Accepting request 1108888 from home:dgarcia:branches:devel:languages:python:Factory
- Add fix-sphinx-72.patch to make it work with latest sphinx version
gh#python/cpython#97950
- Update to 3.10.13:
- gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included
protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.
Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
Gregory P. Smith.
- gh-107845: tarfile.data_filter() now takes the location of
symlinks into account when determining their target, so it will no
longer reject some valid tarballs with
LinkOutsideDestinationError.
- gh-107565: Update multissltests and GitHub CI workflows to use
OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
- gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
*consumed was not set.
OBS-URL: https://build.opensuse.org/request/show/1108888
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=105
This commit is contained in:
Git OBS Bridge
parent
4a7871d409
commit
310cd89462
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:afb74bf19130e7a47d10312c8f5e784f24e0527981eab68e20546cfb865830b8
|
||||
size 19654836
|
||||
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmR/tqIACgkQ/+h0BBaL
|
||||
2EfUfg/9FW0m6nngtGIKTJ+Gk4G13pQvnELgc3eq70t7Sn1g2kGxDpO+rs0WptYG
|
||||
gGcHs6v4rE/3uQ0mf4QCvnnXffQEQ+bRDaj1ZBY/rJjCdgQeUNMElV0KbvADiTqS
|
||||
+akmsXaK3KqLHJesZo65lZ4HSADWKosBU3zxE2/CRMMsz1aLMDLIoaQo+pqDcFl7
|
||||
ZfGMlmiJNyD2jZVYGdwCbhG0BymOTU02BxkH2Dkd9OGzj9A3zDPCO6RcDFtw4dkK
|
||||
lngHQGijYaFV11FqIaApnUkz7aAPk//2KRLwpf5D5z8p8T8QsHAJyTmIm1gMQiQA
|
||||
tMThI1tFGN6lF1QSrfwGooXs3AdeEY0VoL4CpQi8TVRLyi6HE4AU4hEQdPqVmpm1
|
||||
+U2K0MpYhkwtPp0E9E7y9v82fMSzUKvGgpTstnblKTfDmgGUGb47Ncj3XvxH8SZz
|
||||
p93YK2xpfl4V2ltLio8ONmwP9lQhxk5L34dQR20cjbOoj622VofqGUV7Zr6UHVLD
|
||||
pqYgnj3zgiTPmbCzgVxZOyaLD3ezsY8oAtfLgX6cjCfsTtV27TvQUD8Br0oKQYS/
|
||||
h5KJBdytokqPa+JWr59hvQpcLSbmCB2y7USminoS2yL1hpXidTvVDUALF3vorvZi
|
||||
BS8prxUIFT2dgerUpWmMrKYih7pJNKdySGgI3zXtxIt5TE0TRag=
|
||||
=9Zqh
|
||||
-----END PGP SIGNATURE-----
|
||||
BIN
Python-3.10.13.tar.xz
(Stored with Git LFS)
Normal file
BIN
Python-3.10.13.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
16
Python-3.10.13.tar.xz.asc
Normal file
16
Python-3.10.13.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmTnVFIACgkQ/+h0BBaL
|
||||
2EfANRAAng1gGOlrpC5O6dU3w37Ubbp4nqRxCgLO3jcOipafkq4PdQN0VrP8Gvbx
|
||||
NGn+ELdAiBasVkgx3aZcDKCSHQT9PkMOGjNKKcv6NamMTnwp5IeVEY+uXSITxOoQ
|
||||
VmLRKdnNO9PYkSfh0bB51p5+HtnbFabs6lY6NEwSg9J2ooNCChgaVEEjGJalLkKn
|
||||
aCy+G9prd4KUXMonm8fqk3kj79qcEdj97CdOdEpE0EvH5oNNfKRwkD8j4nztE5mM
|
||||
GeymPb9g9gY+u2Ph5bPkkNHSwgO/NVgCrAxcdJC4/tabiWBFZtmLEcEUvMmMVDdM
|
||||
VAV40PHlIevzY2wm2PIZYKqqVpvyfjk3SRSfqJe7BiOMfifXpG1rYD+pB823U20c
|
||||
Xzi9Z1p39406XbgOI9EE4dVWSI03kyEcnOth8pv/aYoIlSGnfH7ngST0OGoBMUZ4
|
||||
LwwOiBBgqoRJoYKERmbQ+r4hFJTkdFgFZHu9YkT5L+TwCRbVYGK6bptZGCveVn92
|
||||
j4t8gOpR+m27Sc3YWxEqp3dW3u3GWEPqtK2MDdbj3omZ00vb+Ukdq3CLLNoxP/KC
|
||||
PvJsxe2coMYz0R9SbSrKujJeYeb/6P8P5QxzcqiVfWtZRc9SJ+aianaTgfcag08R
|
||||
9XDTiL4thCq5uaKsYaLECaPDKMF/skQrqbbLShf5rvcvDJO783s=
|
||||
=UP6h
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -19,10 +19,10 @@ Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
||||
4 files changed, 31 insertions(+), 159 deletions(-)
|
||||
create mode 100644 Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
|
||||
|
||||
Index: Python-3.10.12/Doc/library/email.utils.rst
|
||||
Index: Python-3.10.13/Doc/library/email.utils.rst
|
||||
===================================================================
|
||||
--- Python-3.10.12.orig/Doc/library/email.utils.rst
|
||||
+++ Python-3.10.12/Doc/library/email.utils.rst
|
||||
--- Python-3.10.13.orig/Doc/library/email.utils.rst
|
||||
+++ Python-3.10.13/Doc/library/email.utils.rst
|
||||
@@ -67,11 +67,6 @@ of the new API.
|
||||
*email address* parts. Returns a tuple of that information, unless the parse
|
||||
fails, in which case a 2-tuple of ``('', '')`` is returned.
|
||||
@ -70,10 +70,10 @@ Index: Python-3.10.12/Doc/library/email.utils.rst
|
||||
|
||||
.. function:: parsedate(date)
|
||||
|
||||
Index: Python-3.10.12/Lib/email/utils.py
|
||||
Index: Python-3.10.13/Lib/email/utils.py
|
||||
===================================================================
|
||||
--- Python-3.10.12.orig/Lib/email/utils.py
|
||||
+++ Python-3.10.12/Lib/email/utils.py
|
||||
--- Python-3.10.13.orig/Lib/email/utils.py
|
||||
+++ Python-3.10.13/Lib/email/utils.py
|
||||
@@ -106,54 +106,12 @@ def formataddr(pair, charset='utf-8'):
|
||||
return address
|
||||
|
||||
@ -154,10 +154,10 @@ Index: Python-3.10.12/Lib/email/utils.py
|
||||
return addrs[0]
|
||||
|
||||
|
||||
Index: Python-3.10.12/Lib/test/test_email/test_email.py
|
||||
Index: Python-3.10.13/Lib/test/test_email/test_email.py
|
||||
===================================================================
|
||||
--- Python-3.10.12.orig/Lib/test/test_email/test_email.py
|
||||
+++ Python-3.10.12/Lib/test/test_email/test_email.py
|
||||
--- Python-3.10.13.orig/Lib/test/test_email/test_email.py
|
||||
+++ Python-3.10.13/Lib/test/test_email/test_email.py
|
||||
@@ -3288,90 +3288,32 @@ Foo
|
||||
[('Al Person', 'aperson@dom.ain'),
|
||||
('Bud Person', 'bperson@dom.ain')])
|
||||
@ -268,10 +268,10 @@ Index: Python-3.10.12/Lib/test/test_email/test_email.py
|
||||
|
||||
def test_getaddresses_embedded_comment(self):
|
||||
"""Test proper handling of a nested comment"""
|
||||
Index: Python-3.10.12/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
|
||||
Index: Python-3.10.13/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
|
||||
===================================================================
|
||||
--- Python-3.10.12.orig/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
|
||||
+++ Python-3.10.12/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
|
||||
--- Python-3.10.13.orig/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
|
||||
+++ Python-3.10.13/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
|
||||
@@ -1,3 +1,8 @@
|
||||
+Reverted the :mod:`email.utils` security improvement change released in
|
||||
+3.12beta4 that unintentionally caused :mod:`email.utils.getaddresses` to fail
|
||||
|
||||
3117
fix-sphinx-72.patch
Normal file
3117
fix-sphinx-72.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,3 +1,24 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 4 13:18:29 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
|
||||
|
||||
- Add fix-sphinx-72.patch to make it work with latest sphinx version
|
||||
gh#python/cpython#97950
|
||||
- Update to 3.10.13:
|
||||
- gh-108310: Fixed an issue where instances of ssl.SSLSocket were
|
||||
vulnerable to a bypass of the TLS handshake and included
|
||||
protections (like certificate verification) and treating sent
|
||||
unencrypted data as if it were post-handshake TLS encrypted data.
|
||||
Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
|
||||
Gregory P. Smith.
|
||||
- gh-107845: tarfile.data_filter() now takes the location of
|
||||
symlinks into account when determining their target, so it will no
|
||||
longer reject some valid tarballs with
|
||||
LinkOutsideDestinationError.
|
||||
- gh-107565: Update multissltests and GitHub CI workflows to use
|
||||
OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
|
||||
- gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
|
||||
*consumed was not set.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 3 14:13:30 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
|
||||
@ -103,7 +103,7 @@ Obsoletes: python39%{?1:-%{1}}
|
||||
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
|
||||
%bcond_without profileopt
|
||||
Name: %{python_pkg_name}%{psuffix}
|
||||
Version: 3.10.12
|
||||
Version: 3.10.13
|
||||
Release: 0
|
||||
Summary: Python 3 Interpreter
|
||||
License: Python-2.0
|
||||
@ -180,6 +180,20 @@ Patch40: CVE-2023-27043-email-parsing-errors.patch
|
||||
# PATCH-FIX-UPSTREAM Revert-gh105127-left-tests.patch bsc#1210638 mcepl@suse.com
|
||||
# Partially revert previous patch
|
||||
Patch41: Revert-gh105127-left-tests.patch
|
||||
# PATCH-FIX-UPSTREAM fix-sphinx-72.patch gh#python/cpython#97950
|
||||
# This is a patch with a lot of PR combined to make the doc work with
|
||||
# sphinx 7.2
|
||||
# This patch has the following github pull requests:
|
||||
# * gh#python/cpython#104151
|
||||
# * gh#python/cpython#104154
|
||||
# * gh#python/cpython#104155
|
||||
# * gh#python/cpython#104157
|
||||
# * gh#python/cpython#104159
|
||||
# * gh#python/cpython#104161
|
||||
# * gh#python/cpython#104163
|
||||
# * gh#python/cpython#104221
|
||||
# * gh#python/cpython#107246
|
||||
Patch42: fix-sphinx-72.patch
|
||||
BuildRequires: autoconf-archive
|
||||
BuildRequires: automake
|
||||
BuildRequires: fdupes
|
||||
@ -455,6 +469,7 @@ other applications.
|
||||
%patch39 -p1
|
||||
%patch40 -p1
|
||||
%patch41 -p1
|
||||
%patch42 -p1
|
||||
|
||||
# drop Autoconf version requirement
|
||||
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
|
||||
|
||||
Loading…
Reference in New Issue
Block a user