public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Benjamin A. Beasley <code@musicinmybrain.net>
To: git-commits@fedoraproject.org
Subject: [rpms/python-pendulum] rawhide: Update PyO3 to 0.29 (fixes RUSTSEC-2026-0176, RUSTSEC-2026-0177)
Date: Tue, 30 Jun 2026 20:52:21 GMT	[thread overview]
Message-ID: <178285274153.1.14649940392638285668.rpms-python-pendulum-5d149bbed5a5@fedoraproject.org> (raw)

A new commit has been pushed.

Repo   : rpms/python-pendulum
Branch : rawhide
Commit : 5d149bbed5a5d353b5affe977af59dae30905491
Author : Benjamin A. Beasley <code@musicinmybrain.net>
Date   : 2026-06-30T21:29:49+01:00
Stats  : +31/-30 in 3 file(s)
URL    : https://src.fedoraproject.org/rpms/python-pendulum/c/5d149bbed5a5d353b5affe977af59dae30905491?branch=rawhide

Log:
Update PyO3 to 0.29 (fixes RUSTSEC-2026-0176, RUSTSEC-2026-0177)

---
diff --git a/0001-Allow-PyO3-0.26-until-we-have-0.27-RHBZ-2404994.patch b/0001-Allow-PyO3-0.26-until-we-have-0.27-RHBZ-2404994.patch
deleted file mode 100644
index 579cee1..0000000
--- a/0001-Allow-PyO3-0.26-until-we-have-0.27-RHBZ-2404994.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 473ceafc25806f1dfd703d79c0417a2601a068cb Mon Sep 17 00:00:00 2001
-From: "Benjamin A. Beasley" <code@musicinmybrain.net>
-Date: Tue, 28 Oct 2025 11:45:27 +0000
-Subject: [PATCH] Allow PyO3 0.26 until we have 0.27, RHBZ#2404994
-
----
- rust/Cargo.toml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/rust/Cargo.toml b/rust/Cargo.toml
-index 0922472..b6d88b9 100644
---- a/rust/Cargo.toml
-+++ b/rust/Cargo.toml
-@@ -14,7 +14,7 @@ strip = true
- overflow-checks = false
- 
- [dependencies]
--pyo3 = { version = "0.27", features = ["extension-module", "generate-import-lib"] }
-+pyo3 = { version = ">=0.26, <0.28", features = ["extension-module", "generate-import-lib"] }
- 
- [features]
- extension-module = ["pyo3/extension-module"]
--- 
-2.51.0
-

diff --git a/pendulum-3.2.0-pyo3-0.29.patch b/pendulum-3.2.0-pyo3-0.29.patch
new file mode 100644
index 0000000..59ae9c6
--- /dev/null
+++ b/pendulum-3.2.0-pyo3-0.29.patch
@@ -0,0 +1,26 @@
+diff --git a/rust/Cargo.toml b/rust/Cargo.toml
+index 097321fe..b4c3a43e 100644
+--- a/rust/Cargo.toml
++++ b/rust/Cargo.toml
+@@ -14,7 +14,7 @@ strip = true
+ overflow-checks = false
+ 
+ [dependencies]
+-pyo3 = { version = "0.27", features = ["extension-module", "generate-import-lib"] }
++pyo3 = { version = "0.29", features = ["extension-module"] }
+ 
+ [features]
+ extension-module = ["pyo3/extension-module"]
+diff --git a/rust/src/python/types/timezone.rs b/rust/src/python/types/timezone.rs
+index 64dce026..f6f74747 100644
+--- a/rust/src/python/types/timezone.rs
++++ b/rust/src/python/types/timezone.rs
+@@ -2,7 +2,7 @@
+ use pyo3::prelude::*;
+ use pyo3::types::{PyDelta, PyDict, PyTzInfo};
+ 
+-#[pyclass(module = "_pendulum", extends = PyTzInfo)]
++#[pyclass(module = "_pendulum", extends = PyTzInfo, from_py_object)]
+ #[derive(Clone)]
+ pub struct FixedTimezone {
+     offset: i32,

diff --git a/python-pendulum.spec b/python-pendulum.spec
index cd73c6b..cf0eecc 100644
--- a/python-pendulum.spec
+++ b/python-pendulum.spec
@@ -10,8 +10,10 @@ URL:            https://pendulum.eustace.io
 %global forgeurl https://github.com/sdispater/pendulum
 Source:         %{forgeurl}/archive/%{version}/pendulum-%{version}.tar.gz
 
-# Downstream-only: allow PyO3 0.26 until we have 0.27, RHBZ#2404994
-Patch:          0001-Allow-PyO3-0.26-until-we-have-0.27-RHBZ-2404994.patch
+# Update PyO3 to 0.29
+# https://github.com/python-pendulum/pendulum/pull/978
+# (Without changes to Cargo.lock)
+Patch:          pendulum-3.2.0-pyo3-0.29.patch
 
 BuildRequires:  python3-devel
 BuildRequires:  cargo-rpm-macros
@@ -57,9 +59,6 @@ sed -i '/@pytest.mark.benchmark/d' $(find tests -type f -name '*.py')
 %cargo_prep
 cd rust
 rm Cargo.lock
-# Remove unpackaged feature. This is only needed for Windows.
-tomcli-set Cargo.toml lists delitem dependencies.pyo3.features \
-    'generate-import-lib'
 
 %generate_buildrequires
 # For unclear reasons, maturin checks for all crate dependencies when it is
@@ -99,6 +98,7 @@ popd
 %changelog
 * Tue Jun 30 2026 Benjamin A. Beasley <code@musicinmybrain.net> - 3.2.0-1
 - Update to 3.2.0 (final); Fixes RHBZ#2435482
+- Update PyO3 to 0.29 (fixes RUSTSEC-2026-0176, RUSTSEC-2026-0177)
 
 * Thu Jun 04 2026 Python Maint <python-maint@redhat.com> - 3.2.0~dev0^20251024git628fd85-3
 - Rebuilt for Python 3.15

                 reply	other threads:[~2026-06-30 20:52 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178285274153.1.14649940392638285668.rpms-python-pendulum-5d149bbed5a5@fedoraproject.org \
    --to=code@musicinmybrain.net \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox