From e11ff893c484647ccdbf8fa59aae96d8e7f5a8d5de20d1e6ea503ec4ed818b15 Mon Sep 17 00:00:00 2001 From: Benjamin Greiner Date: Thu, 20 Jan 2022 10:31:08 +0000 Subject: [PATCH] Accepting request 947647 from home:bnavigator:branches:devel:languages:python:jupyter - Update to 8.0.1 * Security fix CVE-2022-21699: change some default values in order to prevent potential Execution with Unnecessary Privileges. * Almost all version of IPython looks for configuration and profiles in current working directory. Since IPython was developed before pip and environments existed it was used a convenient way to load code/packages in a project dependant way. * In 2022, it is not necessary anymore, and can lead to confusing behavior where for example cloning a repository and starting IPython or loading a notebook from any Jupyter-Compatible interface that has ipython set as a kernel can lead to code execution. * The current working directory is not searched anymore for profiles or configurations files. * Added a __patched_cves__ attribute (set of strings) to IPython module that contain the list of fixed CVE. This is informational only. OBS-URL: https://build.opensuse.org/request/show/947647 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:jupyter/python-ipython?expand=0&rev=80 --- ipython-8.0.0.tar.gz | 3 --- ipython-8.0.1.tar.gz | 3 +++ python-ipython.changes | 23 +++++++++++++++++++++++ python-ipython.spec | 2 +- 4 files changed, 27 insertions(+), 4 deletions(-) delete mode 100644 ipython-8.0.0.tar.gz create mode 100644 ipython-8.0.1.tar.gz diff --git a/ipython-8.0.0.tar.gz b/ipython-8.0.0.tar.gz deleted file mode 100644 index a4f445d..0000000 --- a/ipython-8.0.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:004a0d05aeecd32adec4841b6e2586d5ca35785b1477db4d8333a39333e0ce98 -size 5395839 diff --git a/ipython-8.0.1.tar.gz b/ipython-8.0.1.tar.gz new file mode 100644 index 0000000..95a54a9 --- /dev/null +++ b/ipython-8.0.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ab564d4521ea8ceaac26c3a2c6e5ddbca15c8848fd5a5cc325f960da88d42974 +size 5306811 diff --git a/python-ipython.changes b/python-ipython.changes index 3719d68..4bdfcdc 100644 --- a/python-ipython.changes +++ b/python-ipython.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Thu Jan 20 10:19:48 UTC 2022 - Ben Greiner + +- Update to 8.0.1 + * Security fix CVE-2022-21699: change some default values in + order to prevent potential Execution with Unnecessary + Privileges. + * Almost all version of IPython looks for configuration and + profiles in current working directory. Since IPython was + developed before pip and environments existed it was used a + convenient way to load code/packages in a project dependant + way. + * In 2022, it is not necessary anymore, and can lead to confusing + behavior where for example cloning a repository and starting + IPython or loading a notebook from any Jupyter-Compatible + interface that has ipython set as a kernel can lead to code + execution. + * The current working directory is not searched anymore for + profiles or configurations files. + * Added a __patched_cves__ attribute (set of strings) to IPython + module that contain the list of fixed CVE. This is + informational only. + ------------------------------------------------------------------- Sat Jan 15 22:58:17 UTC 2022 - Ben Greiner diff --git a/python-ipython.spec b/python-ipython.spec index e88eb3a..c738025 100644 --- a/python-ipython.spec +++ b/python-ipython.spec @@ -34,7 +34,7 @@ %{?!python_module:%define python_module() python3-%{**}} %define skip_python2 1 Name: python-ipython%{psuffix} -Version: 8.0.0 +Version: 8.0.1 Release: 0 Summary: Rich architecture for interactive computing with Python License: BSD-3-Clause