Accepting request 1108888 from home:dgarcia:branches:devel:languages:python:Factory

- Add fix-sphinx-72.patch to make it work with latest sphinx version
  gh#python/cpython#97950
- Update to 3.10.13:
  - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
    vulnerable to a bypass of the TLS handshake and included
    protections (like certificate verification) and treating sent
    unencrypted data as if it were post-handshake TLS encrypted data.
    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
    Gregory P. Smith.
  - gh-107845: tarfile.data_filter() now takes the location of
    symlinks into account when determining their target, so it will no
    longer reject some valid tarballs with
    LinkOutsideDestinationError.
  - gh-107565: Update multissltests and GitHub CI workflows to use
    OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
  - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
    *consumed was not set.

OBS-URL: https://build.opensuse.org/request/show/1108888
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=105
This commit is contained in:
Dirk Mueller 2023-09-04 15:07:39 +00:00 committed by Git OBS Bridge
parent 4a7871d409
commit 310cd89462
8 changed files with 3185 additions and 32 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:afb74bf19130e7a47d10312c8f5e784f24e0527981eab68e20546cfb865830b8
size 19654836

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmR/tqIACgkQ/+h0BBaL
2EfUfg/9FW0m6nngtGIKTJ+Gk4G13pQvnELgc3eq70t7Sn1g2kGxDpO+rs0WptYG
gGcHs6v4rE/3uQ0mf4QCvnnXffQEQ+bRDaj1ZBY/rJjCdgQeUNMElV0KbvADiTqS
+akmsXaK3KqLHJesZo65lZ4HSADWKosBU3zxE2/CRMMsz1aLMDLIoaQo+pqDcFl7
ZfGMlmiJNyD2jZVYGdwCbhG0BymOTU02BxkH2Dkd9OGzj9A3zDPCO6RcDFtw4dkK
lngHQGijYaFV11FqIaApnUkz7aAPk//2KRLwpf5D5z8p8T8QsHAJyTmIm1gMQiQA
tMThI1tFGN6lF1QSrfwGooXs3AdeEY0VoL4CpQi8TVRLyi6HE4AU4hEQdPqVmpm1
+U2K0MpYhkwtPp0E9E7y9v82fMSzUKvGgpTstnblKTfDmgGUGb47Ncj3XvxH8SZz
p93YK2xpfl4V2ltLio8ONmwP9lQhxk5L34dQR20cjbOoj622VofqGUV7Zr6UHVLD
pqYgnj3zgiTPmbCzgVxZOyaLD3ezsY8oAtfLgX6cjCfsTtV27TvQUD8Br0oKQYS/
h5KJBdytokqPa+JWr59hvQpcLSbmCB2y7USminoS2yL1hpXidTvVDUALF3vorvZi
BS8prxUIFT2dgerUpWmMrKYih7pJNKdySGgI3zXtxIt5TE0TRag=
=9Zqh
-----END PGP SIGNATURE-----

BIN
Python-3.10.13.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

16
Python-3.10.13.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmTnVFIACgkQ/+h0BBaL
2EfANRAAng1gGOlrpC5O6dU3w37Ubbp4nqRxCgLO3jcOipafkq4PdQN0VrP8Gvbx
NGn+ELdAiBasVkgx3aZcDKCSHQT9PkMOGjNKKcv6NamMTnwp5IeVEY+uXSITxOoQ
VmLRKdnNO9PYkSfh0bB51p5+HtnbFabs6lY6NEwSg9J2ooNCChgaVEEjGJalLkKn
aCy+G9prd4KUXMonm8fqk3kj79qcEdj97CdOdEpE0EvH5oNNfKRwkD8j4nztE5mM
GeymPb9g9gY+u2Ph5bPkkNHSwgO/NVgCrAxcdJC4/tabiWBFZtmLEcEUvMmMVDdM
VAV40PHlIevzY2wm2PIZYKqqVpvyfjk3SRSfqJe7BiOMfifXpG1rYD+pB823U20c
Xzi9Z1p39406XbgOI9EE4dVWSI03kyEcnOth8pv/aYoIlSGnfH7ngST0OGoBMUZ4
LwwOiBBgqoRJoYKERmbQ+r4hFJTkdFgFZHu9YkT5L+TwCRbVYGK6bptZGCveVn92
j4t8gOpR+m27Sc3YWxEqp3dW3u3GWEPqtK2MDdbj3omZ00vb+Ukdq3CLLNoxP/KC
PvJsxe2coMYz0R9SbSrKujJeYeb/6P8P5QxzcqiVfWtZRc9SJ+aianaTgfcag08R
9XDTiL4thCq5uaKsYaLECaPDKMF/skQrqbbLShf5rvcvDJO783s=
=UP6h
-----END PGP SIGNATURE-----

View File

@ -19,10 +19,10 @@ Co-authored-by: Gregory P. Smith <greg@krypto.org>
4 files changed, 31 insertions(+), 159 deletions(-)
create mode 100644 Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
Index: Python-3.10.12/Doc/library/email.utils.rst
Index: Python-3.10.13/Doc/library/email.utils.rst
===================================================================
--- Python-3.10.12.orig/Doc/library/email.utils.rst
+++ Python-3.10.12/Doc/library/email.utils.rst
--- Python-3.10.13.orig/Doc/library/email.utils.rst
+++ Python-3.10.13/Doc/library/email.utils.rst
@@ -67,11 +67,6 @@ of the new API.
*email address* parts. Returns a tuple of that information, unless the parse
fails, in which case a 2-tuple of ``('', '')`` is returned.
@ -70,10 +70,10 @@ Index: Python-3.10.12/Doc/library/email.utils.rst
.. function:: parsedate(date)
Index: Python-3.10.12/Lib/email/utils.py
Index: Python-3.10.13/Lib/email/utils.py
===================================================================
--- Python-3.10.12.orig/Lib/email/utils.py
+++ Python-3.10.12/Lib/email/utils.py
--- Python-3.10.13.orig/Lib/email/utils.py
+++ Python-3.10.13/Lib/email/utils.py
@@ -106,54 +106,12 @@ def formataddr(pair, charset='utf-8'):
return address
@ -154,10 +154,10 @@ Index: Python-3.10.12/Lib/email/utils.py
return addrs[0]
Index: Python-3.10.12/Lib/test/test_email/test_email.py
Index: Python-3.10.13/Lib/test/test_email/test_email.py
===================================================================
--- Python-3.10.12.orig/Lib/test/test_email/test_email.py
+++ Python-3.10.12/Lib/test/test_email/test_email.py
--- Python-3.10.13.orig/Lib/test/test_email/test_email.py
+++ Python-3.10.13/Lib/test/test_email/test_email.py
@@ -3288,90 +3288,32 @@ Foo
[('Al Person', 'aperson@dom.ain'),
('Bud Person', 'bperson@dom.ain')])
@ -268,10 +268,10 @@ Index: Python-3.10.12/Lib/test/test_email/test_email.py
def test_getaddresses_embedded_comment(self):
"""Test proper handling of a nested comment"""
Index: Python-3.10.12/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
Index: Python-3.10.13/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
===================================================================
--- Python-3.10.12.orig/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
+++ Python-3.10.12/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
--- Python-3.10.13.orig/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
+++ Python-3.10.13/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
@@ -1,3 +1,8 @@
+Reverted the :mod:`email.utils` security improvement change released in
+3.12beta4 that unintentionally caused :mod:`email.utils.getaddresses` to fail

3117
fix-sphinx-72.patch Normal file

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Mon Sep 4 13:18:29 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
- Add fix-sphinx-72.patch to make it work with latest sphinx version
gh#python/cpython#97950
- Update to 3.10.13:
- gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included
protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.
Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
Gregory P. Smith.
- gh-107845: tarfile.data_filter() now takes the location of
symlinks into account when determining their target, so it will no
longer reject some valid tarballs with
LinkOutsideDestinationError.
- gh-107565: Update multissltests and GitHub CI workflows to use
OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
- gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
*consumed was not set.
-------------------------------------------------------------------
Thu Aug 3 14:13:30 UTC 2023 - Matej Cepl <mcepl@suse.com>

View File

@ -103,7 +103,7 @@ Obsoletes: python39%{?1:-%{1}}
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
Version: 3.10.12
Version: 3.10.13
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@ -180,6 +180,20 @@ Patch40: CVE-2023-27043-email-parsing-errors.patch
# PATCH-FIX-UPSTREAM Revert-gh105127-left-tests.patch bsc#1210638 mcepl@suse.com
# Partially revert previous patch
Patch41: Revert-gh105127-left-tests.patch
# PATCH-FIX-UPSTREAM fix-sphinx-72.patch gh#python/cpython#97950
# This is a patch with a lot of PR combined to make the doc work with
# sphinx 7.2
# This patch has the following github pull requests:
# * gh#python/cpython#104151
# * gh#python/cpython#104154
# * gh#python/cpython#104155
# * gh#python/cpython#104157
# * gh#python/cpython#104159
# * gh#python/cpython#104161
# * gh#python/cpython#104163
# * gh#python/cpython#104221
# * gh#python/cpython#107246
Patch42: fix-sphinx-72.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@ -455,6 +469,7 @@ other applications.
%patch39 -p1
%patch40 -p1
%patch41 -p1
%patch42 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac