diff --git a/CVE-2024-39705.patch b/CVE-2024-39705.patch deleted file mode 100644 index b628974..0000000 --- a/CVE-2024-39705.patch +++ /dev/null @@ -1,38 +0,0 @@ -From a12d0a6a8cdba58d5e4e5f92ac62bb80fc26c624 Mon Sep 17 00:00:00 2001 -From: Eric Kafe -Date: Tue, 23 Jul 2024 09:09:09 +0200 -Subject: [PATCH] Prevent data.load from unpickling classes or functions - ---- - nltk/data.py | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/nltk/data.py b/nltk/data.py -index cc9229b0a2..fb242721c5 100644 ---- a/nltk/data.py -+++ b/nltk/data.py -@@ -658,6 +658,15 @@ def retrieve(resource_url, filename=None, verbose=True): - } - - -+def restricted_pickle_load(string): -+ """ -+ Prevents any class or function from loading. -+ """ -+ from nltk.app.wordnet_app import RestrictedUnpickler -+ -+ return RestrictedUnpickler(BytesIO(string)).load() -+ -+ - def load( - resource_url, - format="auto", -@@ -751,7 +760,7 @@ def load( - if format == "raw": - resource_val = opened_resource.read() - elif format == "pickle": -- resource_val = pickle.load(opened_resource) -+ resource_val = restricted_pickle_load(opened_resource.read()) - elif format == "json": - import json - diff --git a/nltk-3.8.1.tar.gz b/nltk-3.8.1.tar.gz deleted file mode 100644 index 47e3c7c..0000000 --- a/nltk-3.8.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:676970e2b7aa0a7184e68f76e0c4f2756fd1b82559a509d5656a23117faeb658 -size 2867926 diff --git a/nltk-3.9.1.tar.gz b/nltk-3.9.1.tar.gz new file mode 100644 index 0000000..2f28f5d --- /dev/null +++ b/nltk-3.9.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:03e06c8c13e352133962c4395ebe0696905c9f1fbdead2d19deae37ba48eb47c +size 2874006 diff --git a/nltk-pr3207-py312.patch b/nltk-pr3207-py312.patch deleted file mode 100644 index 8524834..0000000 --- a/nltk-pr3207-py312.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 25d35fc4283dedd2053ec6d821f4b707fff8d72c Mon Sep 17 00:00:00 2001 -From: Konstantin Chernyshev -Date: Thu, 16 Nov 2023 19:00:15 +0100 -Subject: [PATCH 1/8] ci: enable 3.12 in ci tests - ---- - .github/workflows/ci.yaml | 2 +- - README.md | 2 +- - nltk/test/unit/translate/test_bleu.py | 1 - - nltk/translate/bleu_score.py | 29 +++++++++++++++++++++++++++-- - setup.py | 3 ++- - 5 files changed, 31 insertions(+), 6 deletions(-) - ---- a/.github/workflows/ci.yaml -+++ b/.github/workflows/ci.yaml -@@ -76,7 +76,7 @@ jobs: - needs: [cache_nltk_data, cache_third_party] - strategy: - matrix: -- python-version: ['3.7', '3.8', '3.9', '3.10', '3.11'] -+ python-version: ['3.7', '3.8', '3.9', '3.10', '3.11', '3.12'] - os: [ubuntu-latest, macos-latest, windows-latest] - fail-fast: false - runs-on: ${{ matrix.os }} ---- a/README.md -+++ b/README.md -@@ -4,7 +4,7 @@ - - NLTK -- the Natural Language Toolkit -- is a suite of open source Python - modules, data sets, and tutorials supporting research and development in Natural --Language Processing. NLTK requires Python version 3.7, 3.8, 3.9, 3.10 or 3.11. -+Language Processing. NLTK requires Python version 3.7, 3.8, 3.9, 3.10, 3.11 or 3.12. - - For documentation, please visit [nltk.org](https://www.nltk.org/). - ---- a/nltk/test/unit/translate/test_bleu.py -+++ b/nltk/test/unit/translate/test_bleu.py -@@ -2,7 +2,6 @@ - Tests for BLEU translation evaluation metric - """ - --import io - import unittest - - from nltk.data import find ---- a/nltk/translate/bleu_score.py -+++ b/nltk/translate/bleu_score.py -@@ -7,16 +7,41 @@ - # For license information, see LICENSE.TXT - - """BLEU score implementation.""" -- - import math - import sys - import warnings - from collections import Counter --from fractions import Fraction -+from fractions import Fraction as _Fraction - - from nltk.util import ngrams - - -+class Fraction(_Fraction): -+ """Fraction with _normalize=False support for 3.12""" -+ -+ def __new__(cls, numerator=0, denominator=None, _normalize=False): -+ if sys.version_info >= (3, 12): -+ self = super().__new__(cls, numerator, denominator) -+ else: -+ self = super().__new__(cls, numerator, denominator, _normalize=_normalize) -+ self._normalize = _normalize -+ self._original_numerator = numerator -+ self._original_denominator = denominator -+ return self -+ -+ @property -+ def numerator(self): -+ if not self._normalize: -+ return self._original_numerator -+ return super().numerator -+ -+ @property -+ def denominator(self): -+ if not self._normalize: -+ return self._original_denominator -+ return super().denominator -+ -+ - def sentence_bleu( - references, - hypothesis, ---- a/setup.py -+++ b/setup.py -@@ -67,7 +67,7 @@ setup( - }, - long_description="""\ - The Natural Language Toolkit (NLTK) is a Python package for --natural language processing. NLTK requires Python 3.7, 3.8, 3.9, 3.10 or 3.11.""", -+natural language processing. NLTK requires Python 3.7, 3.8, 3.9, 3.10, 3.11 or 3.12.""", - license="Apache License, Version 2.0", - keywords=[ - "NLP", -@@ -100,6 +100,7 @@ natural language processing. NLTK requi - "Programming Language :: Python :: 3.9", - "Programming Language :: Python :: 3.10", - "Programming Language :: Python :: 3.11", -+ "Programming Language :: Python :: 3.12", - "Topic :: Scientific/Engineering", - "Topic :: Scientific/Engineering :: Artificial Intelligence", - "Topic :: Scientific/Engineering :: Human Machine Interfaces", diff --git a/nltk_data.tar.xz b/nltk_data.tar.xz index 97a033a..ad0e8f7 100644 --- a/nltk_data.tar.xz +++ b/nltk_data.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f79462ac99f414b4850943720bed4a59c1bb15bfc8f1ce16b26165da6db07680 -size 393271816 +oid sha256:d5996129d40c2598664f74f44c15a39059f5b3713a26152ad4b0220d37bf6f9d +size 392736120 diff --git a/python-nltk.changes b/python-nltk.changes index 60dbe88..1e24c05 100644 --- a/python-nltk.changes +++ b/python-nltk.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Mon Sep 30 21:17:21 UTC 2024 - Thiago Bertoldi + +- Update to to 3.9.1 (changes since 3.8.1): + * Fixed bug that prevented wordnet from loading + * Fix security vulnerability CVE-2024-39705 (breaking change) + * Replace pickled models (punkt, chunker, taggers) by new + pickle-free "_tab" packages + * No longer sort Wordnet synsets and relations (sort in calling + function when required) + * Only strip the last suffix in Wordnet Morphy, thus + restricting synsets() results + * Add Python 3.12 support + * Many other minor fixes +- Refresh nltk_data +- Remome upstreamed patches: + - CVE-2024-39705.patch + - nltk-pr3207-py312.patch + ------------------------------------------------------------------- Fri Jul 26 07:14:33 UTC 2024 - Daniel Garcia @@ -36,8 +55,7 @@ Tue Mar 28 08:36:04 UTC 2023 - pgajdos@suse.com ------------------------------------------------------------------- Fri Jan 6 15:32:43 UTC 2023 - Yogalakshmi Arunachalam -- Update to 3.8 - +- Update to 3.8 * Refactor dispersion plot (#3082) * Provide type hints for LazyCorpusLoader variables (#3081) * Throw warning when LanguageModel is initialized with incorrect vocabulary (#3080) @@ -72,7 +90,7 @@ Fri Jan 6 15:32:43 UTC 2023 - Yogalakshmi Arunachalam * Fix LC cutoff policy of text tiling (#2936) * Optimize ConditionalFreqDist.__add__ performance (#2939) * Add Markdown corpus reader (#2902) - + ------------------------------------------------------------------- Mon Dec 26 10:41:22 UTC 2022 - Matej Cepl @@ -390,7 +408,7 @@ Fri Sep 23 12:29:05 UTC 2011 - saschpe@suse.de ------------------------------------------------------------------- Sun Feb 7 18:51:07 CST 2010 - oddrationale@gmail.com - + - fixed copyright and license statements - removed PyYAML, and added dependency to installers and download instructions @@ -412,6 +430,6 @@ Thu Dec 10 17:23:51 CST 2009 - oddrationale@gmail.com - added Requires: python-yaml ------------------------------------------------------------------- -Wed Dec 9 15:39:35 CST 2009 - oddrationale@gmail.com - +Wed Dec 9 15:39:35 CST 2009 - oddrationale@gmail.com + - Initial Release (Version 2.0b7): Sun Feb 7 18:50:18 CST 2010 diff --git a/python-nltk.spec b/python-nltk.spec index 799e18e..6c44b6b 100644 --- a/python-nltk.spec +++ b/python-nltk.spec @@ -17,8 +17,9 @@ %define modname nltk +%{?sle15_python_module_pythons} Name: python-nltk -Version: 3.8.1 +Version: 3.9.1 Release: 0 Summary: Natural Language Toolkit License: Apache-2.0 @@ -61,10 +62,6 @@ Source99: python-nltk.rpmlintrc # PATCH-FIX-UPSTREAM skip-networked-test.patch gh#nltk/nltk#2969 mcepl@suse.com # skip tests requiring network connection Patch0: skip-networked-test.patch -# PATCH-FIX-UPSTREAM nltk-pr3207-py312.patch gh#nltk/nltk#3207 -Patch1: nltk-pr3207-py312.patch -# PATCH-FIX-UPSTREAM CVE-2024-39705.patch bsc#1227174 gh#nltk/nltk#3290 -Patch2: CVE-2024-39705.patch BuildRequires: %{python_module base >= 3.7} BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools} @@ -150,7 +147,6 @@ sed -E -i "/#![[:space:]]*\/usr\/bin\/env python/d" \ sed -E -i "s|#![[:space:]]*%{_bindir}/env python|#!%{_bindir}/python3|" \ setup.py \ tools/global_replace.py \ - nltk_data/corpora/pl196x/splitter.py \ tools/find_deprecated.py %autopatch -p1 diff --git a/skip-networked-test.patch b/skip-networked-test.patch index f1cd8f7..59d031a 100644 --- a/skip-networked-test.patch +++ b/skip-networked-test.patch @@ -33,3 +33,4 @@ [metadata] license_files = LICENSE.txt +