sequence of parameters is used to bind indexed, nameless
placeholders. See also gh-100668.
- gh-80361: Fix TypeError in
email.message.Message.get_payload() when the charset is RFC
2231 encoded.
- gh-86650: Fix IndexError when parse some emails with
invalid Message-ID (including one-off addresses generated
by Microsoft Outlook).
- gh-117691: Improve the error messages emitted by tarfile
deprecation warnings relating to PEP 706. If a filter
argument is not provided to extract() or extractall, the
deprecation warning now points to the line in the user’s
code where the relevant function was called. Patch by Alex
Waygood.
- gh-77102: site module now parses .pth file with UTF-8
first, and locale encoding if UnicodeDecodeError
happened. It supported only locale encoding before.
- gh-117692: Fixes a bug when doctest.DocTestFinder was
failing on wrapped builtin_function_or_method.
- gh-117566: ipaddress.IPv6Address.is_loopback() will now
return True for IPv4-mapped loopback addresses, i.e.
addresses in the ::ffff:127.0.0.0/104 address space.
- gh-117503: Fix support of non-ASCII user names in bytes
paths in os.path.expanduser() on Posix.
- gh-117313: Only treat '\n', '\r' and '\r\n' as line
separators in re-folding the email messages. Preserve
control characters '\v', '\f', '\x1c', '\x1d' and '\x1e'
and Unicode line separators '\x85', '\u2028' and '\u2029'
as is.
- gh-113171: Fixed various false positives and false
negatives in
ipaddress.IPv4Address.is_private (see these docs for details)
ipaddress.IPv4Address.is_global
ipaddress.IPv6Address.is_private
ipaddress.IPv6Address.is_global
Also in the corresponding ipaddress.IPv4Network and
ipaddress.IPv6Network attributes.
- gh-103956: Fix lack of newline characters in trace module
output when line tracing is enabled but source code line
for current frame is not available.
- gh-92081: Fix missing spaces in email headers when the
spaces are mixed with encoded 8-bit characters.
- gh-103194: Prepare Tkinter for C API changes in Tcl 8.7/9.0
to avoid _tkinter.Tcl_Obj being unexpectedly returned
instead of bool, str, bytearray, or int.
- gh-87106: Fixed handling in inspect.Signature.bind() of
keyword arguments having the same name as positional-only
arguments when a variadic keyword argument (e.g. **kwargs)
is present.
- bpo-45767: Fix integer conversion in os.major(),
os.minor(), and os.makedev(). Support device numbers larger
than 2**63-1. Support non-existent device number (NODEV).
- bpo-40943: Fix several IndexError when parse emails with
truncated Message-ID, address, routes, etc, e.g. example@.
- bpo-30988: Fix parsing of emails with invalid address
headers having a leading or trailing dot. Patch by tsufeki.
- gh-67693: Fix urllib.parse.urlunparse() and
urllib.parse.urlunsplit() for URIs with path starting with
multiple slashes and no authority. Based on patch by Ashwin
Ramaswami.
- bpo-15010: unittest.TestLoader.discover() now saves the
original value of unittest.TestLoader._top_level_dir and
restores it at the end of the call.
- Documentation
- gh-117928: The minimum Sphinx version required for the
documentation is now 6.2.1.
- gh-91565: Changes to documentation files and config
outputs to reflect the new location for reporting bugs -
i.e. GitHub rather than bugs.python.org.
- Tests
- gh-119050: regrtest test runner: Add XML support to the
refleak checker (-R option). Patch by Victor Stinner.
- IDLE
- bpo-34774: Use user-selected color theme for Help => IDLE
Doc.
- C API
- gh-119585: Fix crash when a thread state that was
created by PyGILState_Ensure() calls a destructor that
during PyThreadState_Clear() that calls back into
PyGILState_Ensure() and PyGILState_Release(). This
might occur when in the free-threaded build or when
using thread-local variables whose destructors call
PyGILState_Ensure().
- gh-117534: Improve validation logic in the C implementation
of datetime.fromisoformat() to better handle invalid
years. Patch by Vlad Efanov.
- Updated patches:
- CVE-2023-6597-TempDir-cleaning-symlink.patch
- bpo-31046_ensurepip_honours_prefix.patch
- fix_configure_rst.patch
- python-3.3.0b1-fix_date_time_compiler.patch
- subprocess-raise-timeout.patch
- Created by mcepl
- In state superseded
- Superseded by 1183491
-
Open review for
factory-staging
Request History
mcepl created request
- Update to 3.12.4:
- Security
- gh-118486: os.mkdir() on Windows now accepts mode of 0o700
to restrict the new directory to the current user. This
fixes CVE-2024-4030 affecting tempfile.mkdtemp() in
scenarios where the base temporary directory is more
permissive than the default.
- gh-116741: Update bundled libexpat to 2.6.2
- gh-117233: Detect BLAKE2, SHA3, Shake, & truncated SHA512
support in the OpenSSL-ish libcrypto library at build
time. This allows hashlib to be used with libraries that do
not to support every algorithm that upstream OpenSSL does.
- Core and Builtins
- gh-119821: Fix execution of annotation scopes within
classes when globals is set to a non-dict. Patch by Jelle
Zijlstra.
- gh-118263: Speed up os.path.normpath() with a direct C
call.
- gh-119311: Fix bug where names are unexpectedly mangled in
the bases of generic classes.
- gh-119395: Fix bug where names appearing after a generic
class are mangled as if they are in the generic class.
- gh-118507: Fix os.path.isfile() on Windows for pipes.
- gh-119213: Non-builtin modules built with argument clinic
were crashing if used in a subinterpreter before the main
interpreter. The objects that were causing the problem by
leaking between interpreters carelessly have been fixed.
- gh-119011: Fixes type.__type_params__ to return an empty
tuple instead of a descriptor.
- gh-118997: Fix _Py_ClearImmortal() assertion: use
_Py_IsImmortal() to tolerate reference count lower than
_Py_IMMORTAL_REFCNT. Fix the assertion for the stable
ABI, when a C extension is built with Python 3.11 or
lower. Patch by Victor Stinner.
- gh-118513: Fix incorrect UnboundLocalError when two
comprehensions in the same function both reference the same
name, and in one comprehension the name is bound while in
the other it’s an implicit global.
- gh-118164: Break a loop between the Python implementation
of the decimal module and the Python code for integer
to string conversion. Also optimize integer to string
conversion for values in the range from 9_000 to 135_000
decimal digits.
- gh-118272: Fix bug where generator.close does not free the
generator frame’s locals.
- gh-116767: Fix crash in compiler on ‘async with’ that has
many context managers.
- gh-117894: Prevent agen.aclose() objects being re-used
after .throw().
- gh-117881: prevent concurrent access to an async generator
via athrow().throw() or asend().throw()
- gh-115874: Fixed a possible segfault during garbage
collection of _asyncio.FutureIter objects
- Library
- gh-119819: Fix regression to allow logging configuration
with multiprocessing queue types.
- gh-89727: Fix issue with shutil.rmtree() where a
RecursionError is raised on deep directory trees.
- gh-89727: Partially fix issue with shutil.rmtree()
where a RecursionError is raised on deep directory
trees. A recursion error is no longer raised when
rmtree.avoids_symlink_attacks is false.
- gh-119118: Fix performance regression in the tokenize
module by caching the line token attribute and calculating
the column offset more efficiently.
- gh-89727: Fix issue with os.fwalk() where a RecursionError
was raised on deep directory trees by adjusting the
implementation to be iterative instead of recursive.
- gh-113892: Now, the method sock_connect of
asyncio.ProactorEventLoop raises a ValueError if given
socket is not in non-blocking mode, as well as in other
loop implementations.
- gh-119174: Fix high DPI causes turtledemo(turtle-graphics
examples) windows blurry Patch by Wulian233 and Terry Jan
Reedy
- gh-118643: Fix an AttributeError in the email module
when re-fold a long address list. Also fix more cases of
incorrect encoding of the address separator in the address
list.
- gh-58933: Make pdb return to caller frame correctly when
f_trace of the caller frame is not set
- gh-118868: Fixed issue where kwargs were no longer passed
to the logging handler QueueHandler
- gh-118164: The Python implementation of the decimal
module could appear to hang in relatively small power
cases (like 2**117) if context precision was set to a
very high value. A different method to check for exactly
representable results is used now that doesn’t rely on
computing 10**precision (which could be effectively too
large to compute).
- gh-118404: Fix inspect.signature() for non-comparable
callables.
- gh-118314: Fix an edge case in binascii.a2b_base64() strict
mode, where excessive padding is not detected when no
padding is necessary.
- gh-118042: Fix an unraisable exception in
telnetlib.Telnet.__del__() when the __init__() method was
not called.
- gh-118221: Fix a bug where sqlite3.iterdump() could fail if
a custom row factory was used. Patch by Erlend Aasland.
- gh-118013: Fix regression introduced in gh-103193 that
meant that calling inspect.getattr_static() on an instance
would cause a strong reference to that instance’s class to
persist in an internal cache in the inspect module. This
caused unexpected memory consumption if the class was
dynamically created, the class held strong references to
other objects which took up a significant amount of memory,
and the cache contained the sole strong reference to the
class. The fix for the regression leads to a slowdown
in getattr_static(), but the function should still be
significantly faster than it was in Python 3.11. Patch by
Alex Waygood.
- gh-90848: Fixed unittest.mock.create_autospec() to
configure parent mock with keyword arguments.
- gh-118168: Fix incorrect argument substitution when
typing.Unpack is used with the builtin tuple. typing.Unpack
now raises TypeError when used with certain invalid
types. Patch by Jelle Zijlstra.
- gh-118033: Fix dataclasses.dataclass() not creating a
__weakref__ slot when subclassing typing.Generic.
- gh-117535: Do not try to get the source line for made up
file name “sys” in warnings.
- gh-114053: Fix erroneous NameError when calling
typing.get_type_hints() on a class that made use of PEP 695
type parameters in a module that had from __future__ import
annotations at the top of the file. Patch by Alex Waygood.
- gh-117995: Don’t raise DeprecationWarning when a
sequence of parameters is used to bind indexed, nameless
placeholders. See also gh-100668.
- gh-80361: Fix TypeError in
email.message.Message.get_payload() when the charset is RFC
2231 encoded.
- gh-86650: Fix IndexError when parse some emails with
invalid Message-ID (including one-off addresses generated
by Microsoft Outlook).
- gh-117691: Improve the error messages emitted by tarfile
deprecation warnings relating to PEP 706. If a filter
argument is not provided to extract() or extractall, the
deprecation warning now points to the line in the user’s
code where the relevant function was called. Patch by Alex
Waygood.
- gh-77102: site module now parses .pth file with UTF-8
first, and locale encoding if UnicodeDecodeError
happened. It supported only locale encoding before.
- gh-117692: Fixes a bug when doctest.DocTestFinder was
failing on wrapped builtin_function_or_method.
- gh-117566: ipaddress.IPv6Address.is_loopback() will now
return True for IPv4-mapped loopback addresses, i.e.
addresses in the ::ffff:127.0.0.0/104 address space.
- gh-117503: Fix support of non-ASCII user names in bytes
paths in os.path.expanduser() on Posix.
- gh-117313: Only treat '\n', '\r' and '\r\n' as line
separators in re-folding the email messages. Preserve
control characters '\v', '\f', '\x1c', '\x1d' and '\x1e'
and Unicode line separators '\x85', '\u2028' and '\u2029'
as is.
- gh-113171: Fixed various false positives and false
negatives in
ipaddress.IPv4Address.is_private (see these docs for details)
ipaddress.IPv4Address.is_global
ipaddress.IPv6Address.is_private
ipaddress.IPv6Address.is_global
Also in the corresponding ipaddress.IPv4Network and
ipaddress.IPv6Network attributes.
- gh-103956: Fix lack of newline characters in trace module
output when line tracing is enabled but source code line
for current frame is not available.
- gh-92081: Fix missing spaces in email headers when the
spaces are mixed with encoded 8-bit characters.
- gh-103194: Prepare Tkinter for C API changes in Tcl 8.7/9.0
to avoid _tkinter.Tcl_Obj being unexpectedly returned
instead of bool, str, bytearray, or int.
- gh-87106: Fixed handling in inspect.Signature.bind() of
keyword arguments having the same name as positional-only
arguments when a variadic keyword argument (e.g. **kwargs)
is present.
- bpo-45767: Fix integer conversion in os.major(),
os.minor(), and os.makedev(). Support device numbers larger
than 2**63-1. Support non-existent device number (NODEV).
- bpo-40943: Fix several IndexError when parse emails with
truncated Message-ID, address, routes, etc, e.g. example@.
- bpo-30988: Fix parsing of emails with invalid address
headers having a leading or trailing dot. Patch by tsufeki.
- gh-67693: Fix urllib.parse.urlunparse() and
urllib.parse.urlunsplit() for URIs with path starting with
multiple slashes and no authority. Based on patch by Ashwin
Ramaswami.
- bpo-15010: unittest.TestLoader.discover() now saves the
original value of unittest.TestLoader._top_level_dir and
restores it at the end of the call.
- Documentation
- gh-117928: The minimum Sphinx version required for the
documentation is now 6.2.1.
- gh-91565: Changes to documentation files and config
outputs to reflect the new location for reporting bugs -
i.e. GitHub rather than bugs.python.org.
- Tests
- gh-119050: regrtest test runner: Add XML support to the
refleak checker (-R option). Patch by Victor Stinner.
- IDLE
- bpo-34774: Use user-selected color theme for Help => IDLE
Doc.
- C API
- gh-119585: Fix crash when a thread state that was
created by PyGILState_Ensure() calls a destructor that
during PyThreadState_Clear() that calls back into
PyGILState_Ensure() and PyGILState_Release(). This
might occur when in the free-threaded build or when
using thread-local variables whose destructors call
PyGILState_Ensure().
- gh-117534: Improve validation logic in the C implementation
of datetime.fromisoformat() to better handle invalid
years. Patch by Vlad Efanov.
- Updated patches:
- CVE-2023-6597-TempDir-cleaning-symlink.patch
- bpo-31046_ensurepip_honours_prefix.patch
- fix_configure_rst.patch
- python-3.3.0b1-fix_date_time_compiler.patch
- subprocess-raise-timeout.patch
anag+factory set openSUSE:Factory:Staging:G as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:G"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:G"
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
darix accepted review
Accepted review for by_group opensuse-review-team request 1179195 from user factory-auto
anag+factory added factory-staging as a reviewer
Being evaluated by group "factory-staging"
anag+factory accepted review
Unstaged from project "openSUSE:Factory:Staging:G"
anag+factory set openSUSE:Factory:Staging:D as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:D"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:D"
anag+factory added factory-staging as a reviewer
Being evaluated by group "factory-staging"
anag+factory accepted review
Unstaged from project "openSUSE:Factory:Staging:D"
anag+factory declined request
python312:doc fails to build in the devel project already. Other packages that need to take a look because they FTBFS are:
python-Sphinx:test
python-Twisted:test
python-furl
superseded by 1183491
Hi @mcepl
python312:doc fails to build in the devel project already. Other packages that need to take a look because they FTBFS are: