Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

python310-3.10.19-1.1 RPM for armv7hl

From OpenSuSE Ports Tumbleweed for armv7hl

Name: python310 Distribution: openSUSE Tumbleweed
Version: 3.10.19 Vendor: openSUSE
Release: 1.1 Build date: Wed Oct 15 10:43:33 2025
Group: Unspecified Build host: reproducible
Size: 126755 Source RPM: python310-3.10.19-1.1.src.rpm
Packager: http://bugs.opensuse.org
Url: https://www.python.org/
Summary: Python 3 Interpreter
Python 3 is modern interpreted, object-oriented programming language,
often compared to Tcl, Perl, Scheme, or Java.  You can find an overview
of Python in the documentation and tutorials included in the python3-doc
package.

This package supplies rich command line features provided by readline,
and sqlite3 support for the interpreter core, thus forming a so called
"extended" runtime.
Installing "python3" is sufficient for the vast majority of usecases.
In addition, recommended packages provide UI toolkit support (python3-curses,
python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE
development environment (python3-idle).

Provides

Requires

License

Python-2.0

Changelog

* Wed Oct 15 2025 Daniel Garcia <daniel.garcia@suse.com>
  - Update to 3.10.19:
    - Security
    - gh-139700: Check consistency of the zip64 end of central
      directory record. Support records with “zip64 extensible data”
      if there are no bytes prepended to the ZIP file.
    - gh-139400: xml.parsers.expat: Make sure that parent Expat
      parsers are only garbage-collected once they are no longer
      referenced by subparsers created by
      ExternalEntityParserCreate(). Patch by Sebastian Pipping.
    - gh-135661: Fix parsing start and end tags in
      html.parser.HTMLParser according to the HTML5 standard.
    * Whitespaces no longer accepted between </ and the tag name.
      E.g. </ script> does not end the script section.
    * Vertical tabulation (\v) and non-ASCII whitespaces no longer
      recognized as whitespaces. The only whitespaces are \t\n\r\f
      and space.
    * Null character (U+0000) no longer ends the tag name.
    * Attributes and slashes after the tag name in end tags are now
      ignored, instead of terminating after the first > in quoted
      attribute value. E.g. </script/foo=">"/>.
    * Multiple slashes and whitespaces between the last attribute
      and closing > are now ignored in both start and end tags. E.g.
      <a foo=bar/ //>.
    * Multiple = between attribute name and value are no longer
      collapsed. E.g. <a foo==bar> produces attribute “foo” with
      value “=bar”.
    - gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
      according to the HTML5 standard: ] ]> and ]] > no longer end the
      CDATA section. Add private method _set_support_cdata() which can
      be used to specify how to parse <[CDATA[ — as a CDATA section in
      foreign content (SVG or MathML) or as a bogus comment in the
      HTML namespace.
    - gh-102555: Fix comment parsing in html.parser.HTMLParser
      according to the HTML5 standard. --!> now ends the comment. -- >
      no longer ends the comment. Support abnormally ended empty
      comments <--> and <--->.
    - gh-135462: Fix quadratic complexity in processing specially
      crafted input in html.parser.HTMLParser. End-of-file errors are
      now handled according to the HTML5 specs – comments and
      declarations are automatically closed, tags are ignored.
    - gh-118350: Fix support of escapable raw text mode (elements
      “textarea” and “title”) in html.parser.HTMLParser.
    - gh-86155: html.parser.HTMLParser.close() no longer loses data
      when the <script> tag is not closed. Patch by Waylan Limberg.
    - Library
    - gh-139312: Upgrade bundled libexpat to 2.7.3
    - gh-138998: Update bundled libexpat to 2.7.2
    - gh-130577: tarfile now validates archives to ensure member
      offsets are non-negative. (Contributed by Alexander Enrique
      Urieles Nieto in gh-130577.)
    - gh-135374: Update the bundled copy of setuptools to 79.0.1.
  - Drop upstreamed patches:
    - CVE-2025-8194-tarfile-no-neg-offsets.patch
    - CVE-2025-6069-quad-complex-HTMLParser.patch
* Mon Sep 29 2025 Daniel Garcia <daniel.garcia@suse.com>
  - Add gh139257-Support-docutils-0.22.patch to fix build with latest
    docutils (>=0.22) gh#python/cpython#139257
* Thu Sep 18 2025 Dominique Leuenberger <dimstar@opensuse.org>
  - Require AppStream to validate appdata file instead of deprecated
    appstream-glib.
  - Update idle3.appdata.xml to pass the more pedantic appstreamcli.
* Fri Aug 01 2025 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
    validates archives to ensure member offsets are non-negative
    (gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
* Wed Jul 02 2025 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
    case quadratic complexity when processing certain crafted
    malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
* Mon Jun 09 2025 Matej Cepl <mcepl@cepl.eu>
  - Update to 3.10.18:
    - Security
    - gh-135034: Fixes multiple issues that allowed tarfile
      extraction filters (filter="data" and filter="tar")
      to be bypassed using crafted symlinks and hard links.
      Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
      (bsc#1244059), CVE-2025-4330 (bsc#1244060), and
      CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435
      (gh#135034, bsc#1244061).
    - gh-133767: Fix use-after-free in the “unicode-escape”
      decoder with a non-“strict” error handler (CVE-2025-4516,
      bsc#1243273).
    - gh-128840: Short-circuit the processing of long IPv6
      addresses early in ipaddress to prevent excessive memory
      consumption and a minor denial-of-service.
    - Library
    - gh-128840: Fix parsing long IPv6 addresses with embedded
      IPv4 address.
    - gh-134062: ipaddress: fix collisions in __hash__() for
      IPv4Network and IPv6Network objects.
    - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output
      according to RFC 3596, §2.5. Patch by Bénédikt Tran.
    - bpo-43633: Improve the textual representation of
      IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2)
      in ipaddress. Patch by Oleksandr Pavliuk.
  - Remove upstreamed patches:
    - gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch
    - CVE-2025-4516-DecodeError-handler.patch
* Thu May 22 2025 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2025-4516-DecodeError-handler.patch fixing
    CVE-2025-4516 (bsc#1243273) blocking DecodeError handling
    vulnerability, which could lead to DoS.
* Sat May 17 2025 Matej Cepl <mcepl@cepl.eu>
  - Use extended %autopatch.
* Sat May 10 2025 Matej Cepl <mcepl@cepl.eu>
  - Remove python-3.3.0b1-test-posix_fadvise.patch (not needed
    since kernel 3.6-rc1)
* Fri Apr 11 2025 Matej Cepl <mcepl@cepl.eu>
  - Update to 3.10.17:
    - gh-131809: Update bundled libexpat to 2.7.1
    - gh-131261: Upgrade to libexpat 2.7.0
    - gh-105704: When using urllib.parse.urlsplit() and
      urllib.parse.urlparse() host parsing would not reject domain
      names containing square brackets ([ and ]). Square brackets
      are only valid for IPv6 and IPvFuture hosts according to RFC
      3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938,
      gh#python/cpython#105704).
    - gh-121284: Fix bug in the folding of rfc2047 encoded-words
      when flattening an email message using a modern email
      policy. Previously when an encoded-word was too long for
      a line, it would be decoded, split across lines, and
      re-encoded. But commas and other special characters in the
      original text could be left unencoded and unquoted. This
      could theoretically be used to spoof header lines using a
      carefully constructed encoded-word if the resulting rendered
      email was transmitted or re-parsed.
    - gh-80222: Fix bug in the folding of quoted strings
      when flattening an email message using a modern email
      policy. Previously when a quoted string was folded so that
      it spanned more than one line, the surrounding quotes and
      internal escapes would be omitted. This could theoretically
      be used to spoof header lines using a carefully constructed
      quoted string if the resulting rendered email was transmitted
      or re-parsed.
    - gh-119511: Fix a potential denial of service in the imaplib
      module. When connecting to a malicious server, it could
      cause an arbitrary amount of memory to be allocated. On many
      systems this is harmless as unused virtual memory is only
      a mapping, but if this hit a virtual address size limit
      it could lead to a MemoryError or other process crash. On
      unusual systems or builds where all allocated memory is
      touched and backed by actual ram or storage it could’ve
      consumed resources doing so until similarly crashing.
    - gh-127257: In ssl, system call failures that OpenSSL reports
      using ERR_LIB_SYS are now raised as OSError.
    - gh-121277: Writers of CPython’s documentation can now use
      next as the version for the versionchanged, versionadded,
      deprecated directives.
  - Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch
    which makes test_ssl not to stop ThreadedEchoServer on OSError,
    which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067,
    gh#python/cpython!126572)
  - Remote upstreamed patch:
    - CVE-2025-0938-sq-brackets-domain-names.patch
* Mon Mar 10 2025 Bernhard Wiedemann <bwiedemann@suse.com>
  - Skip PGO with %want_reproducible_builds (bsc#1239210)
* Tue Feb 04 2025 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2025-0938-sq-brackets-domain-names.patch which
    disallows square brackets ([ and ]) in domain names for parsed
    URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
* Wed Dec 04 2024 Matej Cepl <mcepl@cepl.eu>
  - Update to 3.10.16:
    - Tests
    - gh-125041: Re-enable skipped tests for zlib on the
      s390x architecture: only skip checks of the compressed
      bytes, which can be different between zlib’s software
      implementation and the hardware-accelerated implementation.
    - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS
      mode. Use a longer key: FIPS mode requires at least of at
      least 112 bits. The previous key was only 32 bits. Patch by
      Victor Stinner.
    - Security
    - gh-126623: Upgrade libexpat to 2.6.4
    - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to
      consistently use the mapped IPv4 address value for deciding
      properties. Properties which have their behavior fixed are
      is_multicast, is_reserved, is_link_local, is_global, and
      is_unspecified (bsc#1233307, CVE-2024-11168).
    - Library
    - gh-124651: Properly quote template strings in venv
      activation scripts (bsc#1232241, CVE-2024-9287).
    - gh-103848: Add checks to ensure that [ bracketed ] hosts
      found by urllib.parse.urlsplit() are of IPv6 or IPvFuture
      format.
  - Removed upstreamed patches:
    - CVE-2024-9287-venv_path_unquoted.patch
    - CVE-2024-11168-validation-IPv6-addrs.patch
* Thu Nov 14 2024 Matej Cepl <mcepl@cepl.eu>
  - Remove -IVendor/ from python-config boo#1231795
  - Apply sphinx-72.patch only conditionally for non-SLE-15 builds.
* Wed Nov 13 2024 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2024-11168-validation-IPv6-addrs.patch
    fixing bsc#1233307 (CVE-2024-11168,
    gh#python/cpython#103848): Improper validation of IPv6 and
    IPvFuture addresses.
* Mon Nov 04 2024 Matej Cepl <mcepl@cepl.eu>
  - Update sphinx-72.patch to include renaming :noindex: option to
    :no-index: in Sphinx 7.2 (bsc#1232750).
  - While renaming drop fix-sphinx-72.patch.
* Fri Nov 01 2024 Matej Cepl <mcepl@cepl.eu>
  - Update CVE-2024-9287-venv_path_unquoted.patch according to the
    upstream PR gh#python/cpython!126301.
* Thu Oct 24 2024 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
    path names provided when creating a virtual environment
    (bsc#1232241, CVE-2024-9287)
* Wed Oct 02 2024 Matej Cepl <mcepl@cepl.eu>
  - Drop .pyc files from docdir for reproducible builds
    (bsc#1230906).
* Mon Sep 09 2024 Matej Cepl <mcepl@cepl.eu>
  - Update to 3.10.15:
    - Tests
    - gh-112769: The tests now correctly compare zlib version
      when :const:`zlib.ZLIB_RUNTIME_VERSION` contains
      non-integer suffixes. For example zlib-ng defines the
      version as ``1.3.0.zlib-ng``.
    - gh-117187: Fix XML tests for vanilla Expat <2.6.0.
    - gh-100454: Fix SSL tests CI for OpenSSL 3.1+
    - Security
    - gh-123678: Upgrade libexpat to 2.6.3
    - gh-121957: Fixed missing audit events around interactive
      use of Python, now also properly firing for ``python -i``,
      as well as for ``python -m asyncio``. The event in question
      is ``cpython.run_stdin``.
    - gh-122133: Authenticate the socket connection for the
      ``socket.socketpair()`` fallback on platforms where
      ``AF_UNIX`` is not available like Windows. Patch by
      Gregory P. Smith <greg@krypto.org> and Seth Larson
      <seth@python.org>. Reported by Ellie <el@horse64.org>
    - gh-121285: Remove backtracking from tarfile header
      parsing for ``hdrcharset``, PAX, and GNU sparse headers
      (bsc#1230227, CVE-2024-6232).
    - gh-118486: :func:`os.mkdir` on Windows now accepts
    * mode* of ``0o700`` to restrict the new directory to
      the current user. This fixes CVE-2024-4030 affecting
      :func:`tempfile.mkdtemp` in scenarios where the base
      temporary directory is more permissive than the default.
    - gh-116741: Update bundled libexpat to 2.6.2
    - Library
    - gh-123693: Use platform-agnostic behavior when computing
      ``zipfile.Path.name``.
    - gh-123270: Applied a more surgical fix for malformed
      payloads in :class:`zipfile.Path` causing infinite loops
      (gh-122905) without breaking contents using legitimate
      characters (bsc#1229704, CVE-2024-8088).
    - gh-123067: Fix quadratic complexity in parsing ``"``-quoted
      cookie values with backslashes by :mod:`http.cookies`
      (bsc#1229596, CVE-2024-7592).
    - gh-122905: :class:`zipfile.Path` objects now sanitize names
      from the zipfile.
    - gh-121650: :mod:`email` headers with embedded newlines are
      now quoted on output. The :mod:`~email.generator` will now
      refuse to serialize (write) headers that are unsafely folded
      or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`.
      (Contributed by Bas Bloemsaat and Petr Viktorin in
      gh-121650.; CVE-2024-6923, bsc#1228780).
    - gh-113171: Fixed various false positives and false negatives in
    * :attr:`ipaddress.IPv4Address.is_private` (see these docs for details)
    * :attr:`ipaddress.IPv4Address.is_global`
    * :attr:`ipaddress.IPv6Address.is_private`
    * :attr:`ipaddress.IPv6Address.is_global`
      Also in the corresponding :class:`ipaddress.IPv4Network` and
      :class:`ipaddress.IPv6Network` attributes.
      Fixes bsc#1226448 (CVE-2024-4032).
    - gh-102988: :func:`email.utils.getaddresses` and
      :func:`email.utils.parseaddr` now return ``('', '')`` 2-tuples in more
      situations where invalid email addresses are encountered instead of
      potentially inaccurate values. Add optional *strict* parameter to these
      two functions: use ``strict=False`` to get the old behavior, accept
      malformed inputs. ``getattr(email.utils, 'supports_strict_parsing',
      False)`` can be use to check if the *strict* paramater is available. Patch
      by Thomas Dwyer and Victor Stinner to improve the
      CVE-2023-27043 fix (bsc#1210638).
    - gh-67693: Fix :func:`urllib.parse.urlunparse` and
      :func:`urllib.parse.urlunsplit` for URIs with path starting with multiple
      slashes and no authority. Based on patch by Ashwin Ramaswami.
    - Core and Builtins
    - gh-112275: A deadlock involving ``pystate.c``'s
      ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now
      fixed. Patch by ChuBoning based on previous Python 3.12 fix
      by Victor Stinner.
  - Remove upstreamed patches:
    - CVE-2023-27043-email-parsing-errors.patch
    - CVE-2024-4032-private-IP-addrs.patch
    - CVE-2024-6923-email-hdr-inject.patch
    - CVE-2024-8088-inf-loop-zipfile_Path.patch
  - Add sphinx-802.patch to overcome working both with the most
    recent and older Sphinx versions.
* Mon Sep 02 2024 Matej Cepl <mcepl@cepl.eu>
  - Add gh120226-fix-sendfile-test-kernel-610.patch to avoid
    failing test_sendfile_close_peer_in_the_middle_of_receiving
    tests on Linux >= 6.10 (GH-120227).
* Wed Aug 28 2024 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent
    malformed payload to cause infinite loops in zipfile.Path
    (bsc#1229704, CVE-2024-8088).
* Wed Aug 07 2024 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2024-6923-email-hdr-inject.patch to prevent email
    header injection due to unquoted newlines (bsc#1228780,
    CVE-2024-6923).
  - Adding bso1227999-reproducible-builds.patch fixing bsc#1227999
    adding reproducibility patches from gh#python/cpython!121872
    and gh#python/cpython!121883.
  - %{profileopt} variable is set according to the variable
    %{do_profiling} (bsc#1227999)
  - Update bluez-devel-vendor.tar.xz
* Mon Jul 22 2024 Matej Cepl <mcepl@cepl.eu>
  - Remove %suse_update_desktop_file macro as it is not useful any
    more.
* Mon Jul 15 2024 Matej Cepl <mcepl@cepl.eu>
  - Stop using %%defattr, it seems to be breaking proper executable
    attributes on /usr/bin/ scripts (bsc#1227378).
* Tue Jul 02 2024 Daniel Garcia <daniel.garcia@suse.com>
  - Update F00251-change-user-install-location.patch to make pip and
    modern tools install directly in /usr/local when used by the user.
    bsc#1225660
* Tue Jun 25 2024 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448
    (CVE-2024-4032) rearranging definition of private v global IP
    addresses.
* Fri Apr 19 2024 Matej Cepl <mcepl@suse.com>
  - Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
    patched libexpat below 2.6.0 that doesn't update the version number,
    just in SLE.
  - Remove old-libexpat.patch, of course.
* Sun Mar 24 2024 Matej Cepl <mcepl@cepl.eu>
  - Add old-libexpat.patch making the test suite work with
    libexpat < 2.6.0 (gh#python/cpython#117187).
* Fri Mar 22 2024 Matej Cepl <mcepl@cepl.eu>
  - Because of bsc#1189495 we have to revert use of %autopatch.
* Thu Mar 21 2024 Matej Cepl <mcepl@cepl.eu>
  - Update 3.10.14:
    - gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0
      to address CVE-2023-52425, and control of the new reparse
      deferral functionality was exposed with new APIs
      (bsc#1219559).
    - gh-109858: zipfile is now protected from the “quoted-overlap”
      zipbomb to address CVE-2024-0450. It now raises BadZipFile
      when attempting to read an entry that overlaps with another
      entry or central directory. (bsc#1221854)
    - gh-91133: tempfile.TemporaryDirectory cleanup no longer
      dereferences symlinks when working around file system
      permission errors to address CVE-2023-6597 (bsc#1219666)
    - gh-115197: urllib.request no longer resolves the hostname
      before checking it against the system’s proxy bypass list on
      macOS and Windows
    - gh-81194: a crash in socket.if_indextoname() with a specific
      value (UINT_MAX) was fixed. Relatedly, an integer overflow in
      socket.if_indextoname() on 64-bit non-Windows platforms was
      fixed
    - gh-113659: .pth files with names starting with a dot or
      containing the hidden file attribute are now skipped
    - gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer
      read out of bounds
    - gh-114572: ssl.SSLContext.cert_store_stats() and
      ssl.SSLContext.get_ca_certs() now correctly lock access to
      the certificate store, when the ssl.SSLContext is shared
      across multiple threads (bsc#1226447, CVE-2024-0397)
  - Remove upstreamed patches:
    - CVE-2023-6597-TempDir-cleaning-symlink.patch
    - libexpat260.patch
  - Readjust patches:
    - F00251-change-user-install-location.patch
    - fix_configure_rst.patch
    - python-3.3.0b1-localpath.patch
    - skip-test_pyobject_freed_is_freed.patch
  - Port to %autosetup and %autopatch.
* Wed Mar 06 2024 Pedro Monreal <pmonreal@suse.com>
  - Use the system-wide crypto-policies [bsc#1211301]
    * Use the system default cipher list instead of hardcoded values
    * Add the --with-ssl-default-suites=openssl configure option
* Fri Feb 23 2024 Matej Cepl <mcepl@suse.com>
  - (bsc#1219666, CVE-2023-6597) Add
    CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
    gh#python/cpython!99930) fixing symlink bug in cleanup of
    tempfile.TemporaryDirectory.
* Tue Feb 20 2024 Matej Cepl <mcepl@cepl.eu>
  - Remove double definition of /usr/bin/idle%%{version} in
    %%files.
* Thu Feb 15 2024 Daniel Garcia <daniel.garcia@suse.com>
  - Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
    with Expat 2.6.0, gh#python/cpython#115289
* Mon Dec 18 2023 Matej Cepl <mcepl@cepl.eu>
  - Refresh CVE-2023-27043-email-parsing-errors.patch to
    gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
  - Thus we can remove Revert-gh105127-left-tests.patch, which is
    now useless.
* Mon Sep 04 2023 Daniel Garcia <daniel.garcia@suse.com>
  - Add fix-sphinx-72.patch to make it work with latest sphinx version
    gh#python/cpython#97950
  - Update to 3.10.13 (bsc#1214692):
    - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
      vulnerable to a bypass of the TLS handshake and included
      protections (like certificate verification) and treating sent
      unencrypted data as if it were post-handshake TLS encrypted data.
      Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
      Gregory P. Smith.
    - gh-107845: tarfile.data_filter() now takes the location of
      symlinks into account when determining their target, so it will no
      longer reject some valid tarballs with
      LinkOutsideDestinationError.
    - gh-107565: Update multissltests and GitHub CI workflows to use
      OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
    - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
    * consumed was not set.
* Thu Aug 03 2023 Matej Cepl <mcepl@suse.com>
  - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
    partially reverting CVE-2023-27043-email-parsing-errors.patch,
    because of the regression in gh#python/cpython#106669.
* Wed Jul 19 2023 Matej Cepl <mcepl@suse.com>
  - Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for
    stabilizing FLAG_REF usage (required for reproduceability;
    bsc#1213463).
* Tue Jul 11 2023 Matej Cepl <mcepl@suse.com>
  - (bsc#1210638, CVE-2023-27043) Add
    CVE-2023-27043-email-parsing-errors.patch, which detects email
    address parsing errors and returns empty tuple to indicate the
    parsing error (old API).
* Wed Jun 28 2023 Matej Cepl <mcepl@suse.com>
  - Update to 3.10.12:
    - gh-103142: The version of OpenSSL used in Windows and
      Mac installers has been upgraded to 1.1.1u to address
      CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
      as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
      fixed previously in 1.1.1t (gh-101727).
    - gh-102153: urllib.parse.urlsplit() now strips leading C0
      control and space characters following the specification for
      URLs defined by WHATWG in response to CVE-2023-24329
      (bsc#1208471).
    - gh-99889: Fixed a security in flaw in uu.decode() that could
      allow for directory traversal based on the input if no
      out_file was specified.
    - gh-104049: Do not expose the local on-disk
      location in directory indexes produced by
      http.client.SimpleHTTPRequestHandler.
    - gh-103935: trace.__main__ now uses io.open_code() for files
      to be executed instead of raw open().
    - gh-102953: The extraction methods in tarfile, and
      shutil.unpack_archive(), have a new filter argument that
      allows limiting tar features than may be surprising or
      dangerous, such as creating files outside the destination
      directory. See Extraction filters for details (fixing
      CVE-2007-4559, bsc#1203750).
  - Remove upstreamed patches:
    - CVE-2023-24329-blank-URL-bypass.patch
    - CVE-2007-4559-filter-tarfile_extractall.patch
* Tue Jun 20 2023 Matej Cepl <mcepl@suse.com>
  - Add bpo-37596-make-set-marshalling.patch making marshalling of
    `set` and `frozenset` deterministic (bsc#1211765).
* Thu Apr 27 2023 Matej Cepl <mcepl@suse.com>
  - Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
    CVE-2007-4559 (bsc#1203750) by adding the filter for
    tarfile.extractall (PEP 706).
* Thu Apr 27 2023 Matej Cepl <mcepl@suse.com>
  - Update to 3.10.11:
    - Core and Builtins
    - gh-102416: Do not memoize incorrectly automatically
      generated loop rules in the parser. Patch by Pablo Galindo.
    - gh-102356: Fix a bug that caused a crash when deallocating
      deeply nested filter objects. Patch by Marta Gómez Macías.
    - gh-102397: Fix segfault from race condition in signal
      handling during garbage collection. Patch by Kumar Aditya.
    - gh-102126: Fix deadlock at shutdown when clearing thread
      states if any finalizer tries to acquire the runtime head
      lock. Patch by Kumar Aditya.
    - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal
      module. Patch by Max Bachmann.
    - gh-101967: Fix possible segfault in
      positional_only_passed_as_keyword function, when new list
      created.
    - gh-101765: Fix SystemError / segmentation fault in iter
      __reduce__ when internal access of builtins.__dict__ keys
      mutates the iter object.
    - Library
    - gh-102947: Improve traceback when dataclasses.fields() is
      called on a non-dataclass. Patch by Alex Waygood
    - gh-101979: Fix a bug where parentheses in the metavar
      argument to argparse.ArgumentParser.add_argument() were
      dropped. Patch by Yeojin Kim.
    - gh-102179: Fix os.dup2() error message for negative fds.
    - gh-101961: For the binary mode, fileinput.hookcompressed()
      doesn’t set the encoding value even if the value is
      None. Patch by Gihwan Kim.
    - gh-101936: The default value of fp becomes io.BytesIO
      if HTTPError is initialized without a designated fp
      parameter. Patch by Long Vo.
    - gh-101566: In zipfile, apply fix for extractall on the
      underlying zipfile after being wrapped in Path.
    - gh-101997: Upgrade pip wheel bundled with ensurepip (pip
      23.0.1)
    - gh-101892: Callable iterators no longer raise SystemError
      when the callable object exhausts the iterator but forgets
      to either return a sentinel value or raise StopIteration.
    - gh-97786: Fix potential undefined behaviour in corner cases
      of floating-point-to-time conversions.
    - gh-101517: Fixed bug where bdb looks up the source line
      with linecache with a lineno=None, which causes it to fail
      with an unhandled exception.
    - gh-101673: Fix a pdb bug where ll clears the changes to
      local variables.
    - gh-96931: Fix incorrect results from
      ssl.SSLSocket.shared_ciphers()
    - gh-88233: Correctly preserve “extra” fields in zipfile
      regardless of their ordering relative to a zip64 “extra.”
    - gh-95495: When built against OpenSSL 3.0, the ssl module
      had a bug where it reported unauthenticated EOFs (i.e.
      without close_notify) as a clean TLS-level EOF. It now
      raises SSLEOFError, matching the behavior in previous
      versions of OpenSSL. The options attribute on SSLContext
      also no longer includes OP_IGNORE_UNEXPECTED_EOF by
      default. This option may be set to specify the previous
      OpenSSL 3.0 behavior.
    - gh-94440: Fix a concurrent.futures.process bug where
      ProcessPoolExecutor shutdown could hang after a future has
      been quickly submitted and canceled.
    - Documentation
    - gh-103112: Add docstring to http.client.HTTPResponse.read()
      to fix pydoc output.
    - gh-85417: Update cmath documentation to clarify behaviour
      on branch cuts.
    - gh-97725: Fix asyncio.Task.print_stack() description for
      file=None. Patch by Oleg Iarygin.
    - Tests
    - gh-102980: Improve test coverage on pdb.
    - gh-102537: Adjust the error handling strategy in
      test_zoneinfo.TzPathTest.python_tzpath_context. Patch by
      Paul Ganssle.
    - gh-101377: Improved test_locale_calendar_formatweekday of
      calendar.
    - Build
    - gh-102711: Fix -Wstrict-prototypes compiler warnings.
  - Removed upstreamed:
    - invalid-json.patch
* Mon Mar 13 2023 Matej Cepl <mcepl@suse.com>
  - Add invalid-json.patch fixing invalid JSON in
    Doc/howto/logging-cookbook.rst (somehow similar to
    gh#python/cpython#102582).
* Wed Mar 01 2023 Matej Cepl <mcepl@suse.com>
  - Update to 3.10.10:
    Bug fixes and regressions handling, no change of behaviour and
    no security bugs fixed.
  - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
    bsc#1208471) blocklists bypass via the urllib.parse component
    when supplying a URL that starts with blank characters
* Tue Feb 21 2023 Matej Cepl <mcepl@suse.com>
  - Add provides for readline and sqlite3 to the main Python
    package.
* Fri Jan 27 2023 Thorsten Kukuk <kukuk@suse.com>
  - Disable NIS for new products, it's deprecated and gets removed
* Thu Dec 08 2022 Matej Cepl <mcepl@suse.com>
  - Update to 3.10.9:
    - python -m http.server no longer allows terminal
      control characters sent within a garbage request to be
      printed to the stderr server lo This is done by changing
      the http.server BaseHTTPRequestHandler .log_message method
      to replace control characters with a \xHH hex escape before
      printin
    - Avoid publishing list of active per-interpreter
      audit hooks via the gc module
    - The IDNA codec decoder used on DNS hostnames by
      socket or asyncio related name resolution functions no
      longer involves a quadratic algorithm. This prevents a
      potential CPU denial of service if an out-of-spec excessive
      length hostname involving bidirectional characters were
      decoded. Some protocols such as urllib http 3xx redirects
      potentially allow for an attacker to supply such a name.
    - Update bundled libexpat to 2.5.0
    - Port XKCP’s fix for the buffer overflows in SHA-3
      (CVE-2022-37454).
    - On Linux the multiprocessing module returns
      to using filesystem backed unix domain sockets for
      communication with the forkserver process instead of the
      Linux abstract socket namespace. Only code that chooses
      to use the “forkserver” start method is affected Abstract
      sockets have no permissions and could allow any user
      on the system in the same network namespace (often the
      whole system) to inject code into the multiprocessing
      forkserver process. This was a potential privilege
      escalation. Filesystem based socket permissions restrict
      this to the forkserver process user as was the default in
      Python 3.8 and earlier This prevents Linux CVE-2022-42919
    - Fix a reference bug in _imp.create_builtin()
      after the creation of the first sub-interpreter for modules
      builtins and sys. Patch by Victor Stinner.
    - Fixed a bug that was causing a buffer overflow if
      the tokenizer copies a line missing the newline caracter
      from a file that is as long as the available tokenizer
      buffer. Patch by Pablo galindo
    - Update faulthandler to emit an error message with
      the proper unexpected signal number. Patch by Dong-hee Na.
    - Fix subscription of types.GenericAlias instances
      containing bare generic types: for example tuple[A, T][int],
      where A is a generic type, and T is a type variable.
    - Fix detection of MAC addresses for uuid on certain
      OSs. Patch by Chaim Sanders
    - Print exception class name instead of its string
      representation when raising errors from ctypes calls.
    - Allow pdb to locate source for frozen modules in
      the standard library.
    - Raise ValueError instead of SystemError when
      methods of uninitialized io.IncrementalNewlineDecoder objects
      are called. Patch by Oren Milman.
    - Fix a possible assertion failure in io.FileIO when
      the opener returns an invalid file descriptor.
    - Also escape s in the http.server
      BaseHTTPRequestHandler.log_message so that it is technically
      possible to parse the line and reconstruct what the original
      data was. Without this a xHH is ambiguious as to if it is a
      hex replacement we put in or the characters r”x” came through
      in the original request line.
    - asyncio.get_event_loop() now only emits a
      deprecation warning when a new event loop was created
      implicitly. It no longer emits a deprecation warning if the
      current event loop was set.
    - Fix bug when calling trace.CoverageResults with
      valid infile.
    - Fix a bug in handling class cleanups in
      unittest.TestCase. Now addClassCleanup() uses separate lists
      for different TestCase subclasses, and doClassCleanups() only
      cleans up the particular class.
    - Release the GIL when calling termios APIs to avoid
      blocking threads.
    - Fix ast.increment_lineno() to also cover
      ast.TypeIgnore when changing line numbers.
    - Fixed bug where inspect.signature() reported
      incorrect arguments for decorated methods.
    - Fix SystemError in ctypes when exception was not
      set during __initsubclass__.
    - Fix statistics.NormalDist pickle with 0 and 1
      protocols.
    - Update the bundled copy of pip to version 22.3.1.
    - Apply bugfixes from importlib_metadata 4.11.4,
      namely: In PathDistribution._name_from_stem, avoid
      including parts of the extension in the result. In
      PathDistribution._normalized_name, ensure names loaded from
      the stem of the filename are also normalized, ensuring
      duplicate entry points by packages varying only by
      non-normalized name are hidden.
    - Clean up refleak on failed module initialisation in
      _zoneinfo
    - Clean up refleaks on failed module initialisation
      in in _pickle
    - Clean up refleak on failed module initialisation in
      _io.
    - Fix memory leak in math.dist() when both points
      don’t have the same dimension. Patch by Kumar Aditya.
    - Fix argument typechecks in _overlapped.WSAConnect()
      and _overlapped.Overlapped.WSASendTo() functions.
    - Fix internal error in the re module which in
      very rare circumstances prevented compilation of a regular
      expression containing a conditional expression without the
      “else” branch.
    - Fix asyncio.StreamWriter.drain() to call
      protocol.connection_lost callback only once on Windows.
    - Add a mutex to unittest.mock.NonCallableMock to
      protect concurrent access to mock attributes.
    - Fix hang on Windows in subprocess.wait_closed() in
      asyncio with ProactorEventLoop. Patch by Kumar Aditya.
    - Fix infinite loop in unittest when a
      self-referencing chained exception is raised
    - tkinter.Text.count() raises now an exception for
      options starting with “-” instead of silently ignoring them.
    - On uname_result, restored expectation that _fields
      and _asdict would include all six properties including
      processor.
    - Update the bundled copies of pip and setuptools to
      versions 22.3 and 65.5.0 respectively.
    - Fix bug in urllib.parse.urlparse() that causes
      certain port numbers containing whitespace, underscores,
      plus and minus signs, or non-ASCII digits to be incorrectly
      accepted.
    - Allow venv to pass along PYTHON* variables to
      ensurepip and pip when they do not impact path resolution
    - On macOS, fix a crash in syslog.syslog() in
      multi-threaded applications. On macOS, the libc syslog()
      function is not thread-safe, so syslog.syslog() no longer
      releases the GIL to call it. Patch by Victor Stinner.
    - Allow BUILTINS to be a valid field name for frozen
      dataclasses.
    - Make sure patch.dict() can be applied on async
      functions.
    - To avoid apparent memory leaks when
      asyncio.open_connection() raises, break reference cycles
      generated by local exception and future instances (which has
      exception instance as its member var). Patch by Dong Uk,
      Kang.
    - Prevent error when activating venv in nested fish
      instances.
    - Restrict use of sockets instead of pipes for stdin
      of subprocesses created by asyncio to AIX platform only.
    - shutil.copytree() now applies the
      ignore_dangling_symlinks argument recursively.
    - Fix IndexError in argparse.ArgumentParser when a
      store_true action is given an explicit argument.
    - Document that calling variadic functions with
      ctypes requires special care on macOS/arm64 (and possibly
      other platforms).
    - Skip test_normalization() of test_unicodedata
      if it fails to download NormalizationTest.txt file from
      pythontest.net. Patch by Victor Stinner.
    - Some C API tests were moved into the new
      Lib/test/test_capi/ directory.
    - Fix -Wimplicit-int, -Wstrict-prototypes, and
    - Wimplicit-function-declaration compiler warnings in
      configure checks.
    - Fix -Wimplicit-int compiler warning in configure
      check for PTHREAD_SCOPE_SYSTEM.
    - Specify the full path to the source location for
      make docclean (needed for cross-builds).
    - Fix NO_MISALIGNED_ACCESSES being not defined
      for the SHA3 extension when HAVE_ALIGNED_REQUIRED is
      set. Allowing builds on hardware that unaligned memory
      accesses are not allowed.
    - Fix handling of module docstrings in
      Tools/i18n/pygettext.py.
  - Remove upstreamed patches:
    - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
    - CVE-2015-20107-mailcap-unsafe-filenames.patch
    - CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
    - CVE-2022-45061-DoS-by-IDNA-decode.patch
* Wed Nov 09 2022 Matej Cepl <mcepl@suse.com>
  - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
    CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
    extremely long domain names.
* Thu Nov 03 2022 Matej Cepl <mcepl@suse.com>
  - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
    CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
    privilege escalation via the multiprocessing forkserver start
    method.
* Fri Oct 21 2022 Matej Cepl <mcepl@suse.com>
  - Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to
    allow building of documentation with the latest Sphinx 5.3.0
    (gh#python/cpython#98366).
* Wed Oct 19 2022 Matej Cepl <mcepl@suse.com>
  - Update to 3.10.8:
    - Fix multiplying a list by an integer (list *= int): detect
      the integer overflow when the new allocated length is close
      to the maximum size.
    - Fix a shell code injection vulnerability in the
      get-remote-certificate.py example script. The script no
      longer uses a shell to run openssl commands. (originally
      filed as CVE-2022-37460, later withdrawn)
    - Fix command line parsing: reject -X int_max_str_digits option
      with no value (invalid) when the PYTHONINTMAXSTRDIGITS
      environment variable is set to a valid limit.
    - When ValueError is raised if an integer is larger than the
      limit, mention the sys.set_int_max_str_digits() function in
      the error message.
    - The deprecated mailcap module now refuses to inject unsafe
      text (filenames, MIME types, parameters) into shell
      commands. Instead of using such text, it will warn and act
      as if a match was not found (or for test commands, as if the
      test failed).
    - os.sched_yield() now release the GIL while calling
      sched_yield(2).
    - Bugfix: PyFunction_GetAnnotations() should return a borrowed
      reference. It was returning a new reference.
    - Fixed a missing incref/decref pair in
      Exception.__setstate__().
    - Fix overly-broad source position information for chained
      comparisons used as branching conditions.
    - Fix undefined behaviour in _testcapimodule.c.
    - At Python exit, sometimes a thread holding the GIL can
      wait forever for a thread (usually a daemon thread) which
      requested to drop the GIL, whereas the thread already
      exited. To fix the race condition, the thread which requested
      the GIL drop now resets its request before exiting.
    - Fix a possible assertion failure, fatal error, or SystemError
      if a line tracing event raises an exception while opcode
      tracing is enabled.
    - Fix undefined behaviour in C code of null pointer arithmetic.
    - Do not expose KeyWrapper in _functools.
    - When loading a file with invalid UTF-8 inside a multi-line
      string, a correct SyntaxError is emitted.
    - Disable incorrect pickling of the C implemented classmethod
      descriptors.
    - Fix AttributeError missing name and obj attributes in       .
      object.__getattribute__() bpo-42316: Document some places   .
      where an assignment expression needs parentheses            .
    - Wrap network errors consistently in urllib FTP support, so
      the test suite doesn’t fail when a network is available but
      the public internet is not reachable.
    - Fixes AttributeError when subprocess.check_output() is used
      with argument input=None and either of the arguments encoding
      or errors are used.
    - Avoid spurious tracebacks from asyncio when default executor
      cleanup is delayed until after the event loop is closed (e.g.
      as the result of a keyboard interrupt).
    - Avoid a crash in the C version of
      asyncio.Future.remove_done_callback() when an evil argument
      is passed.
    - Remove tokenize.NL check from tabnanny.
    - Make Semaphore run faster.
    - Fix generation of the default name of
      tkinter.Checkbutton. Previously, checkbuttons in different
      parent widgets could have the same short name and share
      the same state if arguments “name” and “variable” are not
      specified. Now they are globally unique.
    - Update bundled libexpat to 2.4.9
    - Fix race condition in asyncio where process_exited() called
      before the pipe_data_received() leading to inconsistent
      output.
    - Fixed check in multiprocessing.resource_tracker that
      guarantees that the length of a write to a pipe is not
      greater than PIPE_BUF.
    - Corrected type annotation for dataclass attribute
      pstats.FunctionProfile.ncalls to be str.
    - Fix the faulthandler implementation of
      faulthandler.register(signal, chain=True) if the sigaction()
      function is not available: don’t call the previous signal
      handler if it’s NULL.
    - In inspect, fix overeager replacement of “typing.” in
      formatting annotations.
    - Fix asyncio.streams.StreamReaderProtocol to keep a strong
      reference to the created task, so that it’s not garbage
      collected
    - Fix handling compiler warnings (SyntaxWarning and
      DeprecationWarning) in codeop.compile_command() when checking
      for incomplete input. Previously it emitted warnings and
      raised a SyntaxError. Now it always returns None for
      incomplete input without emitting any warnings.
    - Fixed flickering of the turtle window when the tracer is
      turned off.
    - Allow asyncio.StreamWriter.drain() to be awaited concurrently
      by multiple tasks.
    - Fix broken asyncio.Semaphore when acquire is cancelled.
    - Fix ast.unparse() when ImportFrom.level is None
    - Improve performance of urllib.request.getproxies_environment
      when there are many environment variables
    - Fix ! in c domain ref target syntax via a conf.py patch, so
      it works as intended to disable ref target resolution.
    - Clarified the conflicting advice given in the ast
      documentation about ast.literal_eval() being “safe” for use
      on untrusted input while at the same time warning that it
      can crash the process. The latter statement is true and is
      deemed unfixable without a large amount of work unsuitable
      for a bugfix. So we keep the warning and no longer claim that
      literal_eval is safe.
    - Update tutorial introduction output to use 3.10+ SyntaxError
      invalid range.
  - Remove upstreamed test-int-timing.patch.
* Sun Sep 18 2022 Andreas Schwab <schwab@suse.de>
  - test-int-timing.patch: gh-96710: Make the test timing more lenient for
    the int/str DoS regression test. (#96717)
* Sun Sep 11 2022 Matej Cepl <mcepl@suse.com>
  - Update to 3.10.7:
    - Fix for CVE-2020-10735 (bsc#1203125) Converting between int
      and str in bases other than 2 (binary), 4, 8 (octal), 16
      (hexadecimal), or 32 such as base 10 (decimal) now raises
      a ValueError if the number of digits in string form is above
      a limit to avoid potential denial of service attacks due to
      the algorithmic complexity.
    - Other bug fixes:
    - Fixed a bug that caused _PyCode_GetExtra to return garbage
      for negative indexes.
    - Fix format string in _PyPegen_raise_error_known_location
      that can lead to memory corruption on some 64bit systems.
      The function was building a tuple with i (int) instead of
      n (Py_ssize_t) for Py_ssize_t arguments.
    - Fix misleading contents of error message when converting an
      all-whitespace string to float.
    - coroutine.throw() now properly initializes the frame.f_back
      when resuming a stack of coroutines. This allows e.g.
      traceback.print_stack() to work correctly when an exception
      (such as CancelledError) is thrown into a coroutine.
    - ast.parse() will no longer parse function definitions with
      positional-only params when passed feature_version less
      than (3, 8).
    - Correct conversion of numbers.Rational’s to float.
    - Fix a performance regression in logging
      TimedRotatingFileHandler. Only check for special files when
      the rollover time has passed.
    - Fix unused localName parameter in the Attr class in
      xml.dom.minidom.
    - Update bundled pip to 22.2.2.
    - Fail gracefully if EPERM or ENOSYS is raised when loading
      crypt methods. This may happen when trying to load MD5 on
      a Linux kernel with FIPS enabled.
    - Improve discoverability of the higher level
      concurrent.futures module by providing clearer links from
      the lower level threading and multiprocessing modules.
    - Update the default RFC base URL from deprecated
      tools.ietf.org to datatracker.ietf.org
    - Fix stylesheet not working in Windows CHM htmlhelp docs.
    - The documentation now lists which members of C structs are
      part of the Limited API/Stable ABI.
    - Mitigate the inherent race condition from using
      find_unused_port() in testSockName() by trying to find an
      unused port a few times before failing.
    - Build and test with OpenSSL 1.1.1q
    - Document handling of extensions in Save As dialogs.
    - Include prompts when saving Shell (interactive input and
      output).
* Wed Aug 17 2022 Dirk Müller <dmueller@suse.com>
  - fix import_failed.map to refer to the python 3.10 package versions
* Tue Aug 02 2022 Matej Cepl <mcepl@suse.com>
  - Update to 3.10.6:
    - gh-87389: http.server: Fix an open redirection vulnerability
      in the HTTP server when an URI path starts with //.
      Vulnerability discovered, and initial fix proposed, by Hamza
      Avvan. (bsc#1202624, CVE-2021-28861)
    - gh-92888: Fix memoryview use after free when accessing the
      backing buffer in certain cases.
    - gh-95355: _PyPegen_Parser_New now properly detects token
      memory allocation errors. Patch by Honglin Zhu.
    - gh-94938: Fix error detection in some builtin functions when
      keyword argument name is an instance of a str subclass with
      overloaded __eq__ and __hash__. Previously it could cause
      SystemError or other undesired behavior.
    - gh-94949: ast.parse() will no longer parse parenthesized
      context managers when passed feature_version less than
      (3, 9). Patch by Shantanu Jain.
    - gh-94947: ast.parse() will no longer parse assignment
      expressions when passed feature_version less than
      (3, 8). Patch by Shantanu Jain.
    - gh-94869: Fix the column offsets for some expressions in
      multi-line f-strings ast nodes. Patch by Pablo Galindo.
    - gh-91153: Fix an issue where a bytearray item assignment
      could crash if it’s resized by the new value’s __index__()
      method.
    - gh-94329: Compile and run code with unpacking of extremely
      large sequences (1000s of elements). Such code failed to
      compile. It now compiles and runs correctly.
    - gh-94360: Fixed a tokenizer crash when reading encoded
      files with syntax errors from stdin with non utf-8 encoded
      text. Patch by Pablo Galindo
    - gh-94192: Fix error for dictionary literals with invalid
      expression as value.
    - gh-93964: Strengthened compiler overflow checks to prevent
      crashes when compiling very large source files.
    - gh-93671: Fix some exponential backtrace case happening with
      deeply nested sequence patterns in match statements. Patch by
      Pablo Galindo
    - gh-93021: Fix the __text_signature__ for __get__() methods
      implemented in C. Patch by Jelle Zijlstra.
    - gh-92930: Fixed a crash in _pickle.c from mutating
      collections during __reduce__ or persistent_id.
    - gh-92914: Always round the allocated size for lists up to the
      nearest even number.
    - gh-92858: Improve error message for some suites with syntax
      error before ‘:’
    - gh-95339: Update bundled pip to 22.2.1.
    - gh-95045: Fix GC crash when deallocating _lsprof.Profiler by
      untracking it before calling any callbacks. Patch by Kumar
      Aditya.
    - gh-95087: Fix IndexError in parsing invalid date in the email
      module.
    - gh-95199: Upgrade bundled setuptools to 63.2.0.
    - gh-95194: Upgrade bundled pip to 22.2.
    - gh-93899: Fix check for existence of os.EFD_CLOEXEC,
      os.EFD_NONBLOCK and os.EFD_SEMAPHORE flags on older kernel
      versions where these flags are not present. Patch by Kumar
      Aditya.
    - gh-95166: Fix concurrent.futures.Executor.map() to cancel the
      currently waiting on future on an error - e.g. TimeoutError
      or KeyboardInterrupt.
    - gh-93157: Fix fileinput module didn’t support errors option
      when inplace is true.
    - gh-94821: Fix binding of unix socket to empty address
      on Linux to use an available address from the abstract
      namespace, instead of “0”.
    - gh-94736: Fix crash when deallocating an instance of a
      subclass of _multiprocessing.SemLock. Patch by Kumar Aditya.
    - gh-94637: SSLContext.set_default_verify_paths() now releases
      the GIL around SSL_CTX_set_default_verify_paths call. The
      function call performs I/O and CPU intensive work.
    - gh-94510: Re-entrant calls to sys.setprofile() and
      sys.settrace() now raise RuntimeError. Patch by Pablo
      Galindo.
    - gh-92336: Fix bug where linecache.getline() fails on bad
      files with UnicodeDecodeError or SyntaxError. It now returns
      an empty string as per the documentation.
    - gh-89988: Fix memory leak in pickle.Pickler when looking up
      dispatch_table. Patch by Kumar Aditya.
    - gh-94254: Fixed types of struct module to be immutable. Patch
      by Kumar Aditya.
    - gh-94245: Fix pickling and copying of typing.Tuple[()].
    - gh-94207: Made _struct.Struct GC-tracked in order to fix a
      reference leak in the _struct module.
    - gh-94101: Manual instantiation of ssl.SSLSession objects is
      no longer allowed as it lead to misconfigured instances that
      crashed the interpreter when attributes where accessed on
      them.
    - gh-84753: inspect.iscoroutinefunction(),
      inspect.isgeneratorfunction(), and
      inspect.isasyncgenfunction() now properly return True
      for duck-typed function-like objects like instances of
      unittest.mock.AsyncMock.
    - This makes inspect.iscoroutinefunction() consistent with the
      behavior of asyncio.iscoroutinefunction(). Patch by Mehdi
      ABAAKOUK.
    - gh-83499: Fix double closing of file description in tempfile.
    - gh-79512: Fixed names and __module__ value of weakref classes
      ReferenceType, ProxyType, CallableProxyType. It makes them
      pickleable.
    - gh-90494: copy.copy() and copy.deepcopy() now always raise
      a TypeError if __reduce__() returns a tuple with length 6
      instead of silently ignore the 6th item or produce incorrect
      result.
    - gh-90549: Fix a multiprocessing bug where a global named
      resource (such as a semaphore) could leak when a child
      process is spawned (as opposed to forked).
    - gh-79579: sqlite3 now correctly detects DML queries with
      leading comments. Patch by Erlend E. Aasland.
    - gh-93421: Update sqlite3.Cursor.rowcount when a DML
      statement has run to completion. This fixes the row count
      for SQL queries like UPDATE ... RETURNING. Patch by Erlend
      E. Aasland.
    - gh-91810: Suppress writing an XML declaration in open
      files in ElementTree.write() with encoding='unicode' and
      xml_declaration=None.
    - gh-93353: Fix the importlib.resources.as_file() context
      manager to remove the temporary file if destroyed late
      during Python finalization: keep a local reference to the
      os.remove() function. Patch by Victor Stinner.
    - gh-83658: Make multiprocessing.Pool raise an exception if
      maxtasksperchild is not None or a positive int.
    - gh-74696: shutil.make_archive() no longer temporarily changes
      the current working directory during creation of standard
      .zip or tar archives.
    - gh-91577: Move imports in SharedMemory methods to module
      level so that they can be executed late in python
      finalization.
    - bpo-47231: Fixed an issue with inconsistent trailing slashes
      in tarfile longname directories.
    - bpo-46755: In QueueHandler, clear stack_info from LogRecord
      to prevent stack trace from being written twice.
    - bpo-46053: Fix OSS audio support on NetBSD.
    - bpo-46197: Fix ensurepip environment isolation for subprocess
      running pip.
    - bpo-45924: Fix asyncio incorrect traceback when future’s
      exception is raised multiple times. Patch by Kumar Aditya.
    - bpo-34828: sqlite3.Connection.iterdump() now handles
      databases that use AUTOINCREMENT in one or more tables.
    - gh-94321: Document the PEP 246 style protocol type
      sqlite3.PrepareProtocol.
    - gh-86128: Document a limitation in ThreadPoolExecutor where
      its exit handler is executed before any handlers in atexit.
    - gh-61162: Clarify sqlite3 behavior when Using the connection
      as a context manager.
    - gh-87260: Align sqlite3 argument specs with the actual
      implementation.
    - gh-86986: The minimum Sphinx version required to build the
      documentation is now 3.2.
    - gh-88831: Augmented documentation of
      asyncio.create_task(). Clarified the need to keep strong
      references to tasks and added a code snippet detailing how to
      to this.
    - bpo-47161: Document that pathlib.PurePath does not collapse
      initial double slashes because they denote UNC paths.
    - gh-95280: Fix problem with test_ssl test_get_ciphers on
      systems that require perfect forward secrecy (PFS) ciphers.
    - gh-95212: Make multiprocessing test case
      test_shared_memory_recreate parallel-safe.
    - gh-91330: Added more tests for dataclasses to cover behavior
      with data descriptor-based fields.
    - gh-94208: test_ssl is now checking for supported TLS version
      and protocols in more tests.
    - gh-93951: In test_bdb.StateTestCase.test_skip, avoid
      including auxiliary importers.
    - gh-93957: Provide nicer error reporting from subprocesses in
      test_venv.EnsurePipTest.test_with_pip.
    - gh-57539: Increase calendar test coverage for
      calendar.LocaleTextCalendar.formatweekday().
    - gh-92886: Fixing tests that fail when running with
      optimizations (-O) in test_zipimport.py
    - bpo-47016: Create a GitHub Actions workflow for verifying
      bundled pip and setuptools. Patch by Illia Volochii and Adam
      Turner.
    - gh-94841: Fix the possible performance regression of
      PyObject_Free() compiled with MSVC version 1932.
    - gh-95511: Fix the Shell context menu copy-with-prompts bug of
      copying an extra line when one selects whole lines.
    - gh-95471: In the Edit menu, move Select All and add a new
      separator.
    - gh-95411: Enable using IDLE’s module browser with .pyw files.
    - gh-89610: Add .pyi as a recognized extension for IDLE on
      macOS. This allows opening stub files by double clicking on
      them in the Finder.
    - gh-94538: Fix Argument Clinic output to custom file
      destinations. Patch by Erlend E. Aasland.
    - gh-94430: Allow parameters named module and self with custom
      C names in Argument Clinic. Patch by Erlend E. Aasland
    - gh-94930: Fix SystemError raised when
      PyArg_ParseTupleAndKeywords() is used with # in (...) but
      without PY_SSIZE_T_CLEAN defined.
    - gh-94864: Fix PyArg_Parse* with deprecated format units “u”
      and “Z”. It returned 1 (success) when warnings are turned
      into exceptions.
  - Reapply patches
    - bpo-31046_ensurepip_honours_prefix.patch
    - fix_configure_rst.patch
    - no-skipif-doctests.patch
    - skip-test_pyobject_freed_is_freed.patch
* Sun Jul 31 2022 Stephan Kulow <coolo@suse.com>
  - Extend distutils-reproducible-compile.patch with a workaround
    for non reproducible pyc files issue 93317
* Thu Jul 21 2022 Matej Cepl <mcepl@suse.com>
  - Switch from %primary_interpreter to prjconf-defined
    %primary_python (gh#openSUSE/python-rpm-macros#127).
* Thu Jun 09 2022 Matej Cepl <mcepl@suse.com>
  - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
    CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
    command injection in the mailcap module.
  - Fix building of documentation and the universal configuration of the
    %primary_interpreter.
* Mon Jun 06 2022 Matej Cepl <mcepl@suse.com>
  - Update to 3.10.5:
    - Core and Builtins
    - gh-93418: Fixed an assert where an f-string has an equal
      sign ‘=’ following an expression, but there’s no trailing
      brace. For example, f”{i=”.
    - gh-91924: Fix __ltrace__ debug feature if the stdout
      encoding is not UTF-8. Patch by Victor Stinner.
    - gh-93061: Backward jumps after async for loops are no
      longer given dubious line numbers.
    - gh-93065: Fix contextvars HAMT implementation to handle
      iteration over deep trees.
    - The bug was discovered and fixed by Eli Libman. See
      MagicStack/immutables#84 for more details.
    - gh-92311: Fixed a bug where setting frame.f_lineno to jump
      over a list comprehension could misbehave or crash.
    - gh-92112: Fix crash triggered by an evil custom mro() on
      a metaclass.
    - gh-92036: Fix a crash in subinterpreters related to the
      garbage collector. When a subinterpreter is deleted,
      untrack all objects tracked by its GC. To prevent a crash
      in deallocator functions expecting objects to be tracked by
      the GC, leak a strong reference to these objects on
      purpose, so they are never deleted and their deallocator
      functions are not called. Patch by Victor Stinner.
    - gh-91421: Fix a potential integer overflow in
      _Py_DecodeUTF8Ex.
    - bpo-47212: Raise IndentationError instead of SyntaxError
      for a bare except with no following indent. Improve
      SyntaxError locations for an un-parenthesized generator
      used as arguments. Patch by Matthieu Dartiailh.
    - bpo-47182: Fix a crash when using a named unicode character
      like "\N{digit nine}" after the main interpreter has been
      initialized a second time.
    - bpo-47117: Fix a crash if we fail to decode characters in
      interactive mode if the tokenizer buffers are
      uninitialized. Patch by Pablo Galindo.
    - bpo-39829: Removed the __len__() call when initializing
      a list and moved initializing to list_extend. Patch by
      Jeremiah Pascual.
    - bpo-46962: Classes and functions that unconditionally
      declared their docstrings ignoring the
    - -without-doc-strings compilation flag no longer do so.
    - The classes affected are ctypes.UnionType,
      pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and
      types.GenericAlias.
    - The functions affected are 24 methods in ctypes.
    - Patch by Oleg Iarygin.
    - bpo-36819: Fix crashes in built-in encoders with error
      handlers that return position less or equal than the
      starting position of non-encodable characters.
    - Library
    - gh-93156: Accessing the pathlib.PurePath.parents sequence
      of an absolute path using negative index values produced
      incorrect results.
    - gh-89973: Fix re.error raised in fnmatch if the pattern
      contains a character range with upper bound lower than
      lower bound (e.g. [c-a]). Now such ranges are interpreted
      as empty ranges.
    - gh-93010: In a very special case, the email package tried
      to append the nonexistent InvalidHeaderError to the defect
      list. It should have been InvalidHeaderDefect.
    - gh-92839: Fixed crash resulting from calling
      bisect.insort() or bisect.insort_left() with the key
      argument not equal to None.
    - gh-91581: utcfromtimestamp() no longer attempts to resolve
      fold in the pure Python implementation, since the fold is
      never 1 in UTC. In addition to being slightly faster in the
      common case, this also prevents some errors when the
      timestamp is close to datetime.min. Patch by Paul Ganssle.
    - gh-92530: Fix an issue that occurred after interrupting
      threading.Condition.notify().
    - gh-92049: Forbid pickling constants re._constants.SUCCESS
      etc. Previously, pickling did not fail, but the result
      could not be unpickled.
    - bpo-47029: Always close the read end of the pipe used by
      multiprocessing.Queue after the last write of buffered data
      to the write end of the pipe to avoid BrokenPipeError at
      garbage collection and at multiprocessing.Queue.close()
      calls. Patch by Géry Ogam.
    - gh-91401: Provide a fail-safe way to disable subprocess use
      of vfork() via a private subprocess._USE_VFORK attribute.
      While there is currently no known need for this, if you
      find a need please only set it to False. File a CPython
      issue as to why you needed it and link to that from
      a comment in your code. This attribute is documented as
      a footnote in 3.11.
    - gh-91910: Add missing f prefix to f-strings in error
      messages from the multiprocessing and asyncio modules.
    - gh-91810: ElementTree method write() and function
      tostring() now use the text file’s encoding (“UTF-8” if not
      available) instead of locale encoding in XML declaration
      when encoding="unicode" is specified.
    - gh-91832: Add required attribute to argparse.Action repr
      output.
    - gh-91700: Compilation of regular expression containing
      a conditional expression (?(group)...) now raises an
      appropriate re.error if the group number refers to not
      defined group. Previously an internal RuntimeError was
      raised.
    - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown
      the per test event loop executor before returning from its
      run method so that a not yet stopped or garbage collected
      executor state does not persist beyond the test.
    - gh-90568: Parsing \N escapes of Unicode Named Character
      Sequences in a regular expression raises now re.error
      instead of TypeError.
    - gh-91595: Fix the comparison of character and integer
      inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu.
    - gh-90622: Worker processes for
      concurrent.futures.ProcessPoolExecutor are no longer
      spawned on demand (a feature added in 3.9) when the
      multiprocessing context start method is "fork" as that can
      lead to deadlocks in the child processes due to a fork
      happening while threads are running.
    - gh-91575: Update case-insensitive matching in the re module
      to the latest Unicode version.
    - gh-91581: Remove an unhandled error case in the
      C implementation of calls to datetime.fromtimestamp with no
      time zone (i.e. getting a local time from an epoch
      timestamp). This should have no user-facing effect other
      than giving a possibly more accurate error message when
      called with timestamps that fall on 10000-01-01 in the
      local time. Patch by Paul Ganssle.
    - bpo-47260: Fix os.closerange() potentially being a no-op in
      a Linux seccomp sandbox.
    - bpo-39064: zipfile.ZipFile now raises zipfile.BadZipFile
      instead of ValueError when reading a corrupt zip file in
      which the central directory offset is negative.
    - bpo-47151: When subprocess tries to use vfork, it now falls
      back to fork if vfork returns an error. This allows use in
      situations where vfork isn’t allowed by the OS kernel.
    - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve
      names for socket.AF_INET or socket.AF_INET6 families.
      Resolution may not make sense for other families, like
      socket.AF_BLUETOOTH and socket.AF_UNIX.
    - bpo-43323: Fix errors in the email module if the charset
      itself contains undecodable/unencodable characters.
    - bpo-47101: hashlib.algorithms_available now lists only
      algorithms that are provided by activated crypto providers
      on OpenSSL 3.0. Legacy algorithms are not listed unless the
      legacy provider has been loaded into the default OSSL
      context.
    - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor
      exception memory leak
    - bpo-45393: Fix the formatting for await x and not x in the
      operator precedence table when using the help() system.
    - bpo-46415: Fix ipaddress.ip_{address,interface,network}
      raising TypeError instead of ValueError if given invalid
      tuple as address parameter.
    - bpo-28249: Set doctest.DocTest.lineno to None when object
      does not have __doc__.
    - bpo-45138: Fix a regression in the sqlite3 trace callback
      where bound parameters were not expanded in the passed
      statement string. The regression was introduced in Python
      3.10 by bpo-40318. Patch by Erlend E. Aasland.
    - bpo-44493: Add missing terminated NUL in sockaddr_un’s
      length
    - This was potentially observable when using non-abstract
      AF_UNIX datagram sockets to processes written in another
      programming language.
    - bpo-42627: Fix incorrect parsing of Windows registry proxy
      settings
    - bpo-36073: Raise ProgrammingError instead of segfaulting on
      recursive usage of cursors in sqlite3 converters. Patch by
      Sergey Fedoseev.
    - Documentation
    - gh-86438: Clarify that -W and PYTHONWARNINGS are matched
      literally and case-insensitively, rather than as regular
      expressions, in warnings.
    - gh-92240: Added release dates for “What’s New in Python
      3.X” for 3.0, 3.1, 3.2, 3.8 and 3.10
    - gh-91888: Add a new gh role to the documentation to link to
      GitHub issues.
    - gh-91783: Document security issues concerning the use of
      the function shutil.unpack_archive()
    - gh-91547: Remove “Undocumented modules” page.
    - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of
      shutil.copytree().
    - bpo-38668: Update the introduction to documentation for
      os.path to remove warnings that became irrelevant after the
      implementations of PEP 383 and PEP 529.
    - bpo-47138: Pin Jinja to a version compatible with Sphinx
      version 3.2.1.
    - bpo-46962: All docstrings in code snippets are now wrapped
      into PyDoc_STR() to follow the guideline of PEP 7’s
      Documentation Strings paragraph. Patch by Oleg Iarygin.
    - bpo-26792: Improve the docstrings of runpy.run_module() and
      runpy.run_path(). Original patch by Andrew Brezovsky.
    - bpo-40838: Document that inspect.getdoc(),
      inspect.getmodule(), and inspect.getsourcefile() might
      return None.
    - bpo-45790: Adjust inaccurate phrasing in Defining Extension
      Types: Tutorial about the ob_base field and the macros used
      to access its contents.
    - bpo-42340: Document that in some circumstances
      KeyboardInterrupt may cause the code to enter an
      inconsistent state. Provided a sample workaround to avoid
      it if needed.
    - bpo-41233: Link the errnos referenced in
      Doc/library/exceptions.rst to their respective section in
      Doc/library/errno.rst, and vice versa. Previously this was
      only done for EINTR and InterruptedError. Patch by Yan
      “yyyyyyyan” Orestes.
    - bpo-38056: Overhaul the Error Handlers documentation in
      codecs.
    - bpo-13553: Document tkinter.Tk args.
    - Tests
    - gh-92886: Fixing tests that fail when running with
      optimizations (-O) in test_imaplib.py.
    - gh-92670: Skip
      test_shutil.TestCopy.test_copyfile_nonexistent_dir test on
      AIX as the test uses a trailing slash to force the OS
      consider the path as a directory, but on AIX the trailing
      slash has no effect and is considered as a file.
    - gh-91904: Fix initialization of
      PYTHONREGRTEST_UNICODE_GUARD which prevented running
      regression tests on non-UTF-8 locale.
    - gh-91607: Fix test_concurrent_futures to test the correct
      multiprocessing start method context in several cases where
      the test logic mixed this up.
    - bpo-47205: Skip test for sched_getaffinity() and
      sched_setaffinity() error case on FreeBSD.
    - bpo-47104: Rewrite asyncio.to_thread() tests to use
      unittest.IsolatedAsyncioTestCase.
    - bpo-29890: Add tests for ipaddress.IPv4Interface and
      ipaddress.IPv6Interface construction with tuple arguments.
      Original patch and tests by louisom.
    - Tools/Demos
    - gh-91583: Fix regression in the code generated by Argument
      Clinic for functions with the defining_class parameter.
* Tue May 10 2022 Matej Cepl <mcepl@suse.com>
  - Refresh bluez-devel-vendor.tar.xz
* Thu May 05 2022 Matej Cepl <mcepl@suse.com>
  - Switch primary_interpreter from python38 to python310 for
    Factory (only)
* Sat Mar 26 2022 Matej Cepl <mcepl@suse.com>
  - Update to 3.10.4:
    - bpo-46968: Check for the existence of the “sys/auxv.h” header
      in faulthandler to avoid compilation problems in systems
      where this header doesn’t exist. Patch by Pablo Galindo
    - bpo-23691: Protect the re.finditer() iterator from
      re-entering.
    - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to
      avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception
      when reading a ZipFile from multiple threads.
    - bpo-38256: Fix binascii.crc32() when it is compiled to use
      zlib’c crc32 to work properly on inputs 4+GiB in length
      instead of returning the wrong result. The workaround prior
      to this was to always feed the function data in increments
      smaller than 4GiB or to just call the zlib module function.
    - bpo-39394: A warning about inline flags not at the start of
      the regular expression now contains the position of the flag.
    - bpo-47061: Deprecate the various modules listed by PEP 594:
    - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt,
      imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd,
      sndhdr, spwd, sunau, telnetlib, uu, xdrlib
    - bpo-2604: Fix bug where doctests using globals would fail
      when run multiple times.
    - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
    - bpo-47022: The asynchat, asyncore and smtpd modules have been
      deprecated since at least Python 3.6. Their documentation and
      deprecation warnings and have now been updated to note they
      will removed in Python 3.12 (PEP 594).
    - bpo-46421: Fix a unittest issue where if the command was
      invoked as python -m unittest and the filename(s) began with
      a dot (.), a ValueError is returned.
    - bpo-40296: Fix supporting generic aliases in pydoc.
  - Update to 3.10.3:
    - bpo-46940: Avoid overriding AttributeError metadata
      information for nested attribute access calls. Patch by Pablo
      Galindo.
    - bpo-46852: Rename the private undocumented
      float.__set_format__() method to float.__setformat__() to fix
      a typo introduced in Python 3.7. The method is only used by
      test_float. Patch by Victor Stinner.
    - bpo-46794: Bump up the libexpat version into 2.4.6
    - bpo-46820: Fix parsing a numeric literal immediately (without
      spaces) followed by “not in” keywords, like in 1not in x. Now
      the parser only emits a warning, not a syntax error.
    - bpo-46762: Fix an assert failure in debug builds when a ‘<’,
      ‘>’, or ‘=’ is the last character in an f-string that’s
      missing a closing right brace.
    - bpo-46724: Make sure that all backwards jumps use the
      JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an
      argument of (2**32)+offset.
    - bpo-46732: Correct the docstring for the __bool__() method.
      Patch by Jelle Zijlstra.
    - bpo-46707: Avoid potential exponential backtracking when
      producing some syntax errors involving lots of brackets.
      Patch by Pablo Galindo.
    - bpo-40479: Add a missing call to va_end() in
      Modules/_hashopenssl.c.
    - bpo-46615: When iterating over sets internally in
      setobject.c, acquire strong references to the resulting items
      from the set. This prevents crashes in corner-cases of
      various set operations where the set gets mutated.
    - bpo-45773: Remove two invalid “peephole” optimizations from
      the bytecode compiler.
    - bpo-43721: Fix docstrings of getter, setter, and deleter to
      clarify that they create a new copy of the property.
    - bpo-46503: Fix an assert when parsing some invalid N escape
      sequences in f-strings.
    - bpo-46417: Fix a race condition on setting a type __bases__
      attribute: the internal function add_subclass() now gets the
      PyTypeObject.tp_subclasses member after calling
      PyWeakref_NewRef() which can trigger a garbage collection
      which can indirectly modify PyTypeObject.tp_subclasses. Patch
      by Victor Stinner.
    - bpo-46383: Fix invalid signature of _zoneinfo’s module_free
      function to resolve a crash on wasm32-emscripten platform.
    - bpo-46070: Py_EndInterpreter() now explicitly untracks all
      objects currently tracked by the GC. Previously, if an object
      was used later by another interpreter, calling
      PyObject_GC_UnTrack() on the object crashed if the previous
      or the next object of the PyGC_Head structure became
      a dangling pointer. Patch by Victor Stinner.
    - bpo-46339: Fix a crash in the parser when retrieving the
      error text for multi-line f-strings expressions that do not
      start in the first line of the string. Patch by Pablo Galindo
    - bpo-46240: Correct the error message for unclosed parentheses
      when the tokenizer doesn’t reach the end of the source when
      the error is reported. Patch by Pablo Galindo
    - bpo-46091: Correctly calculate indentation levels for lines
      with whitespace character that are ended by line continuation
      characters. Patch by Pablo Galindo
    - bpo-43253: Fix a crash when closing transports where the
      underlying socket handle is already invalid on the Proactor
      event loop.
    - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3,
      including bugfix for EntryPoint.extras, which was returning
      match objects and not the extras strings.
    - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip
      22.0.4)
    - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically
      determine size of signal handler stack size CPython allocates
      using getauxval(AT_MINSIGSTKSZ). This changes allows for
      Python extension’s request to Linux kernel to use AMX_TILE
      instruction set on Sapphire Rapids Xeon processor to succeed,
      unblocking use of the ISA in frameworks.
    - bpo-46955: Expose asyncio.base_events.Server as
      asyncio.Server. Patch by Stefan Zabka.
    - bpo-23325: The signal module no longer assumes that SIG_IGN
      and SIG_DFL are small int singletons.
    - bpo-46932: Update bundled libexpat to 2.4.7
    - bpo-25707: Fixed a file leak in
      xml.etree.ElementTree.iterparse() when the iterator is not
      exhausted. Patch by Jacob Walls.
    - bpo-44886: Inherit asyncio proactor datagram transport from
      asyncio.DatagramTransport.
    - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect()
      for selector-based event loops. Patch by Thomas Grainger.
    - bpo-46811: Make test suite support Expat >=2.4.5
    - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to
      transport-based APIs.
    - bpo-46784: Fix libexpat symbols collisions with user
      dynamically loaded or statically linked libexpat in embedded
      Python.
    - bpo-39327: shutil.rmtree() can now work with VirtualBox
      shared folders when running from the guest operating-system.
    - bpo-46756: Fix a bug in
      urllib.request.HTTPPasswordMgr.find_user_password() and
      urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated()
      which allowed to bypass authorization. For example, access to
      URI example.org/foobar was allowed if the user was authorized
      for URI example.org/foo.
    - bpo-46643: In typing.get_type_hints(), support evaluating
      stringified ParamSpecArgs and ParamSpecKwargs annotations.
      Patch by Gregory Beauregard.
    - bpo-45863: When the tarfile module creates a pax format
      archive, it will put an integer representation of timestamps
      in the ustar header (if possible) for the benefit of older
      unarchivers, in addition to the existing full-precision
      timestamps in the pax extended header.
    - bpo-46676: Make typing.ParamSpec args and kwargs equal to
      themselves. Patch by Gregory Beauregard.
    - bpo-46672: Fix NameError in asyncio.gather() when initial
      type check fails.
    - bpo-46655: In typing.get_type_hints(), support evaluating
      bare stringified TypeAlias annotations. Patch by Gregory
      Beauregard.
    - bpo-45948: Fixed a discrepancy in the C implementation of the
      xml.etree.ElementTree module. Now, instantiating an
      xml.etree.ElementTree.XMLParser with a target=None keyword
      provides a default xml.etree.ElementTree.TreeBuilder target
      as the Python implementation does.
    - bpo-46521: Fix a bug in the codeop module that was
      incorrectly identifying invalid code involving string quotes
      as valid code.
    - bpo-46581: Brings ParamSpec propagation for GenericAlias in
      line with Concatenate (and others).
    - bpo-46591: Make the IDLE doc URL on the About IDLE dialog
      clickable.
    - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
    - bpo-46487: Add the get_write_buffer_limits method to
      asyncio.transports.WriteTransport and to the SSL transport.
    - bpo-45173: Note the configparser deprecations will be removed
      in Python 3.12.
    - bpo-46539: In typing.get_type_hints(), support evaluating
      stringified ClassVar and Final annotations inside Annotated.
      Patch by Gregory Beauregard.
    - bpo-46491: Allow typing.Annotated to wrap typing.Final and
      typing.ClassVar. Patch by Gregory Beauregard.
    - bpo-46436: Fix command-line option -d/--directory in module
      http.server which is ignored when combined with command-line
      option --cgi. Patch by Géry Ogam.
    - bpo-41403: Make mock.patch() raise a TypeError with
      a relevant error message on invalid arg. Previously it
      allowed a cryptic AttributeError to escape.
    - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid
      potential REDoS by limiting ambiguity in consecutive
      whitespace.
    - bpo-46469: asyncio generic classes now return
      types.GenericAlias in __class_getitem__ instead of the same
      class.
    - bpo-46434: pdb now gracefully handles help when __doc__ is
      missing, for example when run with pregenerated optimized
      .pyc files.
    - bpo-46333: The __eq__() and __hash__() methods of
      typing.ForwardRef now honor the module parameter of
      typing.ForwardRef. Forward references from different modules
      are now differentiated.
    - bpo-46246: Add missing __slots__ to
      importlib.metadata.DeprecatedList. Patch by Arie Bovenberg.
    - bpo-46266: Improve day constants in calendar.
    - Now all constants (MONDAY … SUNDAY) are documented, tested,
      and added to __all__.
    - bpo-46232: The ssl module now handles certificates with bit
      strings in DN correctly.
    - bpo-43118: Fix a bug in inspect.signature() that was causing
      it to fail on some subclasses of classes with
      a __text_signature__ referencing module globals. Patch by
      Weipeng Hong.
    - bpo-26552: Fixed case where failing asyncio.ensure_future()
      did not close the coroutine. Patch by Kumar Aditya.
    - bpo-21987: Fix an issue with tarfile.TarFile.getmember()
      getting a directory name with a trailing slash.
    - bpo-20392: Fix inconsistency with uppercase file extensions
      in MimeTypes.guess_type(). Patch by Kumar Aditya.
    - bpo-46080: Fix exception in argparse help text generation if
      a argparse.BooleanOptionalAction argument’s default is
      argparse.SUPPRESS and it has help specified. Patch by Felix
      Fontein.
    - bpo-44439: Fix .write() method of a member file in ZipFile,
      when the input data is an object that supports the buffer
      protocol, the file length may be wrong.
    - bpo-45703: When a namespace package is imported before
      another module from the same namespace is created/installed
      in a different sys.path location while the program is
      running, calling the importlib.invalidate_caches() function
      will now also guarantee the new module is noticed.
    - bpo-24959: Fix bug where unittest sometimes drops frames from
      tracebacks of exceptions raised in tests.
    - bpo-44791: Fix substitution of ParamSpec in Concatenate with
      different parameter expressions. Substitution with a list of
      types returns now a tuple of types. Substitution with
      Concatenate returns now a Concatenate with concatenated lists
      of arguments.
    - bpo-14156: argparse.FileType now supports an argument of ‘-’
      in binary mode, returning the .buffer attribute of
      sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and
      ‘a’ are treated equivalently to ‘w’ when argument is ‘-’.
      Patch contributed by Josh Rosenberg
    - bpo-46463: Fixes escape4chm.py script used when building the
      CHM documentation file
    - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is
      built with undefined behavior sanitizer (UBSAN): disable
      UBSAN on the faulthandler_sigfpe() function. Patch by Victor
      Stinner.
    - bpo-46708: Prevent default asyncio event loop policy
      modification warning after test_asyncio execution.
    - bpo-46678: The function make_legacy_pyc in
      Lib/test/support/import_helper.py no longer fails when
      PYTHONPYCACHEPREFIX is set to a directory on a different
      device from where tempfiles are stored.
    - bpo-46616: Ensures test_importlib.test_windows cleans up
      registry keys after completion.
    - bpo-44359: test_ftplib now silently ignores socket errors to
      prevent logging unhandled threading exceptions. Patch by
      Victor Stinner.
    - bpo-46542: Fix a Python crash in test_lib2to3 when using
      Python built in debug mode: limit the recursion limit. Patch
      by Victor Stinner.
    - bpo-46576: test_peg_generator now disables compiler
      optimization when testing compilation of its own C extensions
      to significantly speed up the testing on non-debug builds of
      CPython.
    - bpo-46542: Fix test_json tests checking for RecursionError:
      modify these tests to use support.infinite_recursion(). Patch
      by Victor Stinner.
    - bpo-13886: Skip test_builtin PTY tests on non-ASCII
      characters if the readline module is loaded. The readline
      module changes input() behavior, but test_builtin is not
      intented to test the readline module. Patch by Victor
      Stinner.
    - bpo-38472: Fix GCC detection in setup.py when
      cross-compiling. The C compiler is now run with LC_ALL=C.
      Previously, the detection failed with a German locale.
    - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro
      and pyconfig.h no longer defines reserved symbol
      __CHAR_UNSIGNED__.
    - bpo-45296: Clarify close, quit, and exit in IDLE. In the File
      menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current
      one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows).
      In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there
      are no other windows, this also exits IDLE.
    - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch
      by Alex Waygood and Terry Jan Reedy.
    - bpo-46433: The internal function _PyType_GetModuleByDef now
      correctly handles inheritance patterns involving static
      types.
    - bpo-14916: Fixed bug in the tokenizer that prevented
      PyRun_InteractiveOne from parsing from the provided FD.
* Thu Mar 24 2022 David Anes <david.anes@suse.com>
  - (bsc#1196784, CVE-2022-25236) Rename patch:
    support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
    and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
    as it was fully patched against CVE-2022-25236.
* Tue Feb 22 2022 Steve Kowalik <steven.kowalik@suse.com>
  - Add patch support-expat-245.patch:
    * Support Expat >= 2.4.5
* Tue Feb 15 2022 Matej Cepl <mcepl@suse.com>
  - bsc#1195831 Obsolete older "most modern" versions of python
    packages (python39 for python310 and so forth). For next
    versions it is necessary just to edit the macro.
* Tue Jan 25 2022 Matej Cepl <mcepl@suse.com>
  - Remove second superfluous BR rpm-build-python
* Tue Jan 25 2022 Matej Cepl <mcepl@suse.com>
  - Remove second superfluous BR rpm-build-python
  - Add fix_configure_rst.patch, which removes duplicate link
    targets and make documentation with old Sphinx in SLE
  - Skip test_capi (bsc#1195140 and bpo#37169)
* Wed Jan 19 2022 Matej Cepl <mcepl@suse.com>
  - Update to 3.10.2:
    Bugfix only
    - bpo#46347 memory leak in PyEval_EvalCodeEx (especially
      visible with Cython code)
    - and many others

Files

/usr/lib/python3.10
/usr/lib/python3.10/lib-dynload
/usr/lib/python3.10/lib-dynload/_sqlite3.cpython-310-arm-linux-gnueabihf.so
/usr/lib/python3.10/lib-dynload/readline.cpython-310-arm-linux-gnueabihf.so
/usr/lib/python3.10/sqlite3
/usr/lib/python3.10/sqlite3/__init__.py
/usr/lib/python3.10/sqlite3/__pycache__
/usr/lib/python3.10/sqlite3/__pycache__/__init__.cpython-310.opt-1.pyc
/usr/lib/python3.10/sqlite3/__pycache__/__init__.cpython-310.opt-2.pyc
/usr/lib/python3.10/sqlite3/__pycache__/__init__.cpython-310.pyc
/usr/lib/python3.10/sqlite3/__pycache__/dbapi2.cpython-310.opt-1.pyc
/usr/lib/python3.10/sqlite3/__pycache__/dbapi2.cpython-310.opt-2.pyc
/usr/lib/python3.10/sqlite3/__pycache__/dbapi2.cpython-310.pyc
/usr/lib/python3.10/sqlite3/__pycache__/dump.cpython-310.opt-1.pyc
/usr/lib/python3.10/sqlite3/__pycache__/dump.cpython-310.opt-2.pyc
/usr/lib/python3.10/sqlite3/__pycache__/dump.cpython-310.pyc
/usr/lib/python3.10/sqlite3/dbapi2.py
/usr/lib/python3.10/sqlite3/dump.py


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Oct 24 23:22:36 2025