Removed rpms ============ - gnome-icon-theme - gnome-icon-theme-extras - gnome-icon-theme-symbolic - libnautilus-extension1 - remmina-plugin-xdmcp Added rpms ========== Package Source Changes ====================== ffmpeg-4 +- Add ffmpeg-CVE-2024-31578.patch: + Backporting ab0fdaed from upstream, Fix heap use after free when + vulkan_frames_init failed. + (CVE-2024-31578 bsc#1223070) + +- Add ffmpeg-CVE-2023-51793.patch: + Backporting 0ecc1f0e from upstream, Fix odd height handling, Fix + out of array access. + (CVE-2023-51793 bsc#1223272) + +- Add ffmpeg-CVE-2023-49502.patch + Backporting 737ede40 from upstream, Adjusts the logic to consider + the chroma planes and makes the change to all three bwdif + implementations. + (CVE-2023-49502 bsc#1223235) + flatpak +- Update to version 1.14.6: + * Security fixes: + - Don't allow an executable name to be misinterpreted as a + command-line option for bwrap(1). This prevents a sandbox + escape where a malicious or compromised app could ask + xdg-desktop-portal to generate a .desktop file with access + to files outside the sandbox. (CVE-2024-32462, bsc#1223110) + * Other bug fixes: + - Don't parse as the application + name + glib2 +- require dbus-launch only if dbus-service is wanted. This helps + with stripping down container-only builds (jsc#PED-8153) + glibc +- glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch: + nscd: Stack-based buffer overflow in netgroup cache + (CVE-2024-33599, bsc#1223423) +- glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch: + nscd: Avoid null pointer crashes after notfound response + (CVE-2024-33600, bsc#1223424) +- glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch: + nscd: Do not send missing not-found response in addgetnetgrentX + (CVE-2024-33600, bsc#1223424) +- glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch: + netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601, + CVE-2024-33602, bsc#1223425) + +- iconv-iso-2022-cn-ext.patch: iconv: ISO-2022-CN-EXT: fix out-of-bound + writes when writing escape sequence (CVE-2024-2961, bsc#1222992) + kernel-default +- Update kabi files: updated for post-PublicRC +- commit f978f5f + +- Update + patches.suse/Bluetooth-btrtl-fix-out-of-bounds-memory-access.patch + (git-fixes CVE-2024-26890 bsc#1223192). +- Update + patches.suse/RDMA-mlx5-Fix-fortify-source-warning-while-accessing.patch + (jsc#PED-3311 CVE-2024-26907 bsc#1223203). +- Update + patches.suse/Revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-e.patch + (git-fixes CVE-2024-26916 bsc#1223137). +- Update + patches.suse/crypto-xilinx-call-finalize-with-bh-disabled.patch + (git-fixes CVE-2024-26877 bsc#1223140). +- Update + patches.suse/dm-call-the-resume-method-on-internal-suspend-65e8.patch + (git-fixes CVE-2024-26880 bsc#1223188). +- Update + patches.suse/drm-amd-display-Fix-dcn35-8k30-Underflow-Corruption-.patch + (git-fixes CVE-2024-26913 bsc#1223204). +- Update + patches.suse/drm-amd-display-fix-incorrect-mpc_combine-array-size.patch + (git-fixes CVE-2024-26914 bsc#1223205). +- Update patches.suse/drm-amdgpu-Reset-IH-OVERFLOW_CLEAR-bit.patch + (git-fixes CVE-2024-26915 bsc#1223207). +- Update + patches.suse/firmware-arm_scmi-Fix-double-free-in-SMC-transport-c.patch + (git-fixes CVE-2024-26893 bsc#1223196). +- Update + patches.suse/net-tls-fix-use-after-free-with-partial-reads-and-as.patch + (bsc#1221858 CVE-2024-26582 bsc#1220214). +- Update + patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch + (git-fixes CVE-2024-26897 bsc#1223323). +- Update + patches.suse/wifi-mt76-mt7921e-fix-use-after-free-in-free_irq.patch + (git-fixes CVE-2024-26892 bsc#1223195). +- Update + patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch + (git-fixes CVE-2024-26895 bsc#1223197). +- commit d9b565f + +- Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing + Adv Monitor (bsc#1219216). +- commit 81c5485 + +- Update + patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch + (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482). +- Update + patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch + (git-fixes CVE-2024-26891 bsc#1223037). +- Update + patches.suse/ACPI-processor_idle-Fix-memory-leak-in-acpi_processo.patch + (git-fixes CVE-2024-26894 bsc#1223043). +- Update + patches.suse/ASoC-qcom-Fix-uninitialized-pointer-dmactl.patch + (git-fixes CVE-2024-26799 bsc#1222415). +- Update + patches.suse/Bluetooth-Avoid-potential-use-after-free-in-hci_erro.patch + (git-fixes CVE-2024-26801 bsc#1222413). +- Update patches.suse/Bluetooth-af_bluetooth-Fix-deadlock.patch + (git-fixes CVE-2024-26886 bsc#1223044). +- Update + patches.suse/IB-hfi1-Fix-a-memleak-in-init_credit_return.patch + (git-fixes CVE-2024-26839 bsc#1222975). +- Update + patches.suse/RDMA-irdma-Fix-KASAN-issue-with-tasklet.patch + (git-fixes CVE-2024-26838 bsc#1222974). +- Update + patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch + (git-fixes CVE-2024-26872 bsc#1223115). +- Update + patches.suse/afs-Fix-endless-loop-in-directory-parsing.patch + (git-fixes CVE-2024-26848 bsc#1223030). +- Update + patches.suse/afs-Increase-buffer-size-in-afs_update_volume_status.patch + (git-fixes CVE-2024-26736 bsc#1222586). +- Update + patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch + (bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430). +- Update + patches.suse/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch + (bsc#1220265 CVE-2024-26840 bsc#1222976). +- Update + patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch + (bsc#1221391 CVE-2024-26689 bsc#1222503). +- Update + patches.suse/clk-meson-Add-missing-clocks-to-axg_clk_regmaps.patch + (git-fixes CVE-2024-26879 bsc#1223066). +- Update + patches.suse/crypto-algif_hash-Remove-bogus-SGL-free-on-zero-leng.patch + (git-fixes CVE-2024-26824 bsc#1223081). +- Update + patches.suse/dmaengine-fsl-qdma-init-irq-after-reg-initialization.patch + (git-fixes CVE-2024-26788 bsc#1222783). +- Update + patches.suse/dmaengine-idxd-Ensure-safe-user-copy-of-completion-r.patch + (bsc#1221428 git-fixes CVE-2024-26746 bsc#1222444). +- Update + patches.suse/drm-amd-display-Fix-MST-Null-Ptr-for-RV.patch + (git-fixes CVE-2024-26700 bsc#1222870). +- Update + patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch + (git-fixes CVE-2024-26833 bsc#1223036). +- Update + patches.suse/drm-amd-display-Fix-potential-null-pointer-dereferen.patch + (git-fixes CVE-2024-26729 bsc#1222552). +- Update + patches.suse/drm-amd-display-Prevent-potential-buffer-overflow-in.patch + (git-fixes CVE-2024-26797 bsc#1222425). +- Update + patches.suse/drm-bridge-adv7511-fix-crash-on-irq-during-probe.patch + (git-fixes CVE-2024-26876 bsc#1223119). +- Update + patches.suse/drm-buddy-Fix-alloc_range-error-handling-code.patch + (git-fixes CVE-2024-26911 bsc#1223055). +- Update + patches.suse/drm-mediatek-Fix-a-null-pointer-crash-in-mtk_drm_crt.patch + (git-fixes CVE-2024-26874 bsc#1223048). +- Update + patches.suse/drm-nouveau-fix-several-DMA-buffer-leaks.patch + (git-fixes CVE-2024-26912 bsc#1223064). +- Update + patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch + (git-fixes CVE-2024-26843 bsc#1223014). +- Update + patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch + (git-fixes CVE-2024-26798 bsc#1222798). +- Update + patches.suse/i40e-Do-not-allow-untrusted-VF-to-remove-administrat.patch + (git-fixes CVE-2024-26830 bsc#1223012). +- Update + patches.suse/iio-adc-ad4130-zero-initialize-clock-init-data.patch + (git-fixes CVE-2024-26711 bsc#1222420). +- Update + patches.suse/md-Don-t-suspend-the-array-for-interrupted-reshape-9e46.patch + (git-fixes CVE-2024-26755 bsc#1222529). +- Update patches.suse/media-ir_toy-fix-a-memleak-in-irtoy_tx.patch + (git-fixes CVE-2024-26829 bsc#1223027). +- Update + patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch + (git-fixes CVE-2024-26875 bsc#1223118). +- Update + patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch + (git-fixes CVE-2024-26820 bsc#1223078). +- Update + patches.suse/net-bnx2x-Prevent-access-to-a-freed-page-in-page_poo.patch + (bsc#1215322 CVE-2024-26859 bsc#1223049). +- Update + patches.suse/net-veth-clear-GRO-when-clearing-XDP-even-when-down.patch + (git-fixes CVE-2024-26803 bsc#1222788). +- Update + patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch + (git-fixes CVE-2024-26825 bsc#1223065). +- Update + patches.suse/nilfs2-fix-data-corruption-in-dsync-block-recovery-f.patch + (git-fixes CVE-2024-26697 bsc#1222550). +- Update + patches.suse/nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch + (git-fixes CVE-2024-26696 bsc#1222549). +- Update + patches.suse/powerpc-iommu-Fix-the-missing-iommu_group_put-during.patch + (jsc#PED-7779 jsc#PED-7780 git-fixes CVE-2024-26709 + bsc#1222418). +- Update + patches.suse/powerpc-kasan-Limit-KASAN-thread-size-increase-to-32.patch + (bsc#1215199 CVE-2024-26710 bsc#1222419). +- Update + patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch + (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738 bsc#1222607). +- Update + patches.suse/powerpc-rtas-use-correct-function-name-for-resetting.patch + (bsc#1215199 CVE-2024-26847 bsc#1223026). +- Update patches.suse/ppp_async-limit-MRU-to-64K.patch (git-fixes + CVE-2024-26675 bsc#1222379). +- Update + patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch + (git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056). +- Update + patches.suse/wifi-iwlwifi-mvm-fix-a-crash-when-we-run-out-of-stat.patch + (git-fixes CVE-2024-26693 bsc#1222451). +- Update + patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch + (git-fixes CVE-2024-26779 bsc#1222772). +- Update + patches.suse/wifi-wfx-fix-memory-leak-when-starting-AP.patch + (git-fixes CVE-2024-26896 bsc#1223042). +- Update + patches.suse/xen-events-close-evtchn-after-mapping-cleanup.patch + (git-fixes CVE-2024-26687 bsc#1222435). +- commit a69636a + +- Update + patches.suse/iio-core-fix-memleak-in-iio_device_register_sysfs.patch + (git-fixes CVE-2023-52643 bsc#1222960). +- Update + patches.suse/media-rc-bpf-attach-detach-requires-write-permission.patch + (git-fixes CVE-2023-52642 bsc#1223031). +- Update + patches.suse/wifi-b43-Stop-wake-correct-queue-in-DMA-Tx-path-when.patch + (git-fixes CVE-2023-52644 bsc#1222961). +- commit 2c2d37f + +- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424) +- commit 9436142 + +- nvme-tcp: strict pdu pacing to avoid send stalls on TLS + (bsc#1221858). +- tls: fix peeking with sync+async decryption (bsc#1221858). +- tls: don't skip over different type records from the rx_list + (bsc#1221858). +- tls: stop recv() if initial process_rx_list gave us non-DATA + (bsc#1221858). +- tls: break out of main loop when PEEK gets a non-data record + (bsc#1221858). +- net: tls: fix returned read length with async decrypt + (bsc#1221858). +- net: tls: fix use-after-free with partial reads and async + (bsc#1221858). +- net: tls, fix WARNIING in __sk_msg_free (bsc#1221858). +- commit 9d8d293 + libproxy:backend +- Do not use %elif by now since SLE, Leap does not have an rpm + supporting the tag. + +- Drop pkgconfig(libsoup-3.0) BuildRequires: no longer needed. + libproxy:client +- Do not use %elif by now since SLE, Leap does not have an rpm + supporting the tag. + +- Drop pkgconfig(libsoup-3.0) BuildRequires: no longer needed. + mutter +- Add 0001-Revert-clutter-stage-Avoid-queueing-stage-updates-wh.patch: + Reverting commit 261f516a to fix black screen on Xorg when logging + in or logging out (glgo#GNOME/mutter#3452 bsc#1222612). + nautilus-share -- Fix `'net usershare' returned error 255`; (bsc#1208375). - Add patch Bug1208375.patch. +- Fix build with RPM 4.19: unnumbered patches are no longer + supported. + +- Add 5.patch: Fix `'net usershare' returned error 255` + (bsc#1208375). + +- Update to version 0.7.5: + + Fix dialogs for permission changes + + Fix misc issues +- Changes from version 0.7.4: + + Port to libnautilus-extension-4 for Nautilus 43 compatibility + + Port to GTK4 + + Port from autotools to Meson + + Fix misc issues +- Switch to source service. +- Add meson BuildRequires and macros following upstreams port. +- Other changes in BuildRequires: + + Added: pkgconfig, pkgconfig(glib-2.0), pkgconfig(gtk4) and + pkgconfig(libnautilus-extension-4) + + Dropped: intltool, nautilus-devel and libtool. +- Add nautilus-share-lang-fix.patch: Add LINGUAS file to po dir + https://gitlab.gnome.org/coreyberla/nautilus-share/-/issues/2 +- Drop upstream fixed patch: nautilus-share-ar-plural.patch + +- Remove obsolete translation-update-upstream support + (jsc#SLE-21105). + +- Require samba-client instead of samba: we need /usr/bin/net, + which is a client tool (identified as part of boo#1183047). + +- No longer recommend -lang: supplements are in use + +- Ensure neutrality of descriptions. + +- Drop Requires: gnome-icon-theme; the appropriate icon is + provided by adwaita-icon-theme (pulled in by gtk3) already. -- Update to version 0.7.3: - + See previous entry for the list of changes; there is no new - change. -- Drop nautilus-share-git20110615-6c0fa271.patch: part of upstream. - -- Add nautilus-share-git20110615-6c0fa271.patch. This is a patch - adding all changes to git from 0.7.2 to today (6c0fa271). This - contains the following changes: - + Allow actions to be undone without closing window - + Do not always require go+rx permissions - + Set the title of the sharing options window - + Standardize wording for writable option - + Change location of Comment field - + Use folder-remote icon - + Fix validation of false positives - + Fix false negative in detecting writable option - + Don't print status messages in session log - + Remove usage of deprecated libraries (libgnomeui, gnome-vfs, - eel, libglade) - + Build fixes. -- Drop nautilus-share-drop-eel.patch and - nautilus-share-bnc358451-extension-dir.patch: they are included - in the patch. -- Drop nautilus-share-po.tar.gz: translation-update-upstream does - the work of updating translations already. -- Remove unneeded BuildRequires: fdupes, gnome-patch-translation, - libglade2-devel, update-desktop-files. -- Fix build against GNOME 3, by packaging the file in the right - directory (which is versioned). We use pkg-config to find this - directory now, instead of manually defining it. -- Update Url tag to git.gnome.org, since the old website is down. -- Use spec-cleaner to cleanup spec file. - -- Change lang package Requires to Recommends since it is not - mandatory at runtime. - -- Added support for translation-update-upstream (FATE#301344). - -- Add nautilus-share-drop-eel.patch to let us drop eel and - gnome-vfs dependecies. -- Adjust BuildRequires. - -- Translations update. - -- Translation update - python311 +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads. + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists over + multiple lines in combination with unicode encoding. + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +- Because of bsc#1189495 we have to revert use of %autopatch. + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + - -huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + - -verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + - -match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + - -enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + - jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + python311:base +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads. + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists over + multiple lines in combination with unicode encoding. + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +- Because of bsc#1189495 we have to revert use of %autopatch. + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + - -huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + - -verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + - -match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + - -enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + - jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + qemu +- Backports and bugfixes: + * hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() (bsc#1222841, CVE-2024-3567) + * hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446) + * hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446) + * hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446) + * hw/virtio: Introduce virtio_bh_new_guarded() helper (bsc#1222843, CVE-2024-3446) + * hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (bsc#1222845, CVE-2024-3447) + * hw/nvme: Use pcie_sriov_num_vfs() (bsc#1220065, CVE-2024-26328) + +- Update to version 8.2.2. Full changelog here: + https://lore.kernel.org/qemu-devel/1709577077.783602.1474596.nullmailer@tls.msk.ru/ + Some upstream backports: + * chardev/char-socket: Fix TLS io channels sending too much data to the backend + * tests/unit/test-util-sockets: Remove temporary file after test + * hw/usb/bus.c: PCAP adding 0xA in Windows version + * hw/intc/Kconfig: Fix GIC settings when using "--without-default-devices" + * gitlab: force allow use of pip in Cirrus jobs + * tests/vm: avoid re-building the VM images all the time + * tests/vm: update openbsd image to 7.4 + * target/i386: leave the A20 bit set in the final NPT walk + * target/i386: remove unnecessary/wrong application of the A20 mask + * target/i386: Fix physical address truncation + * target/i386: check validity of VMCB addresses + * target/i386: mask high bits of CR3 in 32-bit mode + * pl031: Update last RTCLR value on write in case it's read back + * hw/nvme: fix invalid endian conversion + * update edk2 binaries to edk2-stable202402 + * update edk2 submodule to edk2-stable202402 + * target/ppc: Fix crash on machine check caused by ifetch + * target/ppc: Fix lxv/stxv MSR facility check + * .gitlab-ci.d/windows.yml: Drop msys2-32bit job + * system/vl: Update description for input grab key + * docs/system: Update description for input grab key + * hw/hppa/Kconfig: Fix building with "configure --without-default-devices" + * tests/qtest: Depend on dbus_display1_dep + * meson: Explicitly specify dbus-display1.h dependency + * audio: Depend on dbus_display1_dep + * ui/console: Fix console resize with placeholder surface + * ui/clipboard: add asserts for update and request + * ui/clipboard: mark type as not available when there is no data + * ui: reject extended clipboard message if not activated + * target/i386: Generate an illegal opcode exception on cmp instructions with lock prefix + * i386/cpuid: Move leaf 7 to correct group + * i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F + * i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs + * i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not available + * .gitlab-ci/windows.yml: Don't install libusb or spice packages on 32-bit + * iotests: Make 144 deterministic again + * target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU + * target/arm: Fix SVE/SME gross MTE suppression checks + * target/arm: Handle mte in do_ldrq, do_ldro +- Address bsc#1220310. Backported upstream commits: + * ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS + * ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs. + remmina +- Fix dependency on SLE-15-SP6 + +- Update to 1.4.35 stable release. + +- Update to version 1.4.34~git.20240221 (boo#1220149): + * Updated call to set FreeRDP_LoadBalanceInfo + * Revert setting loadbalanceinfo to the old method used before FreeRDP3 + * Add FreeRDP version to cmake status messages + * FreeRDP3: Fix crash with disablepasswordstoring enabled + * [REM-3047] fix issue compiling with gcc-14 + * Check if WINPR_ASSERT is defined + * Allow running an SSH command when connecting via ssh tunnel + * Fix build for openssl-1.1 + +- Update to version 1.4.33~git.20240124: + * Add support for FreeRDP 3.x + * Allow Remmina to be built without FreeRDP + * Made file not empty to allow setting for Service Desk + +- Update to version 1.4.33: + * Add shortcut for 'send clipboard as keystrokes' + * Make keeping window open on session disconnect configurable + * Fix crash cause by using freed memory + +- Update to remmina version 1.4.32: + * [REM2916] Added option to kill async process started by + exec plugin on tab close + * Fix search bar toggle behavior + * Fix memory leaks + * [REM-2920] Password visibility can now be toggled on remmina_message_panels + * Remove SSH file paths from remmina file when unchecking box in profile edit + * Solved issue #2910 - Added support for IPv6 with fallback to IPv4 for ssh + * Fix UI bugs in Remmina Preferences set new password + * Fix memory leaks and change GTK critical errors to remmina warnings + for null icon autostart file + * [REM-2926] Added ability to set a fixed aspect ratio for vnc connections + * [REM-2936] Fix crash related to unmap events + * [REM-2938] Improved ordering of tray icon menu items + * Fix memory leaks in remmina_plugin_manager_init with g_free and g_ptr_array_free + * Remote assistance + * Spelling: Various strings for assistance mode + * Fix some compiler warnings + * Ability to SPICE connect to unix domain socket + * update multi monitor icon + * Save toggle options when duplicating connection + * New feature: Allow user to specify use of modifiers when changing key preferences + * [REM-2914] Alert user of unexpected disconnect instead of immediately closing + the connection window + * Fix Remmina not using @REMMINA_BINARY_PATH@ + * Highlight top bar when Grab all keyboard events is enabled + * [REM-2850] Add ability to automatically move mouse to keep RDP connections alive + * Remove unnecessary parameters from remmina_public_get_server_port_wrapper + * Fix freeze that occurs when loading in python modules properly + * [REM-1923] Fix handling of pause break key for RDP connections + * [REM-2971] When quiting Remmina from the system tray the are you sure + prompt now functions properly + +- Update to remmina version 1.4.31: + * [REM-2874] muli password changer search now matches partial + strings !2480 + * Fix segfault in VNC when using domain socket !2481 + * Switched pylist Append to SetItem !2482 + * Template texts updated !2484 + * Add menu option to delete multiple profiles at the same time !2483 + * add 1080p as a default resolution to remmina_pref.c !2486 + * Remove character limit on password length !2489 + * Create better postats.html !2488 + * Redesign santahat.png & add santahat.svg !2492 + * Edit preferences UI !2491 + * Change the icon of the new connection button !2493 + * Modify the checkbox of the appearance-tab !2494 + * Add valign to the switch of the debugging window !2495 + * plugins/rdp: Ensure output redirection configuration applies to + both dynamic and static rdpsnd !2498 + +- Update to remmina version 1.4.30 + * Add text mime type formats to RDP clibpoard !2459 + * Ensure timer is null after destruction !2462 + * Ability to view passwords in the clear using a toggle in the + password field !2460 + * Made icons viewable in lower resulution. !2463 + * Improve mime file !2464 + * [REM-2809] Appearance preferences now refresh in the main window when + the user... !2466 + * This should be a message instead of a info print. + So that the user can see it by default. !2461 + * remmina_rdp_monitor_get(): fix maxw, maxh and monitorids calculation !2467 + * Rem 2864 !2469 + * Fix undefined symbol error when importing gi in a python extension !2470 + * Rem 2864 !2472 + * [REM-1987] allow for dynamic resolution updates for vnc connections !2476 + * Fix overlapping text in preferences menu, terminal tab !2477 + * Allow could not authenticate banner to go away after successful + reauthentication !2478 + * Add environments for easy manual testing !2473 + +- Update to remmina version 1.4.29 + * Hiroyuki Tanaka added to README :) !2451 + * Initial macOS support !2453 + * X2Go error-message consistency !2452 + * Avoid crash when closing, fixes issue #2832 !2454 + * Update Copyright for 2023 !2455 + * Aligning local and downstream jsons !2456 +- Update to remmina version 1.4.28 + * Some minor RDP fixes !2415 + * Mathias Winterhalter's avatar Fix Unix socket support for VNC !2417 + * GVNC: Fixed JPEG quality encoding advertizing !2418 + * Fix missing null checks causing signal 11 !2419 + * Add modified date to SFTP file list !2420 + * Adding Labels/Tags !2421 + * Spelling: Hostname !2422 + * X2Go: Fix annoying default_username bug. !2423 + * plugins/x2go/x2go_plugin.c: Fix tip and comment sentence !2424 + * Remove webkit_settings_set_enable_frame_flattening() for newer WekbKitGTK, fixes #2780 !2425 + * Change password including gateway !2427 + * Improve rcw close !2429 + * Multiple changes to build and run with libsoup 3.0 !2431 + * X2Go: Add ssh_passphrase and ssh_privatekey settings. !2428 + * RDP: Add option to disable output suppression !2432 + * Spelling: "Passphrase" → "password" !2433 + * Fix compile warnings and some spelling corrections !2434 + * [Rem-2782] Display protocol name in tooltip for connections in the ... menu... !2436 + * [Rem-2782] Added protocol icons in drop-down menu !2438 + * Fix widget reparenting when entering/exiting fullscreen !2439 + * Rem 2760 !2440 + * Allow building on a Wayland-only environment - version 4 !2437 + * [Rem-2564] Allow for VNC runtime adjustment of color depth !2442 + * Fix floating toolbar not disappearing when in fullscreen and keyboard grabbed !2441 + * Revert "Merge branch 'Rem-2564' into 'master'" !2443 + * [Rem-2654] Allow for runtime adjustment of colour depth, both increasing and decreasing !2444 + * [Rem-2564] Changed declaration of variables to be compatible with different Ubuntu version !2445 + * [Rem-2682] Added view-only mode for RDP !2447 + * Removing the news widget !2446 + * Updated Flatpak manifest files to match GitHub !2448 + * Add missing include for X11/Wayland conditional !2450 +- Drop libsoup_2_and_3_support.patch because now in upstream. + +- Add libsoup_2_and_3_support.patch: support libsoup 3.0 + (boo#1204492). +- Build against libsoup 3 on Tumbleweed. + +- Set CMAKE_SKIP_RPATH to avoid writing bogus RUNPATH to + binaries and modules +- Spec cleanup + +- Updated to remmina version 1.4.27 + * Fix dangling pointer after scrolled container destruction. + * Strengthen remmina file set string + * Refactoring and minor fixes + * launcher.sh is compatible with xfce4-terminal and gnome-terminal now. + * Fix #2473 - revive rcw_focus_out_event to avoid sticky Alt on Alt-TAB + * New SSH color schemes. + * Some grammar fixes. +- Removed 2734-flatpak-crash.patch + +- Added 2734-flatpak-crash.patch to fix an issue reported on upstream: + [#2580]: "Closing RDP connection quits Remmina without an error message" + +- Do not recommend lang package: the lang package has smarter + supplements in place. + +- Updated to remmina version 1.4.26 +- Major improvements: + * A Python plugin/API (you can write Remmina plugins in Python now!!!) + * X11 Forward for the SSH plugin @marco.fortina + * Kiosk improvements and new command lines options +- Other changes: + * Fix trial for 2577: Closing a VNC connection makes Remmina close all other... + * Handle after-auth connection errors in VNC properly + * Using Remmina from command-line for kiosked servers + * Manual page refactoring fixes #2056 (closed) + * Add mutex to protect RDP clipboard->srv_data. Fixes #2666 (closed) + * Add '--no-tray-icon' command-line option + * Make FreeRDPs TLS Security Level setting accessible in the advanced settings view + * Disable grabs for SSH and SFTP, #closes #2728 (closed) + * Cannot disable shared folder + * Use PyInitializeEx in order to skip signal handler registration + * Ignore add new connection button in kiosk mode + * WWW plugin refactoring + +- Updated to remmina version 1.4.25 + * kiosk: Drop GNOME MediaKeys plugin !2377 + * Honour soft links target in SFTP !2379 + * Optional close confirmation !2380 + * Fix some build warnings !2382 + * Fix manpages !2378 + * Snap cleanup + kwallet support !2381 + * Deprecations and amend g_date_time_format_iso8601 !2383 + * Fixes to snap build !2384 + * Removing dependencies that are available as extensions !2385 + * FreeRDP_OffscreenSupportLevel is of type UINT32 !2386 + * Minor fixes !2387 + * Get the right value for FreeRDP_AutoReconnectMaxRetries !2388 + +- Updated to remmina version 1.4.24 + * Contribution section added to issue template + * Language of VNC encoding cleaned up + * Remmina Hardening and Compliance + * Remmina_preferences language reworked + * Thanks 2021 + * Resolve "Follow-up from "Remmina_preferences language reworked"" + * Encryption level language reworked + * Issue 2122 : Confirm on close of window + * Adding flush and cairo clean up + +- Updated to remmina version 1.4.23 + * Patch for a Remmina segfault and stats code cleaning !2358 + * Make Appindicator optional !2359 + * Added check-box to force tight encoding for VNC connections !2360 + * remote resolution: use multiple of four !2353 + * Add Keyboard mapping per client RDP !2361 + * Improve TLS error message, fixes #2364 (closed) !2362 + * Triage policy language reworked !2363 + +- Updated to remmina version 1.4.22 + * Fix crash if main window is closed #1692 (closed) !2330 + * Main window position reset after opening a connection (issue 2587) !2331 + * File Interface refactoring !2332 + * CMake refactoring and build time warnings !2333 + * Add Croatian language to desktop shortcuts and infos !2334 + * Appdata corrections and renewal !2336 + * Fixes for freerdp3 compatibility. !2337 + * X2Go: Rewrite dialog-system; Ask users which session to resume... !2328 + * int main(): print instructions how to enable a more verbose output of remmina !2338 + * Mitigations for #2635 (closed) (default printer) with freerdp < 3 !2343 + * X2Go: Add a session-terminate button into the session resuming selection menu !2339 + * Properly warn users when using a plugin which requires GtkSocket !2340 + * x2go_plugin.c: Make changes to source strings for translations. !2344 + * Fix ubuntu-impish-amd64 build errors. !2345 + * Hopefully fix Ubuntu Impish Build !2347 + * Fix string format !2348 + * 2634-ssh-opening-command !2342 + * New debug strings reworked !2341 + * Deduplicated "Started PyHoca" string !2346 + * Removing the Remmina stats sender and repurposing Remmina stats !2350 + * X2Go: Major rewrite of session-terminating system. !2349 + * Message about debugging info reworked !2351 + * Strings in rcw.c reworked !2352 + * VNC custom encodings to avoid corrupted frames. !2354 + * X2Go format string bugs !2355 + +- Updated to remmina version 1.4.21 + * Nullify host if qucikconnect isn't a valid address + * rdp_plugin.c: Fix dereferencing of NULL variable when profile name is empty + * Resolve label spacing in preferences window + * GNOME 40 runtime and other updates + * Add support for ESX web console login + * Added RDP general option to remap scancodes + * Back compatibility with WebKit < 2.32.0 + * Make screenshot file names iso8601 compliant + * Typo in bug-report template + * Typo in merge-request template + * Implementing restricted-mode and password hash + * Unitialized var by @qarmin (Rafał Mikrut ). Closes #2594 + * Add integer-only input field for plugin settings in Remmina Editor + * Adding VNCI Listen port field tooltip + * Fix the translation problem of "tooltip" in ssh window + * Rework x2go_plugin.c to comply with remmina coding style. + * Add validation system for Remmina Editor + * Small changes to README, AUTHORS and error message adjusting in remmina_file_editor.c + * remmina_file_editor.c: Readd by mistake removed '!' + * Mitigation for #1951 and extra RDP clibpoard debug messages + * Rollback Let's Encrypt SSL workaround + * Add RDP clipboard support for Microsoft HTML Clipboard Format + * Building FreeRDP with icu support + * Resource renaming to comply with the Freedesktop rules +- Package all icons in the main package +- The new x2go packages are not yet packaged, as x2go is not available in the + openSUSE distributions + +- the following plug-ins are no longer generated: + * remmina-plugin-xdmcp + * remmina-plugin-nx + * remmina-plugin-st +- Removed obsolete mark-appindicator-as-required.patch +- Update ro remmina 1.4.20 + * Mark appindicator as required !2290 + * Disabling XDMCP, NX, and ST !2291 + * Remove plugins/st,xdmcp,nx for submodule replacement !2292 + * SSH tunnel MFA !2293 + * Adding connection profiles menu into the toolbar !2295 + * Resolve "Preferences buttons not working since v1.4.19" !2296 + * Some X11 related functions cleanup + +- App-Indicator is now required +- Added upstream mark-appindicator-as-required.patch to see better error messages + when appindicator is not around +- Update to 1.4.19 + * Fix Freerdp Git Revision !2277 + * UI improvements and cleanup !2278 + * Desktop integration for the Remmina SNAP !2279 + * Add process-control to the remmina snap !2276 + * Adding SSH_AGENT support to the snap package !2280 + * Adding option to disable smooth scrolling !2281 + * Scrolled Viewport: use viewport_motion_handler as the only timeout indicator !2282 + * Adding TCP redirection through rdp2tcp !2283 + * Added setting for RDP number of reconnect attempts !2284 + * Add RDP reconnect interrupt on window close, fix crash introduced with 7c13b918. + Should fix #2079 (closed) !2286 + * Removing GtkStatusIcon as deprecated !2285 + * Adding advanced option to share multiple folders !2287 + * Profile list grabs the focus when search is hidden !2288 + +- Update to 1.4.18 + * Try more shells as launcher if default isn't found !2269 + * Minor fixes for v1.4.17 !2270 + * SSH session improvements !2271 + * Fixes - Auto-start file created on tray icon disabled !2272 + * RDP: Remove older usage of ClientHostname + * Fix libfreerdp version check + * Explicitly set user resolution to a multiple of 4 + * Code refactoring - ASAN exceptions !2274 +- Fixed remmina-plugin-nx dependencies + +- Update to 1.4.17 + * Fix build with musl libc + * Fix typos + * Improving CI cache + * Fix System Tray Icon Broken/Missing + * VNC quality deafults now to good + * Flatpak refactoring + * Adding Gateway websocket support + * Revert "Linking snap and flatpak to FreeRDP 2.3.1" + * Set FreeRDP config path to Remmina profiles path +- Fixed build-logic for NX, enable per default +- Enable kwallet and appindicator non SLE distributions + +- Rename internal bcond from nx to remmina_nx +- Use cmake_build +- Use bcond for kwallet, which defaults to enabled +- Use bcond for appindicator, which defaults to disabled + GtkStatusIcon works everywhere, while Appindicator works just in KDE + +- Update to 1.4.16 + * Fix Data PATH for the FreeRDP files + +- Update to 1.4.15 + * Fixing SSH plugin colour palette initialization. !2255 + +- Update to 1.4.14 + * NEW: Experimental VNC plugin using GTK-VNC + * VNC - Ignore remote Bell option and other fixes !2237 + * Fixing color palette size for themed SSH !2253 + * Bump FreeRDP version to 2.3.2 !2226 + * Fixes search bar shortcuts wrong bahavior + * Honour theme settings when run from command line + * FTP UI improvements + * Config SSH tunnel username takes precedence. + * Allow groups to be expanded and collapsed by using the keyboard + * Fixing VNC repeater logic. + * Send text clipboard content as keystrokes + * scrolled viewport: explicitly recheck whether the timeout is active + * Resolve Host+Page_Down triggers search text in SSH + * UNIX sockets initial support + * Fixed wrong freerdp_settings function use + * Fixing RemminaConnectionWindow map/unmap events + * Spelling: Comma-separated, List monitor IDs + * Set Remmina specific FreeRDP config data folder + * Optional port connection instead of server + * Resolve "Use LZO compression for Snap to improve startup speed" + * Make wayland not mandatory during compile time + * Do not use alpha as it is not used for the Desktop + * Refactoring: Deprecations and warnings + * Removing unneeded widgets in the headerbar + +- Update to 1.4.13 + * Use freerdp_settings_get|set API + * rdp: Allow autoreconnect for ERRINFO_GRAPHICS_SUBSYSTEM_FAILED + * Disable cert file auth when libssh < 0.9.0 + * Removing redundant subtitle + * Removing redundant ssh_userauth_none + * Fix build issues on openSUSE +- Drop upstream_build_fixes.patch + +- Update to release 1.4.12 + * New features: + - Multi-monitor support !2184 (merged) @antenore + - Adding SSH certificate authentication !2208 (merged) @antenore + * Improvements + - Improved spelling, fixed typos + - Some refactoring and fixes for 1.4.11 !2198 (merged) @antenore + - Revert "rdp/event: Fix wheel value for GDK_SCROLL_DOWN events" + !2199 (merged) @pnowack + - Resolve "Left-handed mouse support" !2200 (merged) @antenore + - Rafactoring: GResource based UI elements !2201 (merged) @antenore + - Refactoring SSH themes !2205 (merged) @antenore + - Removing legacy audio settings !2207 (merged) @antenore + - Refactoring SSH tunnel authentication. #2414 (closed) !2211 (merged) @antenore + - Improve pre-connection FreeRDP channel initializations !2212 (merged) @antenore + * Fixes + - Invalid connection option ":port" removed !2193 (merged) @kingu + - Add ifdefs for SPICE version less then 0.38 + (fix #2408 (closed)) !2195 (merged) @hadogenes + - Fix for #2408 (closed) building with older SPICE libraries + !2194 (merged) @jweberhofer + - Ignoring GLib functions if on versions older than 2.56 !2196 (merged) @antenore + - Fixing compiler errors related to Python plugin support on master + !2178 (merged) @ToolsDevler + - Fixes for multi-monitor and Weblate !2202 (merged) @antenore + - Fixing memory leaks and minor bugs !2206 (merged) @antenore +- Added upstream_build_fixes.patch to fix several build issues on wayland +- Removed patches fix_upstream_2196_older_glib_issue.patch + and fix_upstream_2195_spice_plugin.patch + +- Added fix_upstream_2196_older_glib_issue.patch to allow building with + older glib versions + +- Added fix_upstream_2195_spice_plugin.patch to allow building on older + opensuse versions + +- Update to release 1.4.11 + * New features: + - Implementing simple SSH multi factor authentication. + !2162 (merged) @antenore + - Implementing dynamic resolution in SPICE plugin + !2150 (merged) @hadogenes + - Disabling Python support by default !2158 (merged) @antenore + - Add capability to load Python plugins (not finished). + !2157 (merged) @ToolsDevler + * Improvements + - Suppress Output PDU when the RDP window is not visible + !2159 (merged) @antenore + - Several improvements on spelling + - Command line help improvements !2185 (merged) @antenore + - Improving error detection !2181 (merged) @antenore + - Using curly double quotes where possible !2182 (merged) @antenore + - Refactoring the RCW toolbar to use the right tool items types + !2188 (merged) @antenore + * Fixes + - rdp/cliprdr: Fix header of FormatList message !2147 (merged) @pnowack + - rdp/event: Fix wheel value for GDK_SCROLL_DOWN events !2149 (merged) @pnowack + - Resolve "Remmina does not handle file:///some/path/to/file.rdp syntax" + !2152 (merged) @antenore + - Resolve "SSH tunneling, honoring ssh_config (User, HostKeyAlias, + ProxyJump, HostKeyAlgorithms, IdentitiesOnly, etc.)" + !2154 (merged) @antenore + - Resolve "While in the main window, bind F10 keyboard shortcut to + toggling the main menubutton" !2156 (merged) @antenore + - Refactoring SSH plugin !2160 (merged) @antenore + - Remove extra parenthesis !2164 (merged) @yurchor + - Spice option to choose Prefered Video Codec and Image Compressor + !2165 (merged) @hadogenes + - Correct iterating lines in string - address sanitizer fix #2390 (closed) + !2174 (merged) @hadogenes + - Correct freeing memory in spice !2175 (merged) @hadogenes + - Issue/2391 randomness !2176 (merged) @antenore + - Resolve "Missing keyboard shortcuts to toggle search (Ctrl+F, Escape), + and closing the search doesn't clear the search" !2179 (merged) @antenore + - Resolve "Always false contition in remmina_ssh.c" !2180 (merged) @antenore + - Fix minor typo !2186 (merged) @yurchor + - Resolve "Remmina Crashes when opening the preferences with the accelerator" + !2189 (merged) @antenore + - Fixing #2401 (closed) - crash when using ctrl+p !2190 (merged) @antenore + +- Update to release 1.4.10 + * Resolve "RDP Black Screen on connection" !2123 @antenore + * Correctly importing and exporting audiocapturemode, closes #2349 !2124 @antenore + * [RFC] rdp: add Use base credential for RD gateway authentication !2125 @Fantu + * Resolve "Auto accept changes to fingerprints and auto accept certificates" !2126 @antenore + * "Fingerprinters" corrected to "fingerprints". !2127 @kingu + * Implementing network type option !2128 @antenore + * Improving the terminal colour file picker !2129 @antenore + * Resolve "[RDP] Since v1.4.9 Audio is no longer working" !2130 @antenore + * New connection strings corrected !2131 @kingu + * Correct location of Terminal colour scheme setting !2132 @kingu + * Fixing pulseaudio LD_LIBRARY_PATH and staging PA libraries !2136 @antenore + * [RFC][v2] RDP: Add Use base credential for RD gateway authentication !2135 @Fantu + * fix incorrect name date log sessions ssh !2137 @acendrou + * Resolve "Strange padding in main window" !2138 @antenore + * Remove legacy rfx code !2139 @antenore + * Resolve "RDP export features does not properly include gatewayhostname" !2140 @antenore + * RDP log filters keep previous value across connections !2143 @antenore + * [RFC][v2] RDP: Add Use base credential for RD gateway authentication !2135 @Fantu + * Emit warning if libkf5wallet missing but required by -DWITH_KF5WALLET=ON !2144 @giox069 + * Do not activate performance optimisations based on network type unless explicitly requested. !2145 @antenore + +- Update to release 1.4.9 + * Updated color schemes from iTerm2-Color-Schemes + * Use previously defined DATADIR to install Kiosk files + * RDP and VNC: Fix smooth scrolling when abs(delta) < 1.0, see issue #2273 + * Alexander Kapshuna added to remmina_about.glade + * remmina_main_quickconnect: recognize ip when textbox has ip:port in it, + and strip whitespaces + * Implementing text search in the SSH plugin + * Spelling: Plugin manager language reworked + * Save screenshot_name and use correct seconds format + * Resolve "Autostart checkbox setting not saved" + * rdp: document freerdp Performance Flags setted by quality setting + * Resolve "Terminal general preferences are not saved" + * Resolve "Typo in FindFREERDP3.cmake" + * rdp: add freerdp log filters setting + * Resolve "Extra underline character in "_Preferences" tooptip text" +- Requires pcre2-devel +