[rpms/python-pendulum] f43: Update PyO3 to 0.29 (fixes RUSTSEC-2026-0176, RUSTSEC-2026-0177)

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/python-pendulum] f43: Update PyO3 to 0.29 (fixes RUSTSEC-2026-0176, RUSTSEC-2026-0177)
@ 2026-06-30 21:41 Benjamin A. Beasley
  0 siblings, 0 replies; only message in thread
From: Benjamin A. Beasley @ 2026-06-30 21:41 UTC (permalink / raw)
  To: git-commits

A new commit has been pushed.

Repo   : rpms/python-pendulum
Branch : f43
Commit : 5d149bbed5a5d353b5affe977af59dae30905491
Author : Benjamin A. Beasley <code@musicinmybrain.net>
Date   : 2026-06-30T21:29:49+01:00
Stats  : +31/-30 in 3 file(s)
URL    : https://src.fedoraproject.org/rpms/python-pendulum/c/5d149bbed5a5d353b5affe977af59dae30905491?branch=f43

Log:
Update PyO3 to 0.29 (fixes RUSTSEC-2026-0176, RUSTSEC-2026-0177)

---
diff --git a/0001-Allow-PyO3-0.26-until-we-have-0.27-RHBZ-2404994.patch b/0001-Allow-PyO3-0.26-until-we-have-0.27-RHBZ-2404994.patch
deleted file mode 100644
index 579cee1..0000000
--- a/0001-Allow-PyO3-0.26-until-we-have-0.27-RHBZ-2404994.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 473ceafc25806f1dfd703d79c0417a2601a068cb Mon Sep 17 00:00:00 2001
-From: "Benjamin A. Beasley" <code@musicinmybrain.net>
-Date: Tue, 28 Oct 2025 11:45:27 +0000
-Subject: [PATCH] Allow PyO3 0.26 until we have 0.27, RHBZ#2404994
-
----
- rust/Cargo.toml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/rust/Cargo.toml b/rust/Cargo.toml
-index 0922472..b6d88b9 100644
---- a/rust/Cargo.toml
-+++ b/rust/Cargo.toml
-@@ -14,7 +14,7 @@ strip = true
- overflow-checks = false
- 
- [dependencies]
--pyo3 = { version = "0.27", features = ["extension-module", "generate-import-lib"] }
-+pyo3 = { version = ">=0.26, <0.28", features = ["extension-module", "generate-import-lib"] }
- 
- [features]
- extension-module = ["pyo3/extension-module"]
--- 
-2.51.0
-

diff --git a/pendulum-3.2.0-pyo3-0.29.patch b/pendulum-3.2.0-pyo3-0.29.patch
new file mode 100644
index 0000000..59ae9c6
--- /dev/null
+++ b/pendulum-3.2.0-pyo3-0.29.patch
@@ -0,0 +1,26 @@
+diff --git a/rust/Cargo.toml b/rust/Cargo.toml
+index 097321fe..b4c3a43e 100644
+--- a/rust/Cargo.toml
++++ b/rust/Cargo.toml
+@@ -14,7 +14,7 @@ strip = true
+ overflow-checks = false
+ 
+ [dependencies]
+-pyo3 = { version = "0.27", features = ["extension-module", "generate-import-lib"] }
++pyo3 = { version = "0.29", features = ["extension-module"] }
+ 
+ [features]
+ extension-module = ["pyo3/extension-module"]
+diff --git a/rust/src/python/types/timezone.rs b/rust/src/python/types/timezone.rs
+index 64dce026..f6f74747 100644
+--- a/rust/src/python/types/timezone.rs
++++ b/rust/src/python/types/timezone.rs
+@@ -2,7 +2,7 @@
+ use pyo3::prelude::*;
+ use pyo3::types::{PyDelta, PyDict, PyTzInfo};
+ 
+-#[pyclass(module = "_pendulum", extends = PyTzInfo)]
++#[pyclass(module = "_pendulum", extends = PyTzInfo, from_py_object)]
+ #[derive(Clone)]
+ pub struct FixedTimezone {
+     offset: i32,

diff --git a/python-pendulum.spec b/python-pendulum.spec
index cd73c6b..cf0eecc 100644
--- a/python-pendulum.spec
+++ b/python-pendulum.spec
@@ -10,8 +10,10 @@ URL:            https://pendulum.eustace.io
 %global forgeurl https://github.com/sdispater/pendulum
 Source:         %{forgeurl}/archive/%{version}/pendulum-%{version}.tar.gz
 
-# Downstream-only: allow PyO3 0.26 until we have 0.27, RHBZ#2404994
-Patch:          0001-Allow-PyO3-0.26-until-we-have-0.27-RHBZ-2404994.patch
+# Update PyO3 to 0.29
+# https://github.com/python-pendulum/pendulum/pull/978
+# (Without changes to Cargo.lock)
+Patch:          pendulum-3.2.0-pyo3-0.29.patch
 
 BuildRequires:  python3-devel
 BuildRequires:  cargo-rpm-macros
@@ -57,9 +59,6 @@ sed -i '/@pytest.mark.benchmark/d' $(find tests -type f -name '*.py')
 %cargo_prep
 cd rust
 rm Cargo.lock
-# Remove unpackaged feature. This is only needed for Windows.
-tomcli-set Cargo.toml lists delitem dependencies.pyo3.features \
-    'generate-import-lib'
 
 %generate_buildrequires
 # For unclear reasons, maturin checks for all crate dependencies when it is
@@ -99,6 +98,7 @@ popd
 %changelog
 * Tue Jun 30 2026 Benjamin A. Beasley <code@musicinmybrain.net> - 3.2.0-1
 - Update to 3.2.0 (final); Fixes RHBZ#2435482
+- Update PyO3 to 0.29 (fixes RUSTSEC-2026-0176, RUSTSEC-2026-0177)
 
 * Thu Jun 04 2026 Python Maint <python-maint@redhat.com> - 3.2.0~dev0^20251024git628fd85-3
 - Rebuilt for Python 3.15

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-30 21:41 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-30 21:41 [rpms/python-pendulum] f43: Update PyO3 to 0.29 (fixes RUSTSEC-2026-0176, RUSTSEC-2026-0177) Benjamin A. Beasley

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox