pypy3 (7.3.11+dfsg-2+deb12u3) bookworm; urgency=medium * Security patches to the standard library: - CVE-2023-27043: Parse email addresses with special characters, correctly. - CVE-2024-9287: Quote path names in venv activation scripts. - CVE-2024-4032: Fix private IP address ranges. - CVE-2024-6232: Fix ReDoS when parsing tarfile headers. - CVE-2024-8088: Avoid infinite loop in zip file parsing. - CVE-2024-6923: Encode newlines in headers in the email module. - CVE-2024-7592: Quadratic complexity parsing cookies with backslashes. - CVE-2024-11168: Ensure addresses in brackets are valid IPv6 addresses. * Clean the python 2.7 source tree. * Clean cffi modules C source, lex and yacc tabs. -- Stefano Rivera Mon, 23 Dec 2024 16:22:45 -0400 pypy3 (7.3.11+dfsg-2+deb12u2) bookworm; urgency=medium * Security patches to the standard library: - Apply cPython upstream security fix for CVE-2023-24329: Strip C0 control and space characters in urlsplit. - Apply cPython upstream security fix for CVE-2023-40217: Avoid bypass TLS of handshake protections on closed sockets. - Apply cPython upstream security fix for CVE-2023-6597: tempfile.TemporaryDirectory: fix symlink bug in cleanup. - Apply cPython upstream security fix for CVE-2024-0450: Protect zipfile from "quoted-overlap" zipbomb. -- Stefano Rivera Wed, 01 May 2024 20:39:38 -0400 pypy3 (7.3.11+dfsg-2+deb12u1) bookworm; urgency=medium * Avoid an rpython assertion error in the JIT if integer ranges don't overlap in a loop. (Closes: #1062460) -- Stefano Rivera Thu, 01 Feb 2024 20:41:13 -0400 pypy3 (7.3.11+dfsg-2) unstable; urgency=medium * Mark pypy3 as being EXTERNALLY-MANAGED. - Add a NEWS entry explaining this. -- Stefano Rivera Mon, 06 Feb 2023 10:12:43 -0400 pypy3 (7.3.11+dfsg-1) unstable; urgency=medium * New upstream release. * Refresh patches. -- Stefano Rivera Fri, 30 Dec 2022 09:29:42 -0400 pypy3 (7.3.10+dfsg-1) unstable; urgency=medium * New upstream release. * Drop patch fpic-archs, superseded upstream (--shared by default). -- Stefano Rivera Tue, 06 Dec 2022 15:59:19 -0400 pypy3 (7.3.10~rc3+dfsg-2) experimental; urgency=medium * Fix the arch-indep build, if we want to avoid a full build we can only ship static headers in the arch-indep -dev package. -- Stefano Rivera Fri, 25 Nov 2022 18:38:20 +0200 pypy3 (7.3.10~rc3+dfsg-1) experimental; urgency=medium * Upload to experimental. * New upstream release. - Switch to the 3.9 branch, now that it's out of beta. * Refresh patches. * Update copyright. * Bump dpkg-dev build-dep to 1.20.1, which provides buildopts.mk. * The upstream buildsystem produces pypy3.9-c, adapt to that. * Change the way we split out arch-dependent headers. Upstream now generates more headers. * Correct the installed paths of pypy3-lib-testsuite, broken since 7.3.8+dfsg-1. -- Stefano Rivera Fri, 25 Nov 2022 10:44:29 +0200 pypy3 (7.3.9+dfsg-5) unstable; urgency=medium * autopkgtests: Check PEP-660 editable installs, and PEP-517-driven installs. * Patch: Resolve CVE-2022-37454, a buffer overflow in SHA-3 (Keccak) (LP: #1995197) -- Stefano Rivera Sun, 30 Oct 2022 10:55:02 +0200 pypy3 (7.3.9+dfsg-4) unstable; urgency=medium * Upload to unstable. -- Stefano Rivera Tue, 09 Aug 2022 14:12:13 +0200 pypy3 (7.3.9+dfsg-3) experimental; urgency=medium * Don't assume we're building with pypy, when "pypy" appears in the path of the python interpreter, fixes FTBFS on 32bit archs. * Build cPython 2.7 with --with-system-expat and --with-system-ffi, fixing FTBFS on mips64el. -- Stefano Rivera Mon, 08 Aug 2022 16:28:35 +0200 pypy3 (7.3.9+dfsg-2) experimental; urgency=medium * Upload to experimental. * Add python2.7 source as the cpython27 component to the source package. * Build cPython 2.7 from source, to build PyPy3 with (Closes: #937510) - Document cPython2.7 source in debian/copyright. * Bump debhelper-compat to 11, we can't backport to Ubuntu <=16.04, any more, for other reasons so this is a reasonable floor. * Port debian/scripts/*.py to Python 3. * Bump Standards-Version to 4.6.1, no changes needed. -- Stefano Rivera Sat, 06 Aug 2022 20:02:17 +0200 pypy3 (7.3.9+dfsg-1) unstable; urgency=medium * New upstream release. * Refresh patches. * Synchronise module-install-* autopkgtests with python3 3.10.2-7: - Test install destination. - Test setuptools develop installations. - Test installation via pip (in virtualenvs, we don't have a pypy-pip package). * Correct a typo in the deb_system sysconfig layout. * Patch: Fix editable installs with setuptools < 60.0.1. * Add missing /local/ to data path in sysconfig posix_local scheme. * Improve support for setuptools > 60's bundled distutils in _distutils_system_mod, supporting a wider range of versions and more reliably selecting the posix_local scheme. * Use the same is_virtual_environment() proposed in PEP 668 across the site, sysconfig, and distutils modules. Stop checking for PYTHONUSERBASE or VIRTUAL_ENV environment variables. * Change the "include" and "platinclude" paths in the "posix_local" scheme to refer to the location of Python's headers, not the install location for modules' C headers. * Avoid infinite recursion in _distutils_system_mod when SETUPTOOLS_USE_DISTUTILS=local. * Avoid crashing in `_distutils_system_mod` if we find an older version of distutils (from before `_distutils_system_mod` was implemented). -- Stefano Rivera Thu, 31 Mar 2022 21:37:48 -0400 pypy3 (7.3.8+dfsg-2) unstable; urgency=medium * Correct the license for osx-roots.diff. * Build-Depend on valgrind-if-available, instead of a hardcoded arch list. * Update distutils-install-layout to provide a _distutils_system_mod module, as used by modern setuptools. * Fix --system-site-packages venvs, they weren't functioning due to a logic bug in the distutils-install-layout patch. * Add an autopkgtest to check sys.path setup. * Exclude /usr/lib/pypy3.8/site-packages/ from pypy3-lib, it's not used. * Declare Breaks python3-virtualenv (<< 20.13.0+ds-2~), as older versions won't create isolated virtualenvs for pypy3.8. -- Stefano Rivera Fri, 04 Mar 2022 21:31:54 -0400 pypy3 (7.3.8+dfsg-1) unstable; urgency=medium * New upstream release. - Upload to unstable. * Refresh patches. * Drop RC2 patch, superseded by final release. * Update copyright. -- Stefano Rivera Sun, 20 Feb 2022 14:19:13 -0400 pypy3 (7.3.8~rc1+dfsg-2) experimental; urgency=medium * Patch: Update to RC2 * Drop patches cffi-bundled-pycparser and doc-version, superseded upstream. * Update copyright. -- Stefano Rivera Fri, 11 Feb 2022 10:14:40 -0400 pypy3 (7.3.8~rc1+dfsg-1) experimental; urgency=medium * New upstream RC. - Targeting Python 3.8 compatibility. - Upload to experimental. * Refresh patches. * The package layout is updated to use the posix_* schemes, now that this is supported upstream. * Drop patches multiarch-tag, openssl-3.0.0, and platform-lsbrelease: superseded upstream. * PyPy.h was dropped upstream, cffi should be used for embedding PyPy. * Patch cffi-bundled-pycparser: Fix a cffi regression. -- Stefano Rivera Sun, 30 Jan 2022 17:55:33 -0400 pypy3 (7.3.7+dfsg-5) unstable; urgency=medium * Re-instate pypy3-lib.prerm, duplicating the pypy3clean from pypy3.prerm to clean up pypy3-lib .pyc files before upgrading it. (See: #1004369) - Add some one-off cleanup for 7.3.7+dfsg-4. * Exclude make_ssl_data.py from pypy3-lib, this a developer tool. -- Stefano Rivera Thu, 27 Jan 2022 07:43:51 -0400 pypy3 (7.3.7+dfsg-4) unstable; urgency=medium * Patch: OpenSSL 3.0.0 support. -- Stefano Rivera Tue, 18 Jan 2022 17:05:06 -0400 pypy3 (7.3.7+dfsg-3) unstable; urgency=medium * Handle multiple wheels for the same package in python-pip-whl. * Mark module-install-venv and module-install-virtualenv autopkgtests as allow-stderr, too. Virtualenvs now get a newer setuptools. * Migrate to individual wheel packages. Add a new binary package, pypy3-venv to depend on the wheel packages. (Closes: #1003573) -- Stefano Rivera Thu, 13 Jan 2022 19:05:35 -0400 pypy3 (7.3.7+dfsg-2) unstable; urgency=medium * Mark autopkgtests that call setup.py as allow-stderr. setuptools now emits a warning. (Closes: #1001721) -- Stefano Rivera Sat, 25 Dec 2021 11:45:03 -0400 pypy3 (7.3.7+dfsg-1) unstable; urgency=medium * New upstream release, reverting accidental ABI change in 7.3.6. * Refresh patches. * ensurepip-wheels patch: Don't crash on an assertion in version() while building the argparse parser if python-pip-whl isn't installed, rather return None. (Closes: #996822) * ensurepip-disabled patch: Refer to python3-pip not python-pip. * Patch doc-version: Set upstream version to 7.3.7, in the docs. -- Stefano Rivera Mon, 25 Oct 2021 18:49:41 -0700 pypy3 (7.3.6+dfsg-1) unstable; urgency=medium * New upstream release. * Upload to unstable. * Drop patches multiarch, multiarch-from-env superseded upstream. * Patch: Use the multiarch tuple in the import .so name, rather than incomplete heuristics. Fixes FTBFS on hppa. -- Stefano Rivera Sun, 17 Oct 2021 11:33:01 -0700 pypy3 (7.3.6~rc2+dfsg-2) experimental; urgency=medium * Patch: determine the multiarch tuple from $DEB_HOST_MULTIARCH at build time, fixing FTBFS on non-JIT architectures. -- Stefano Rivera Thu, 07 Oct 2021 17:41:06 -0700 pypy3 (7.3.6~rc2+dfsg-1) experimental; urgency=medium * New upstream RC. * Refresh patches. * Drop most of patch multiarch, superseded upstream. All that remains is a MULTIARCH sysconfig variable. * Update copyright. * Bump Standards-Version to 4.6.0, no changes needed. * Handle RCs correctly in get-packaged-orig-source. -- Stefano Rivera Wed, 06 Oct 2021 21:29:46 -0700 pypy3 (7.3.5+dfsg-2) unstable; urgency=medium * Upload to unstable. -- Stefano Rivera Thu, 03 Jun 2021 15:59:21 -0400 pypy3 (7.3.5+dfsg-1) experimental; urgency=medium * New upstream point release. * Refresh patches. * Drop patches cve-2021-3426 and ftplib-restrict-pasv, superseded upstream. * Drop Pre-Depends dpkg (>= 1.15.6~). xz is always supported, these days. * Move more translation logic into debian/scripts/translate.sh * Use the bundled pycparser for translation, so that Debian can drop the python-pycparser binary package. -- Stefano Rivera Sun, 23 May 2021 08:05:03 -0400 pypy3 (7.3.4+dfsg-2) experimental; urgency=medium * Move pypy3 dependencies to Pre-Depends, as the pypy3 binary is used in package maintainer scripts. (Closes: #987908) * Remove pydoc getfile feature. (CVE-2021-3426) * security: Restrict ftplib PASV hosts (no CVE assigned). -- Stefano Rivera Sun, 02 May 2021 12:32:41 -0400 pypy3 (7.3.4+dfsg-1) experimental; urgency=medium * New upstream release (identical to RC2). -- Stefano Rivera Mon, 12 Apr 2021 17:05:09 -0400 pypy3 (7.3.4~rc2+dfsg-1) experimental; urgency=medium * New upstream RC. * Refresh patches. * Drop patch no-sphinx-affiliates, superseded upstream. * Update copyright. -- Stefano Rivera Mon, 05 Apr 2021 14:08:41 -0700 pypy3 (7.3.4~rc1+dfsg-1) experimental; urgency=medium * New upstream RC. - Upload to experimental. - Targeting Python 3.7 compatibility. * Refresh patches. * Drop patches, superseded upstream: core-type-annotation-scoping, core-utf8-errors-ignore, cve-2021-23336, fcntl-segfault, and fix-_crypt-imports. * Replace deprecated imp.get_tag() in the byte-compilation autopkgtest. * Update copyright. * Bump Standards-Version to 4.5.1, no changes needed. * Bump watch file version to 4. -- Stefano Rivera Sat, 27 Mar 2021 08:32:38 -0700 pypy3 (7.3.3+dfsg-3) unstable; urgency=medium * Patch: CVE-2021-23336: Only use '&' as a query string separator. -- Stefano Rivera Thu, 25 Feb 2021 10:55:51 -0800 pypy3 (7.3.3+dfsg-2) unstable; urgency=medium [ Stefano Rivera ] * Drop patch s390x-z10, not needed since 7.3.1 dropped the assert we were protecting ourselves from. * Update s390x model target: z196 on Debian, zEC12 on Ubuntu < focal, z13 on Ubuntu >= focal. * Patch: Fix _crypt module's imports. * Patch: Fix utf-8 decode with errors=ignore. * Patch: Fix type annotation scoping bug. * Patch: Fix segfault in fcntl. [ Debian Janitor ] * Apply multi-arch hints. + pypy3-doc: Add Multi-Arch: foreign. -- Stefano Rivera Sat, 19 Dec 2020 12:26:35 -0800 pypy3 (7.3.3+dfsg-1) unstable; urgency=medium * New upstream release. * Upload to unstable. -- Stefano Rivera Sat, 21 Nov 2020 10:46:01 -0800 pypy3 (7.3.3~rc1+dfsg-1) experimental; urgency=medium * New upstream RC release. - Upload to experimental. * Refresh patches. * Update copyright. * Drop patch ppc64-jit-regression, superseded upstream. * Drop patch xdg-gvfs-open. Superseded upstream in 2.3 :P * Drop patch test_termios. No longer needed. * Carry over bdist-wininst-notfound from Debian's python3.8 package. * Update Homepage. * Add UpstreamMetadata. * Point watch URL at downloads.python.org, bitbucket is no longer used. * Fix some warnings in our fibc test package. -- Stefano Rivera Thu, 12 Nov 2020 16:28:10 -0800 pypy3 (7.3.2+dfsg-2) unstable; urgency=medium * Patch: Fix JIT breakage on ppc64. -- Stefano Rivera Sat, 26 Sep 2020 15:27:37 -0700 pypy3 (7.3.2+dfsg-1) unstable; urgency=medium * New upstream release. * Refresh patches. * Drop patches pip-10 and sqlite3-isolation-regression, superseded upstream. * Patch: Disable sphinx-affiliates search, not yet available in Debian. * Add support for -V to pypy3compile. Given we support BCEP, it makes sense, and will reduce package install noise. * Update copyright. * Use upstream's tool to build cffi modules, directly. It is useable stand-alone, these days, and catches failures. * Reorganize patches and prefix their commit messages with a category. * Patch: Ignore InvalidTerminal exception in test_readline under TERM=dumb. * Patch: Handle InvalidTerminal in rlcompleter. * Patch: Ignore fcntl test lease failures known to occur on tmpfs on older kernels (e.g. current buildds). * Strip rpython/rlib/test/loadtest/loadtest*.dll from the source package. * Run pypyjit tests under python 2. * Tweak distutils-install-layout patch to avoid duplicate sys.path entries when not in the installed layout. * Fix ensurepip._uninstall, broken in our ensurepip-wheels patch. * Build-Depend on python-pip-whl, used by test_venv. * Disable zip_safe in our autopkgtest test packages with C extensions. setuptools 47.3.2 broke C extension imports from eggs. * Patch: Use the python2 binary to run the internal test suite. Debian doesn't have a python binary any more. -- Stefano Rivera Fri, 25 Sep 2020 20:29:03 -0700 pypy3 (7.3.1+dfsg-4) unstable; urgency=medium * Revert change to pypy3clean in 7.3.1+dfsg-2, that broke package removal. Build knowledge of cPython compatibility into pypy3clean, to determine pyc filenames. -- Stefano Rivera Tue, 21 Apr 2020 21:49:20 -0700 pypy3 (7.3.1+dfsg-3) unstable; urgency=medium * Fix sqlite3 cffi build on armhf, there was an error in the ctypes-arm patch. -- Stefano Rivera Tue, 21 Apr 2020 09:21:37 -0700 pypy3 (7.3.1+dfsg-2) unstable; urgency=medium * Cherry-pick a sqlite3 regression patch. * Point to the installed stdlib in the pypy-local sysconfig layout. * Build out autopkgtests a little. Test: cffi lib importability, local package installation, virtualenvs, byte-compilation. * Add /usr/local/lib/pypy3.6/dist-packages to sys.path, so users can locally install packages. (Closes: #956412) -- Stefano Rivera Mon, 20 Apr 2020 15:36:17 -0700 pypy3 (7.3.1+dfsg-1) unstable; urgency=medium * New upstream release, upload to unstable * Refresh patches. -- Stefano Rivera Fri, 10 Apr 2020 12:34:21 -0700 pypy3 (7.3.1~rc2+dfsg-1) experimental; urgency=medium * New upstream RC, upload to experimental * Update copyright. * Bump Standards-Version to 4.5.0, no changes needed. * Refresh patches. * Update build-cffi-modules to use upstream's new library location. -- Stefano Rivera Thu, 09 Apr 2020 16:05:54 -0700 pypy3 (7.3.0+dfsg-4) unstable; urgency=medium * Patch: Build Sphinx docs with Python 3. This requires disabling autodoc and other custom extensions. * Byte compile exception patterns (bcep) changes following python3-defaults (3.8.2-2): - new "file" type to list just one file example: file|-4.0|/usr/share/foo/test.py - ignore lines that start with hash char. (to allow comments) - tighten checking directory name (partial match was possible before) - in "re" type's pattern - check relative paths in addition to full path (i.e. no need to include directory path in the pattern) example: re|-4.0|/usr/lib/bar|baz/test.*\.py - only warn about invalid patterns (instead of failing) * Execute python2 (instead of python) during the build. * We don't need python-docutils, any more. -- Stefano Rivera Tue, 24 Mar 2020 19:16:53 -0700 pypy3 (7.3.0+dfsg-3) unstable; urgency=medium * Patch: Force s390x port to target z10 by default, fixing FTBFS. -- Stefano Rivera Wed, 15 Jan 2020 09:53:22 +0000 pypy3 (7.3.0+dfsg-2) unstable; urgency=medium * Build-Depend on python2 instead of python. -- Stefano Rivera Tue, 14 Jan 2020 07:57:50 +0200 pypy3 (7.3.0+dfsg-1) unstable; urgency=medium * New upstream release. * Refresh patches. * Drop patch arm64-gcc-bug, superseded upstream. * Update copyright. * Build with pypy on arm64, now that we've bootstrapped the JIT. -- Stefano Rivera Tue, 24 Dec 2019 08:58:34 +0200 pypy3 (7.2.0+dfsg-1) unstable; urgency=medium * New upstream final release. * Upload to unstable. * Enable JIT and continuation module on arm64. * Refresh patches. * Patch arm64-gcc-bug: Avoid a GCC bug in the new arm64 JIT. * Bump Standards-Version to 4.4.1, no changes needed. -- Stefano Rivera Sat, 02 Nov 2019 11:56:38 -0700 pypy3 (7.2.0~rc1+dfsg-1) experimental; urgency=medium * New upstream RC, uploaded to experimental. * Revert: Strip blake2b.o from the orig tarball. * Refresh patches. * Drop patch plat-linux-differences, superseded in cPython 3.6. * Update copyright. * Bump Standards-Version to 4.4.0, no changes needed. -- Stefano Rivera Thu, 03 Oct 2019 14:49:58 +0300 pypy3 (7.1.1+dfsg-1) unstable; urgency=medium * New upstream release. * Strip blake2b.o from the orig tarball. * Switch to the 3.6 branch, the 3.5 branch is no longer being maintained upstream. (Closes: #933092) * Update watch file regex, upstream calls it pypy3.6 now. * Drop patches, superseded upstream: graphlib-dots, hypothesis-crashes, hurd-sysmacros. * Replace patch version-7.0.0 with version-7.1.1. * Refresh patches. * Update copyright. * Name pypy3{clean,compile} correctly in their own errors. * Drop multiarch-extensions.sh, not needed for pypy3. * Install _blake2 and _sha3 cffi modules. -- Stefano Rivera Fri, 09 Aug 2019 12:50:05 -0300 pypy3 (7.0.0+dfsg-3) unstable; urgency=medium * Let pypy3 attempt to build on hurd. It has been previously ported. * Fix webbrowser module. We had a patch that wasn't well ported to pypy3. * Patch hurd-sysmacros: Include on GNU/Hurd. * Remove old copyright file blocks for lib-python/2.7, it's no longer included, upstream. -- Stefano Rivera Wed, 20 Feb 2019 17:31:35 -0800 pypy3 (7.0.0+dfsg-2) unstable; urgency=medium * Remove dh_builddeb override, no longer necessary. * Bump Standards-Version to 4.3.0, no changes needed. * Don't use dh_python3, it wasn't doing anything, anyway. * Patches from upstream release branch: - Set the version to 7.0.0, accidentally updated in a merge. - hypothesis-crashes: Handle older hypothesis versions better. -- Stefano Rivera Fri, 08 Feb 2019 19:08:43 +0200 pypy3 (7.0.0+dfsg-1) unstable; urgency=medium * New upstream release. * Refresh patches. * Drop patches avoid-rvmprof-dummy, hurd, and rvmprof-dummy. Superseded upstream. * Update copyright. * Clean up after the new "extra_tests" directory. -- Stefano Rivera Thu, 07 Feb 2019 15:34:05 +0200 pypy3 (6.0.0+dfsg-3) unstable; urgency=medium * Build-Depend on liblzma-dev, to build the lzma cffi module. Thanks Helmut Grohne. (Closes: #921494) * Bump Standards-Version to 4.3.0, no changes needed. * Ignore lib_pypy/_testmultiphase.c in clean. -- Stefano Rivera Wed, 06 Feb 2019 17:10:24 +0200 pypy3 (6.0.0+dfsg-2) unstable; urgency=medium * Upload to unstable. * Patch graphlib-dots: Print some more mandlebrot while breaking cycles, to avoid build timeouts. * Add some superficial autopkgtests. * Support pip 10 in ensurepip. * pypy3-lib-testsuite: Don't attempt to byte-compile lib2to3's test data. -- Stefano Rivera Thu, 31 Jan 2019 18:16:35 +0100 pypy3 (6.0.0+dfsg-1) experimental; urgency=medium * Initial release (based on pypy 6.0.0+dfsg-2 packaging). (Closes: #762346) -- Stefano Rivera Tue, 01 Jan 2019 20:02:42 +0000