- Update to 3.11.9:
  * Security
  * gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
    (CVE-2023-52425,  bsc#1219559) by adding five new methods:
    xml.etree.ElementTree.XMLParser.flush()
    xml.etree.ElementTree.XMLPullParser.flush()
    xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
    xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
    xml.sax.expatreader.ExpatParser.flush()
  * gh-115399: Update bundled libexpat to 2.6.0
  * gh-115243: Fix possible crashes in collections.deque.index()
    when the deque is concurrently modified.
  * gh-114572: ssl.SSLContext.cert_store_stats() and
    ssl.SSLContext.get_ca_certs() now correctly lock access to the
    certificate store, when the ssl.SSLContext is shared across
    multiple threads.
  * Core and Builtins
  * gh-116296: Fix possible refleak in object.__reduce__() internal
    error handling.
  * gh-116034: Fix location of the error on a failed assertion.
  * gh-115823: Properly calculate error ranges in the parser when
    raising SyntaxError exceptions caused by invalid byte sequences.
    Patch by Pablo Galindo
  * gh-112087: For an empty reverse iterator for list will be
    reduced to reversed(). Patch by Donghee Na.
  * gh-115011: Setters for members with an unsigned integer type now
    support the same range of valid values for objects that has a
    __index__() method as for int.
  * gh-96497: Fix incorrect resolution of mangled class variables
    used in assignment expressions in comprehensions.

• Files Changed
• Browse Source

- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
  patched libexpat below 2.6.0 that doesn't update the version number
  (gh#python/cpython#117187)
  * CVE-2023-52425-libexpat-2.6.0-backport.patch

• Files Changed
• Browse Source

  * python.keyring

• Files Changed
• Browse Source

- Update 3.10.14:
  * gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0
    to address CVE-2023-52425, and control of the new reparse
    deferral functionality was exposed with new APIs
    (bsc#1219559).
  * gh-109858: zipfile is now protected from the “quoted-overlap”
    zipbomb to address CVE-2024-0450. It now raises BadZipFile
    when attempting to read an entry that overlaps with another
    entry or central directory. (bsc#1221854)
  * gh-91133: tempfile.TemporaryDirectory cleanup no longer
    dereferences symlinks when working around file system
    permission errors to address CVE-2023-6597 (bsc#1219666)
  * gh-115197: urllib.request no longer resolves the hostname
    before checking it against the system’s proxy bypass list on
    macOS and Windows
  * gh-81194: a crash in socket.if_indextoname() with a specific
    value (UINT_MAX) was fixed. Relatedly, an integer overflow in
    socket.if_indextoname() on 64-bit non-Windows platforms was
    fixed
  * gh-113659: .pth files with names starting with a dot or
    containing the hidden file attribute are now skipped
  * gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer
    read out of bounds
  * gh-114572: ssl.SSLContext.cert_store_stats() and
    ssl.SSLContext.get_ca_certs() now correctly lock access to
    the certificate store, when the ssl.SSLContext is shared
    across multiple threads
- Add old-libexpat.patch making the test suite work with
  libexpat < 2.6.0 (gh#python/cpython#117187).
- Refreshing the patches to adjust for newer version.

• Files Changed
• Browse Source

- Disable NIS for new products, it's deprecated and gets removed

• Files Changed
• Browse Source

- Explicitly add libexpat1 as dependency when building DEB package

• Files Changed
• Browse Source

    CVE-2007-4559, bsc#1203750) (PEP 706).
  * subprocess-raise-timeout.patch

• Files Changed
• Browse Source

- Adjusted the patch removing strict requirement for OpenSSL 1.1.1
  Required to revert the changes causing build fails with
  OpenSSL < 1.1.0 by https://github.com/python/cpython/pull/96932
- Modified:
  * no-strict-openssl111-dep.patch

• Files Changed
• Browse Source

osc copypac from project:systemsmanagement:saltstack:bundle:testing package:saltbundlepy revision:7

• Files Changed
• Browse Source

- Revert https://github.com/python/cpython/pull/96932 for OpenSSL < 1.1 
- Modified:
  * no-strict-openssl111-dep.patch

• Files Changed
• Browse Source

osc copypac from project:systemsmanagement:saltstack:bundle:next package:saltbundlepy revision:11

• Files Changed
• Browse Source

- Include dependency on libffi for Debian 12

• Files Changed
• Browse Source

- Adjust custom patches after latest upgrade to fix building issues
- Modified:
  * skip-test_pyobject_freed_is_freed.patch
  * call-startup-script-always.patch
  * no-strict-openssl111-dep.patch

- Fix build on openEuler 22.03. 

- Add invalid-json.patch fixing invalid JSON in
  Doc/howto/logging-cookbook.rst (somehow similar to
  gh#python/cpython#102582).

- Update to 3.10.10:
  Bug fixes and regressions handling, no change of behaviour and
  no security bugs fixed.
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters

- Add provides for readline and sqlite3 to the main Python
  package.

- Disable NIS for new products, it's deprecated and gets removed

- Update to 3.10.9:
  - python -m http.server no longer allows terminal
    control characters sent within a garbage request to be
    printed to the stderr server lo This is done by changing
    the http.server BaseHTTPRequestHandler .log_message method
    to replace control characters with a \xHH hex escape before

• Files Changed
• Browse Source

- Add missing file reference related to the changelog entry:
  improve import_failed hook to do the right thing when invoking
  missing modules with "python3 -m modulename" (boo#942751)
- Add missing file reference for rpmlintrc with the rule preventing
  fail on changing the subpackage which is not following naming rule
  as we need to avoid conflicts with the existing package
- Added:
  * import_failed.py
  * saltbundlepy-rpmlintrc

• Files Changed
• Browse Source

- Update to 3.10.5:
  - Core and Builtins
    - gh-93418: Fixed an assert where an f-string has an equal
      sign ‘=’ following an expression, but there’s no trailing
      brace. For example, f”{i=”.
    - gh-91924: Fix __ltrace__ debug feature if the stdout
      encoding is not UTF-8. Patch by Victor Stinner.
    - gh-93061: Backward jumps after async for loops are no
      longer given dubious line numbers.
    - gh-93065: Fix contextvars HAMT implementation to handle
      iteration over deep trees.
    - The bug was discovered and fixed by Eli Libman. See
      MagicStack/immutables#84 for more details.
    - gh-92311: Fixed a bug where setting frame.f_lineno to jump
      over a list comprehension could misbehave or crash.
    - gh-92112: Fix crash triggered by an evil custom mro() on
      a metaclass.
    - gh-92036: Fix a crash in subinterpreters related to the
      garbage collector. When a subinterpreter is deleted,
      untrack all objects tracked by its GC. To prevent a crash
      in deallocator functions expecting objects to be tracked by
      the GC, leak a strong reference to these objects on
      purpose, so they are never deleted and their deallocator
      functions are not called. Patch by Victor Stinner.
    - gh-91421: Fix a potential integer overflow in
      _Py_DecodeUTF8Ex.
    - bpo-47212: Raise IndentationError instead of SyntaxError
      for a bare except with no following indent. Improve
      SyntaxError locations for an un-parenthesized generator
      used as arguments. Patch by Matthieu Dartiailh.

• Files Changed
• Browse Source

osc copypac from project:systemsmanagement:saltstack:bundle:next package:saltbundlepy revision:5

• Files Changed
• Browse Source

osc copypac from project:systemsmanagement:saltstack:bundle package:saltbundlepy revision:16

• Browse Source