Accepting request 914454 from devel:languages:python:Factory

OBS-URL: https://build.opensuse.org/request/show/914454 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python?expand=0&rev=156
2021-08-28 20:28:52 +00:00 · 2021-08-28 20:28:52 +00:00 · 6c0d6bd722
commit 6c0d6bd722
parent 65ab37fec4 de8c3896ee
9 changed files with 128 additions and 19 deletions
--- a/CVE-2021-3733-fix-ReDoS-in-request.patch
+++ b/CVE-2021-3733-fix-ReDoS-in-request.patch
--- a/CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+++ b/CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
@ -12,7 +12,7 @@
                     break
                 if self.debuglevel > 0:
                     print "header:", skip
-+                # bpo-44022: Fix http client infinite line reading (DoS) after a http 100
+                # CVE-2021-3737: Fix infinitely reading potential HTTP headers on a 100 Continue status response from the server
 +                header_count += 1
 +                if header_count > _MAXHEADERS:
 +                    raise HTTPException("got more than %d headers" % _MAXHEADERS)
--- a/python-base.changes
+++ b/python-base.changes
@ -1,3 +1,21 @@
 -------------------------------------------------------------------
 Thu Aug 26 15:35:10 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
 - Renamed patch for assigned CVE:
  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    (boo#1189241, CVE-2021-3737)
 -------------------------------------------------------------------
 Mon Aug 23 11:16:24 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
 - Renamed patch for assigned CVE:
  * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
    (boo#1189287, CVE-2021-3733)
 - Fix python-doc build (bpo#35293):
  * sphinx-update-removed-function.patch
 - Update documentation formatting for Sphinx 3.0 (bpo#40204).
 -------------------------------------------------------------------
 Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
--- a/python-base.spec
+++ b/python-base.spec
@ -103,10 +103,12 @@ Patch61:        CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
 # PATCH-FIX-UPSTREAM CVE-2021-23336-only-amp-as-query-sep.patch bsc#[0-9]+ mcepl@suse.com
 # this patch makes things totally awesome
 Patch62:        CVE-2021-23336-only-amp-as-query-sep.patch
-# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
+# PATCH-FIX-UPSTREAM CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
-Patch63:        bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+Patch63:        CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
-# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
+# PATCH-FIX-UPSTREAM CVE-2021-3733-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
-Patch64:        bpo43075-fix-ReDoS-in-request.patch
+Patch64:        CVE-2021-3733-fix-ReDoS-in-request.patch
 # PATCH-FIX-UPSTREAM sphinx-update-removed-function.patch bpo#35293 gh#python/cpython#22198 -- fix doc build
 Patch65:        sphinx-update-removed-function.patch
 # COMMON-PATCH-END
 %define         python_version    %(echo %{tarversion} | head -c 3)
 BuildRequires:  automake
@ -236,6 +238,7 @@ other applications.
 %patch62 -p1
 %patch63 -p1
 %patch64 -p1
 %patch65 -p1
 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac
--- a/python-doc.changes
+++ b/python-doc.changes
@ -1,3 +1,21 @@
 -------------------------------------------------------------------
 Thu Aug 26 15:35:10 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
 - Renamed patch for assigned CVE:
  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    (boo#1189241, CVE-2021-3737)
 -------------------------------------------------------------------
 Mon Aug 23 11:16:24 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
 - Renamed patch for assigned CVE:
  * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
    (boo#1189287, CVE-2021-3733)
 - Fix python-doc build (bpo#35293):
  * sphinx-update-removed-function.patch
 - Update documentation formatting for Sphinx 3.0 (bpo#40204).
 -------------------------------------------------------------------
 Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
--- a/python-doc.spec
+++ b/python-doc.spec
@ -105,15 +105,17 @@ Patch61:        CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
 # PATCH-FIX-UPSTREAM CVE-2021-23336-only-amp-as-query-sep.patch bsc#[0-9]+ mcepl@suse.com
 # this patch makes things totally awesome
 Patch62:        CVE-2021-23336-only-amp-as-query-sep.patch
-# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
+# PATCH-FIX-UPSTREAM CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
-Patch63:        bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+Patch63:        CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
-# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
+# PATCH-FIX-UPSTREAM CVE-2021-3733-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
-Patch64:        bpo43075-fix-ReDoS-in-request.patch
+Patch64:        CVE-2021-3733-fix-ReDoS-in-request.patch
 # PATCH-FIX-UPSTREAM sphinx-update-removed-function.patch bpo#35293 gh#python/cpython#22198 -- fix doc build
 Patch65:        sphinx-update-removed-function.patch
 # COMMON-PATCH-END
-Provides:       pyth_doc
+Provides:       pyth_doc = %{version}
-Provides:       pyth_ps
+Provides:       pyth_ps = %{version}
-Obsoletes:      pyth_doc
+Obsoletes:      pyth_doc < %{version}
-Obsoletes:      pyth_ps
+Obsoletes:      pyth_ps < %{version}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 Enhances:       python = %{version}
@ -127,8 +129,8 @@ Python, and Macintosh Module Reference in HTML format.
 %package pdf
 Summary:        Python PDF Documentation
 Group:          Development/Languages/Python
-Provides:       pyth_pdf
+Provides:       pyth_pdf = %{version}
-Obsoletes:      pyth_pdf
+Obsoletes:      pyth_pdf < %{version}
 Provides:       python2-doc-pdf = %{version}
 %description pdf
@ -180,9 +182,16 @@ Python, and Macintosh Module Reference in PDF format.
 %patch62 -p1
 %patch63 -p1
 %patch64 -p1
 %patch65 -p1
 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac
 # Update documentation formatting for Sphinx 3.0 (bpo#40204)
 for i in `find Doc/ -type f -name "*.rst"`
 do
  sed -i 's/:c:type:/:c:expr:/g' $i
 done
 # COMMON-PREP-END
 %build
--- a/python.changes
+++ b/python.changes
@ -1,3 +1,21 @@
 -------------------------------------------------------------------
 Thu Aug 26 15:35:10 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
 - Renamed patch for assigned CVE:
  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    (boo#1189241, CVE-2021-3737)
 -------------------------------------------------------------------
 Mon Aug 23 11:16:24 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
 - Renamed patch for assigned CVE:
  * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
    (boo#1189287, CVE-2021-3733)
 - Fix python-doc build (bpo#35293):
  * sphinx-update-removed-function.patch
 - Update documentation formatting for Sphinx 3.0 (bpo#40204).
 -------------------------------------------------------------------
 Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
--- a/python.spec
+++ b/python.spec
@ -105,10 +105,12 @@ Patch61:        CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
 # PATCH-FIX-UPSTREAM CVE-2021-23336-only-amp-as-query-sep.patch bsc#[0-9]+ mcepl@suse.com
 # this patch makes things totally awesome
 Patch62:        CVE-2021-23336-only-amp-as-query-sep.patch
-# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
+# PATCH-FIX-UPSTREAM CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
-Patch63:        bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+Patch63:        CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
-# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
+# PATCH-FIX-UPSTREAM CVE-2021-3733-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
-Patch64:        bpo43075-fix-ReDoS-in-request.patch
+Patch64:        CVE-2021-3733-fix-ReDoS-in-request.patch
 # PATCH-FIX-UPSTREAM sphinx-update-removed-function.patch bpo#35293 gh#python/cpython#22198 -- fix doc build
 Patch65:        sphinx-update-removed-function.patch
 # COMMON-PATCH-END
 BuildRequires:  automake
 BuildRequires:  db-devel
@ -294,6 +296,7 @@ that rely on earlier non-verification behavior.
 %patch62 -p1
 %patch63 -p1
 %patch64 -p1
 %patch65 -p1
 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac
--- a/sphinx-update-removed-function.patch
+++ b/sphinx-update-removed-function.patch
@ -0,0 +1,40 @@
 --- a/Doc/tools/extensions/pyspecific.py
 +++ b/Doc/tools/extensions/pyspecific.py
@@ -103,7 +103,11 @@ class ImplementationDetail(Directive):
 # Support for documenting decorators
 from sphinx import addnodes
 -from sphinx.domains.python import PyModulelevel, PyClassmember
 +try:
 +    from sphinx.domains.python import PyFunction, PyMethod
 +except ImportError:
 +    from sphinx.domains.python import PyClassmember as PyMethod
 +    from sphinx.domains.python import PyModulelevel as PyFunction
 class PyDecoratorMixin(object):
     def handle_signature(self, sig, signode):
@@ -114,16 +118,16 @@ class PyDecoratorMixin(object):
     def needs_arglist(self):
         return False
 -class PyDecoratorFunction(PyDecoratorMixin, PyModulelevel):
 +class PyDecoratorFunction(PyDecoratorMixin, PyFunction):
     def run(self):
         # a decorator function is a function after all
         self.name = 'py:function'
 -        return PyModulelevel.run(self)
 +        return PyFunction.run(self)
 -class PyDecoratorMethod(PyDecoratorMixin, PyClassmember):
 +class PyDecoratorMethod(PyDecoratorMixin, PyMethod):
     def run(self):
         self.name = 'py:method'
 -        return PyClassmember.run(self)
 +        return PyMethod.run(self)
 # Support for building "topic help" for pydoc
 --- /dev/null
 +++ b/Misc/NEWS.d/next/Documentation/2020-09-12-17-37-13.bpo-35293._cOwPD.rst
@@ -0,0 +1 @@
 +Fix RemovedInSphinx40Warning when building the documentation. Patch by Dong-hee Na.