diff --git a/bpo43075-fix-ReDoS-in-request.patch b/CVE-2021-3733-fix-ReDoS-in-request.patch similarity index 100% rename from bpo43075-fix-ReDoS-in-request.patch rename to CVE-2021-3733-fix-ReDoS-in-request.patch diff --git a/bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch b/CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch similarity index 88% rename from bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch rename to CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch index 7e5aeef..a1df08f 100644 --- a/bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch +++ b/CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch @@ -12,7 +12,7 @@ break if self.debuglevel > 0: print "header:", skip -+ # bpo-44022: Fix http client infinite line reading (DoS) after a http 100 ++ # CVE-2021-3737: Fix infinitely reading potential HTTP headers on a 100 Continue status response from the server + header_count += 1 + if header_count > _MAXHEADERS: + raise HTTPException("got more than %d headers" % _MAXHEADERS) diff --git a/python-base.changes b/python-base.changes index eb89daf..ddbb4d4 100644 --- a/python-base.changes +++ b/python-base.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Thu Aug 26 15:35:10 UTC 2021 - Fusion Future + +- Renamed patch for assigned CVE: + * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch -> + CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch + (boo#1189241, CVE-2021-3737) + +------------------------------------------------------------------- +Mon Aug 23 11:16:24 UTC 2021 - Fusion Future + +- Renamed patch for assigned CVE: + * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch + (boo#1189287, CVE-2021-3733) +- Fix python-doc build (bpo#35293): + * sphinx-update-removed-function.patch +- Update documentation formatting for Sphinx 3.0 (bpo#40204). + ------------------------------------------------------------------- Tue Aug 10 12:39:28 UTC 2021 - Fusion Future diff --git a/python-base.spec b/python-base.spec index 53b3862..9d9ffe0 100644 --- a/python-base.spec +++ b/python-base.spec @@ -103,10 +103,12 @@ Patch61: CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch # PATCH-FIX-UPSTREAM CVE-2021-23336-only-amp-as-query-sep.patch bsc#[0-9]+ mcepl@suse.com # this patch makes things totally awesome Patch62: CVE-2021-23336-only-amp-as-query-sep.patch -# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916 -Patch63: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch -# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391 -Patch64: bpo43075-fix-ReDoS-in-request.patch +# PATCH-FIX-UPSTREAM CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916 +Patch63: CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch +# PATCH-FIX-UPSTREAM CVE-2021-3733-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391 +Patch64: CVE-2021-3733-fix-ReDoS-in-request.patch +# PATCH-FIX-UPSTREAM sphinx-update-removed-function.patch bpo#35293 gh#python/cpython#22198 -- fix doc build +Patch65: sphinx-update-removed-function.patch # COMMON-PATCH-END %define python_version %(echo %{tarversion} | head -c 3) BuildRequires: automake @@ -236,6 +238,7 @@ other applications. %patch62 -p1 %patch63 -p1 %patch64 -p1 +%patch65 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac diff --git a/python-doc.changes b/python-doc.changes index eb89daf..ddbb4d4 100644 --- a/python-doc.changes +++ b/python-doc.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Thu Aug 26 15:35:10 UTC 2021 - Fusion Future + +- Renamed patch for assigned CVE: + * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch -> + CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch + (boo#1189241, CVE-2021-3737) + +------------------------------------------------------------------- +Mon Aug 23 11:16:24 UTC 2021 - Fusion Future + +- Renamed patch for assigned CVE: + * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch + (boo#1189287, CVE-2021-3733) +- Fix python-doc build (bpo#35293): + * sphinx-update-removed-function.patch +- Update documentation formatting for Sphinx 3.0 (bpo#40204). + ------------------------------------------------------------------- Tue Aug 10 12:39:28 UTC 2021 - Fusion Future diff --git a/python-doc.spec b/python-doc.spec index 838d0d5..bc38a76 100644 --- a/python-doc.spec +++ b/python-doc.spec @@ -105,15 +105,17 @@ Patch61: CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch # PATCH-FIX-UPSTREAM CVE-2021-23336-only-amp-as-query-sep.patch bsc#[0-9]+ mcepl@suse.com # this patch makes things totally awesome Patch62: CVE-2021-23336-only-amp-as-query-sep.patch -# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916 -Patch63: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch -# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391 -Patch64: bpo43075-fix-ReDoS-in-request.patch +# PATCH-FIX-UPSTREAM CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916 +Patch63: CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch +# PATCH-FIX-UPSTREAM CVE-2021-3733-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391 +Patch64: CVE-2021-3733-fix-ReDoS-in-request.patch +# PATCH-FIX-UPSTREAM sphinx-update-removed-function.patch bpo#35293 gh#python/cpython#22198 -- fix doc build +Patch65: sphinx-update-removed-function.patch # COMMON-PATCH-END -Provides: pyth_doc -Provides: pyth_ps -Obsoletes: pyth_doc -Obsoletes: pyth_ps +Provides: pyth_doc = %{version} +Provides: pyth_ps = %{version} +Obsoletes: pyth_doc < %{version} +Obsoletes: pyth_ps < %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch Enhances: python = %{version} @@ -127,8 +129,8 @@ Python, and Macintosh Module Reference in HTML format. %package pdf Summary: Python PDF Documentation Group: Development/Languages/Python -Provides: pyth_pdf -Obsoletes: pyth_pdf +Provides: pyth_pdf = %{version} +Obsoletes: pyth_pdf < %{version} Provides: python2-doc-pdf = %{version} %description pdf @@ -180,9 +182,16 @@ Python, and Macintosh Module Reference in PDF format. %patch62 -p1 %patch63 -p1 %patch64 -p1 +%patch65 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac + +# Update documentation formatting for Sphinx 3.0 (bpo#40204) +for i in `find Doc/ -type f -name "*.rst"` +do + sed -i 's/:c:type:/:c:expr:/g' $i +done # COMMON-PREP-END %build diff --git a/python.changes b/python.changes index eb89daf..ddbb4d4 100644 --- a/python.changes +++ b/python.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Thu Aug 26 15:35:10 UTC 2021 - Fusion Future + +- Renamed patch for assigned CVE: + * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch -> + CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch + (boo#1189241, CVE-2021-3737) + +------------------------------------------------------------------- +Mon Aug 23 11:16:24 UTC 2021 - Fusion Future + +- Renamed patch for assigned CVE: + * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch + (boo#1189287, CVE-2021-3733) +- Fix python-doc build (bpo#35293): + * sphinx-update-removed-function.patch +- Update documentation formatting for Sphinx 3.0 (bpo#40204). + ------------------------------------------------------------------- Tue Aug 10 12:39:28 UTC 2021 - Fusion Future diff --git a/python.spec b/python.spec index 42ebd15..4597446 100644 --- a/python.spec +++ b/python.spec @@ -105,10 +105,12 @@ Patch61: CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch # PATCH-FIX-UPSTREAM CVE-2021-23336-only-amp-as-query-sep.patch bsc#[0-9]+ mcepl@suse.com # this patch makes things totally awesome Patch62: CVE-2021-23336-only-amp-as-query-sep.patch -# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916 -Patch63: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch -# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391 -Patch64: bpo43075-fix-ReDoS-in-request.patch +# PATCH-FIX-UPSTREAM CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916 +Patch63: CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch +# PATCH-FIX-UPSTREAM CVE-2021-3733-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391 +Patch64: CVE-2021-3733-fix-ReDoS-in-request.patch +# PATCH-FIX-UPSTREAM sphinx-update-removed-function.patch bpo#35293 gh#python/cpython#22198 -- fix doc build +Patch65: sphinx-update-removed-function.patch # COMMON-PATCH-END BuildRequires: automake BuildRequires: db-devel @@ -294,6 +296,7 @@ that rely on earlier non-verification behavior. %patch62 -p1 %patch63 -p1 %patch64 -p1 +%patch65 -p1 # drop Autoconf version requirement sed -i 's/^version_required/dnl version_required/' configure.ac diff --git a/sphinx-update-removed-function.patch b/sphinx-update-removed-function.patch new file mode 100644 index 0000000..bcd1a86 --- /dev/null +++ b/sphinx-update-removed-function.patch @@ -0,0 +1,40 @@ +--- a/Doc/tools/extensions/pyspecific.py ++++ b/Doc/tools/extensions/pyspecific.py +@@ -103,7 +103,11 @@ class ImplementationDetail(Directive): + # Support for documenting decorators + + from sphinx import addnodes +-from sphinx.domains.python import PyModulelevel, PyClassmember ++try: ++ from sphinx.domains.python import PyFunction, PyMethod ++except ImportError: ++ from sphinx.domains.python import PyClassmember as PyMethod ++ from sphinx.domains.python import PyModulelevel as PyFunction + + class PyDecoratorMixin(object): + def handle_signature(self, sig, signode): +@@ -114,16 +118,16 @@ class PyDecoratorMixin(object): + def needs_arglist(self): + return False + +-class PyDecoratorFunction(PyDecoratorMixin, PyModulelevel): ++class PyDecoratorFunction(PyDecoratorMixin, PyFunction): + def run(self): + # a decorator function is a function after all + self.name = 'py:function' +- return PyModulelevel.run(self) ++ return PyFunction.run(self) + +-class PyDecoratorMethod(PyDecoratorMixin, PyClassmember): ++class PyDecoratorMethod(PyDecoratorMixin, PyMethod): + def run(self): + self.name = 'py:method' +- return PyClassmember.run(self) ++ return PyMethod.run(self) + + + # Support for building "topic help" for pydoc +--- /dev/null ++++ b/Misc/NEWS.d/next/Documentation/2020-09-12-17-37-13.bpo-35293._cOwPD.rst +@@ -0,0 +1 @@ ++Fix RemovedInSphinx40Warning when building the documentation. Patch by Dong-hee Na.