diff --git a/CVE-2024-11168-validation-IPv6-addrs.patch b/CVE-2024-11168-validation-IPv6-addrs.patch deleted file mode 100644 index 7f1d4fb..0000000 --- a/CVE-2024-11168-validation-IPv6-addrs.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 37bc08c699f48461be5e000b2da9212237a1ca0f Mon Sep 17 00:00:00 2001 -From: JohnJamesUtley -Date: Tue, 25 Apr 2023 16:01:03 -0400 -Subject: [PATCH 1/4] Adds checks to ensure that bracketed hosts found by - urlsplit are of IPv6 or IPvFuture format - ---- - Lib/test/test_urlparse.py | 26 ++++++++++ - Lib/urllib/parse.py | 16 +++++- - Misc/NEWS.d/next/Library/2023-04-26-09-54-25.gh-issue-103848.aDSnpR.rst | 2 - 3 files changed, 43 insertions(+), 1 deletion(-) - create mode 100644 Misc/NEWS.d/next/Library/2023-04-26-09-54-25.gh-issue-103848.aDSnpR.rst - ---- a/Lib/test/test_urlparse.py -+++ b/Lib/test/test_urlparse.py -@@ -1138,6 +1138,32 @@ class UrlParseTestCase(unittest.TestCase - self.assertEqual(p2.scheme, 'tel') - self.assertEqual(p2.path, '+31641044153') - -+ def test_invalid_bracketed_hosts(self): -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[192.0.2.146]/Path?Query') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[important.com:8000]/Path?Query') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[v123r.IP]/Path?Query') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[v12ae]/Path?Query') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[v.IP]/Path?Query') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[v123.]/Path?Query') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[v]/Path?Query') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path') -+ -+ def test_splitting_bracketed_hosts(self): -+ p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query') -+ self.assertEqual(p1.hostname, 'v6a.ip') -+ self.assertEqual(p1.username, 'user') -+ self.assertEqual(p1.path, '/path') -+ p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query') -+ self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test') -+ self.assertEqual(p2.username, 'user') -+ self.assertEqual(p2.path, '/path') -+ p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query') -+ self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test') -+ self.assertEqual(p3.username, 'user') -+ self.assertEqual(p3.path, '/path') -+ - def test_port_casting_failure_message(self): - message = "Port could not be cast to integer value as 'oracle'" - p1 = urllib.parse.urlparse('http://Server=sde; Service=sde:oracle') ---- a/Lib/urllib/parse.py -+++ b/Lib/urllib/parse.py -@@ -36,6 +36,7 @@ import sys - import types - import collections - import warnings -+import ipaddress - - __all__ = ["urlparse", "urlunparse", "urljoin", "urldefrag", - "urlsplit", "urlunsplit", "urlencode", "parse_qs", -@@ -441,6 +442,17 @@ def _checknetloc(netloc): - raise ValueError("netloc '" + netloc + "' contains invalid " + - "characters under NFKC normalization") - -+# Valid bracketed hosts are defined in -+# https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/ -+def _check_bracketed_host(hostname): -+ if hostname.startswith('v'): -+ if not re.match(r"\Av[a-fA-F0-9]+\..+\Z", hostname): -+ raise ValueError(f"IPvFuture address is invalid") -+ else: -+ ip = ipaddress.ip_address(hostname) # Throws Value Error if not IPv6 or IPv4 -+ if isinstance(ip, ipaddress.IPv4Address): -+ raise ValueError(f"An IPv4 address cannot be in brackets") -+ - def urlsplit(url, scheme='', allow_fragments=True): - """Parse a URL into 5 components: - :///?# -@@ -487,12 +499,14 @@ def urlsplit(url, scheme='', allow_fragm - break - else: - scheme, url = url[:i].lower(), url[i+1:] -- - if url[:2] == '//': - netloc, url = _splitnetloc(url, 2) - if (('[' in netloc and ']' not in netloc) or - (']' in netloc and '[' not in netloc)): - raise ValueError("Invalid IPv6 URL") -+ if '[' in netloc and ']' in netloc: -+ bracketed_host = netloc.partition('[')[2].partition(']')[0] -+ _check_bracketed_host(bracketed_host) - if allow_fragments and '#' in url: - url, fragment = url.split('#', 1) - if '?' in url: ---- /dev/null -+++ b/Misc/NEWS.d/next/Library/2023-04-26-09-54-25.gh-issue-103848.aDSnpR.rst -@@ -0,0 +1,2 @@ -+Add checks to ensure that ``[`` bracketed ``]`` hosts found by -+:func:`urllib.parse.urlsplit` are of IPv6 or IPvFuture format. diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch deleted file mode 100644 index 93f30e1..0000000 --- a/CVE-2024-9287-venv_path_unquoted.patch +++ /dev/null @@ -1,296 +0,0 @@ -From 21139b45039a72e8346bdc32d498345ef174ba92 Mon Sep 17 00:00:00 2001 -From: Victor Stinner -Date: Fri, 1 Nov 2024 14:11:47 +0100 -Subject: [PATCH] [3.11] gh-124651: Quote template strings in `venv` activation - scripts (GH-124712) (GH-126185) (#126269) - -(cherry picked from commit ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97) ---- - Lib/test/test_venv.py | 81 ++++++++++ - Lib/venv/__init__.py | 42 ++++- - Lib/venv/scripts/common/activate | 8 - Lib/venv/scripts/nt/activate.bat | 6 - Lib/venv/scripts/posix/activate.csh | 8 - Lib/venv/scripts/posix/activate.fish | 8 - Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 - 7 files changed, 134 insertions(+), 20 deletions(-) - create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst - ---- a/Lib/test/test_venv.py -+++ b/Lib/test/test_venv.py -@@ -15,6 +15,7 @@ import struct - import subprocess - import sys - import tempfile -+import shlex - from test.support import (captured_stdout, captured_stderr, requires_zlib, - skip_if_broken_multiprocessing_synchronize) - from test.support.os_helper import (can_symlink, EnvironmentVarGuard, rmtree) -@@ -85,6 +86,10 @@ class BaseTest(unittest.TestCase): - result = f.read() - return result - -+ def assertEndsWith(self, string, tail): -+ if not string.endswith(tail): -+ self.fail(f"String {string!r} does not end with {tail!r}") -+ - class BasicTest(BaseTest): - """Test venv module functionality.""" - -@@ -342,6 +347,82 @@ class BasicTest(BaseTest): - 'import sys; print(sys.executable)']) - self.assertEqual(out.strip(), envpy.encode()) - -+ # gh-124651: test quoted strings -+ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') -+ def test_special_chars_bash(self): -+ """ -+ Test that the template strings are quoted properly (bash) -+ """ -+ rmtree(self.env_dir) -+ bash = shutil.which('bash') -+ if bash is None: -+ self.skipTest('bash required for this test') -+ env_name = '"\';&&$e|\'"' -+ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) -+ builder = venv.EnvBuilder(clear=True) -+ builder.create(env_dir) -+ activate = os.path.join(env_dir, self.bindir, 'activate') -+ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') -+ with open(test_script, "w") as f: -+ f.write(f'source {shlex.quote(activate)}\n' -+ 'python -c \'import sys; print(sys.executable)\'\n' -+ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' -+ 'deactivate\n') -+ out, err = check_output([bash, test_script]) -+ lines = out.splitlines() -+ self.assertTrue(env_name.encode() in lines[0]) -+ self.assertEndsWith(lines[1], env_name.encode()) -+ -+ # gh-124651: test quoted strings -+ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') -+ def test_special_chars_csh(self): -+ """ -+ Test that the template strings are quoted properly (csh) -+ """ -+ rmtree(self.env_dir) -+ csh = shutil.which('tcsh') or shutil.which('csh') -+ if csh is None: -+ self.skipTest('csh required for this test') -+ env_name = '"\';&&$e|\'"' -+ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) -+ builder = venv.EnvBuilder(clear=True) -+ builder.create(env_dir) -+ activate = os.path.join(env_dir, self.bindir, 'activate.csh') -+ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') -+ with open(test_script, "w") as f: -+ f.write(f'source {shlex.quote(activate)}\n' -+ 'python -c \'import sys; print(sys.executable)\'\n' -+ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' -+ 'deactivate\n') -+ out, err = check_output([csh, test_script]) -+ lines = out.splitlines() -+ self.assertTrue(env_name.encode() in lines[0]) -+ self.assertEndsWith(lines[1], env_name.encode()) -+ -+ # gh-124651: test quoted strings on Windows -+ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') -+ def test_special_chars_windows(self): -+ """ -+ Test that the template strings are quoted properly on Windows -+ """ -+ rmtree(self.env_dir) -+ env_name = "'&&^$e" -+ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) -+ builder = venv.EnvBuilder(clear=True) -+ builder.create(env_dir) -+ activate = os.path.join(env_dir, self.bindir, 'activate.bat') -+ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') -+ with open(test_batch, "w") as f: -+ f.write('@echo off\n' -+ f'"{activate}" & ' -+ f'{self.exe} -c "import sys; print(sys.executable)" & ' -+ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' -+ 'deactivate') -+ out, err = check_output([test_batch]) -+ lines = out.splitlines() -+ self.assertTrue(env_name.encode() in lines[0]) -+ self.assertEndsWith(lines[1], env_name.encode()) -+ - @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') - def test_unicode_in_batch_file(self): - """ ---- a/Lib/venv/__init__.py -+++ b/Lib/venv/__init__.py -@@ -11,6 +11,7 @@ import subprocess - import sys - import sysconfig - import types -+import shlex - - - CORE_VENV_DEPS = ('pip', 'setuptools') -@@ -364,11 +365,41 @@ class EnvBuilder: - :param context: The information for the environment creation request - being processed. - """ -- text = text.replace('__VENV_DIR__', context.env_dir) -- text = text.replace('__VENV_NAME__', context.env_name) -- text = text.replace('__VENV_PROMPT__', context.prompt) -- text = text.replace('__VENV_BIN_NAME__', context.bin_name) -- text = text.replace('__VENV_PYTHON__', context.env_exe) -+ replacements = { -+ '__VENV_DIR__': context.env_dir, -+ '__VENV_NAME__': context.env_name, -+ '__VENV_PROMPT__': context.prompt, -+ '__VENV_BIN_NAME__': context.bin_name, -+ '__VENV_PYTHON__': context.env_exe, -+ } -+ -+ def quote_ps1(s): -+ """ -+ This should satisfy PowerShell quoting rules [1], unless the quoted -+ string is passed directly to Windows native commands [2]. -+ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules -+ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters -+ """ -+ s = s.replace("'", "''") -+ return f"'{s}'" -+ -+ def quote_bat(s): -+ return s -+ -+ # gh-124651: need to quote the template strings properly -+ quote = shlex.quote -+ script_path = context.script_path -+ if script_path.endswith('.ps1'): -+ quote = quote_ps1 -+ elif script_path.endswith('.bat'): -+ quote = quote_bat -+ else: -+ # fallbacks to POSIX shell compliant quote -+ quote = shlex.quote -+ -+ replacements = {key: quote(s) for key, s in replacements.items()} -+ for key, quoted in replacements.items(): -+ text = text.replace(key, quoted) - return text - - def install_scripts(self, context, path): -@@ -408,6 +439,7 @@ class EnvBuilder: - with open(srcfile, 'rb') as f: - data = f.read() - if not srcfile.endswith(('.exe', '.pdb')): -+ context.script_path = srcfile - try: - data = data.decode('utf-8') - data = self.replace_variables(data, context) ---- a/Lib/venv/scripts/common/activate -+++ b/Lib/venv/scripts/common/activate -@@ -38,11 +38,11 @@ deactivate () { - # unset irrelevant variables - deactivate nondestructive - --VIRTUAL_ENV="__VENV_DIR__" -+VIRTUAL_ENV=__VENV_DIR__ - export VIRTUAL_ENV - - _OLD_VIRTUAL_PATH="$PATH" --PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" -+PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" - export PATH - - # unset PYTHONHOME if set -@@ -55,9 +55,9 @@ fi - - if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then - _OLD_VIRTUAL_PS1="${PS1:-}" -- PS1="__VENV_PROMPT__${PS1:-}" -+ PS1=__VENV_PROMPT__"${PS1:-}" - export PS1 -- VIRTUAL_ENV_PROMPT="__VENV_PROMPT__" -+ VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ - export VIRTUAL_ENV_PROMPT - fi - ---- a/Lib/venv/scripts/nt/activate.bat -+++ b/Lib/venv/scripts/nt/activate.bat -@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE ( - "%SystemRoot%\System32\chcp.com" 65001 > nul - ) - --set VIRTUAL_ENV=__VENV_DIR__ -+set "VIRTUAL_ENV=__VENV_DIR__" - - if not defined PROMPT set PROMPT=$P$G - -@@ -24,8 +24,8 @@ set PYTHONHOME= - if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH% - if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH% - --set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH% --set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ -+set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%" -+set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__" - - :END - if defined _OLD_CODEPAGE ( ---- a/Lib/venv/scripts/posix/activate.csh -+++ b/Lib/venv/scripts/posix/activate.csh -@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA - # Unset irrelevant variables. - deactivate nondestructive - --setenv VIRTUAL_ENV "__VENV_DIR__" -+setenv VIRTUAL_ENV __VENV_DIR__ - - set _OLD_VIRTUAL_PATH="$PATH" --setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" -+setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" - - - set _OLD_VIRTUAL_PROMPT="$prompt" - - if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then -- set prompt = "__VENV_PROMPT__$prompt" -- setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" -+ set prompt = __VENV_PROMPT__"$prompt" -+ setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__ - endif - - alias pydoc python -m pydoc ---- a/Lib/venv/scripts/posix/activate.fish -+++ b/Lib/venv/scripts/posix/activate.fish -@@ -33,10 +33,10 @@ end - # Unset irrelevant variables. - deactivate nondestructive - --set -gx VIRTUAL_ENV "__VENV_DIR__" -+set -gx VIRTUAL_ENV __VENV_DIR__ - - set -gx _OLD_VIRTUAL_PATH $PATH --set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH -+set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH - - # Unset PYTHONHOME if set. - if set -q PYTHONHOME -@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" - set -l old_status $status - - # Output the venv prompt; color taken from the blue of the Python logo. -- printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal) -+ printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal) - - # Restore the return status of the previous command. - echo "exit $old_status" | . -@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" - end - - set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" -- set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" -+ set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__ - end ---- /dev/null -+++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst -@@ -0,0 +1 @@ -+Properly quote template strings in :mod:`venv` activation scripts. diff --git a/Python-3.10.15.tar.xz b/Python-3.10.15.tar.xz deleted file mode 100644 index a9c70e6..0000000 --- a/Python-3.10.15.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:aab0950817735172601879872d937c1e4928a57c409ae02369ec3d91dccebe79 -size 19596540 diff --git a/Python-3.10.15.tar.xz.asc b/Python-3.10.15.tar.xz.asc deleted file mode 100644 index 315072a..0000000 --- a/Python-3.10.15.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbboS8ACgkQ/+h0BBaL -2Ecc7BAAmdd+jqs4mNpJg58HgOnLIx3hVBrzn1kyI9AkbxfFGGfm3Gg9Exa/dIph -m1Bt8FogUqOxFnEsFBFTgxh49TCDiUDFzTWYWcrbhtodGFywCmr+0ha6CuEcuuFa -hL0qV7sIJRoVzcdPU6pHh4OcDtdLR0Ws27WiMilrpquw/sWztIiueASZn/kehToD -XM1RTcFtaJeO++cp2tECXRrTU79lzsdpRY/DOyUWWJmLFv0GdrKi4bszKhcYK8x7 -qKleGklFf6AzhGT1A91cRyQ6AEcD3Vnp1Or+agJUwxA0hVuyw6cEmf0+VONqwDMe -M/5bz8xgt6kopfz48mrTJhHg24+6wt6b4kQgwrtUoyucgb+k7ThzwgCj+Wg/Z0Pz -/S+M1hF7I0Ot/PFA3LH5QJADM7nsw5+Rkl68HqQp7s8O9RddPHpCILDIM/AUkUu+ -Xn/1MgPdhhTnA5elyZ2DDDtETUugNu5RILrIRoKonHsZtOQOpOERzUdbzEHCuLv5 -AunaLPWrvxXtEJUKLmyOUfYoI35Gw3/gHYyKTSmo4C1SMYUjke++N7c6vbsvroRG -aUQa/TdAf71zz/r6lHg0vYt+D5FlmFJzB8gCmt6ewKJAO82ls3rr0XjmD1w58sXV -kuwy+53MopEaI1I4D6qIMq/XxNnU2Q63sqKaai8Emx1Yw28Csvw= -=f/SR ------END PGP SIGNATURE----- diff --git a/Python-3.10.16.tar.xz b/Python-3.10.16.tar.xz new file mode 100644 index 0000000..46fb1eb --- /dev/null +++ b/Python-3.10.16.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bfb249609990220491a1b92850a07135ed0831e41738cf681d63cf01b2a8fbd1 +size 19610392 diff --git a/Python-3.10.16.tar.xz.sigstore b/Python-3.10.16.tar.xz.sigstore new file mode 100644 index 0000000..b0fe16f --- /dev/null +++ b/Python-3.10.16.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlKgAwIBAgIUH4wr+RBSLHxmoLeVWQFWtLrOickwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgzMzQ0WhcNMjQxMjAzMTg0MzQ0WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDu7neWfjmWCoWs4toOwMe5ZS5m/Qod/IAYGdai04Qjx+fJ2JKIML8OXa376wmCRg+1mE5N75M5g55sjeH6AW5KOCAXEwggFtMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUVxcoODLOP6ce+ffWUlBZ8dQpAtAwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjcy6WQAABAMARjBEAiAWKkpOltF6fngTPFPiPrjo6Mnx7DvjTjhy+I9C8a1E8AIgDFHJXkaNO/cRHZCEycDJfdcJrMlDEI+iTAc9GbhJreMwCgYIKoZIzj0EAwMDaAAwZQIwRlcLZ+KTrMXkSOqoeZkRtIMzrMhiRvjoMfcYt7d3zX+t+fDtaywsYIu0WSWNtwLuAjEAk1LM0s1c13zn/l9B9I8YMDJxCiUY2ed5AK523TIy75cmH+IYO7XODOD86YSkytvS"}, "tlogEntries": [{"logIndex": "153123526", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733250825", "inclusionPromise": {"signedEntryTimestamp": "MEUCIBb+3OGEfIJgweBH+795X/kmenmW5L6lzTaW5mU9DN++AiEAni2MKnETeAsGhc8u0W/Y5AuhYKd14TdRvoUw/bWhzjs="}, "inclusionProof": {"logIndex": "31219264", "rootHash": "EEDRbQekcBvIu2A3f37wAtzpj3Tu+lPYLi9AUyS4FBY=", "treeSize": "31219265", "hashes": ["jy1RZw1zMvGOhV5pYK21mUnw/3hfyXoogDNhzfMT8uA=", "t7CZ1TCAQBidKeIL1f3M7Y3VwBYB2DQeG1Sp8X8Mepc=", "LIvgEWJ5UP1rLp6WPJ2TzjrHAa5MpLpXOdj/yoZvLcM=", "XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=", "go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31219265\nEEDRbQekcBvIu2A3f37wAtzpj3Tu+lPYLi9AUyS4FBY=\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiAnUUia2onArhzOpQclqAm9wBFu32/qoYagpd3PkWeELgIhAPUWvc2y6UP8V2I/ABP9HtsQi208X3nuSI8xunycnmZl\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJiZmIyNDk2MDk5OTAyMjA0OTFhMWI5Mjg1MGEwNzEzNWVkMDgzMWU0MTczOGNmNjgxZDYzY2YwMWIyYThmYmQxIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUUQyYW4xbTUvSWl4clZsYVlpcUMxQmpuamc3eG55MTBxVWw5WHhIM2hJSkNRSWhBS1l4YzRNeTNYTndscEdEU25QTTBjU1gxM3ljMGNnN3BTVVZCS2RrOHZMaiIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4TFowRjNTVUpCWjBsVlNEUjNjaXRTUWxOTVNIaHRiMHhsVmxkUlJsZDBUSEpQYVdOcmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDZUWHBSTUZkb1kwNU5hbEY0VFdwQmVrMVVaekJOZWxFd1YycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZFZFRkdVpWZG1hbTFYUTI5WGN6UjBiMDkzVFdVMVdsTTFiUzlSYjJRdlNVRlpSMlFLWVdrd05GRnFlQ3RtU2pKS1MwbE5URGhQV0dFek56WjNiVU5TWnlzeGJVVTFUamMxVFRWbk5UVnphbVZJTmtGWE5VdFBRMEZZUlhkblowWjBUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZXZUdOdkNrOUVURTlRTm1ObEsyWm1WMVZzUWxvNFpGRndRWFJCZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRLUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJYzBVS1pWRkNNMEZJVlVFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZM2syVjFGQlFRcENRVTFCVW1wQ1JVRnBRVmRMYTNCUGJIUkdObVp1WjFSUVJsQnBVSEpxYnpaTmJuZzNSSFpxVkdwb2VTdEpPVU00WVRGRk9FRkpaMFJHU0VwWWEyRk9Dazh2WTFKSVdrTkZlV05FU21aa1kwcHlUV3hFUlVrcmFWUkJZemxIWW1oS2NtVk5kME5uV1VsTGIxcEplbW93UlVGM1RVUmhRVUYzV2xGSmQxSnNZMHdLV2l0TFZISk5XR3RUVDNGdlpWcHJVblJKVFhweVRXaHBVblpxYjAxbVkxbDBOMlF6ZWxncmRDdG1SSFJoZVhkeldVbDFNRmRUVjA1MGQweDFRV3BGUVFwck1VeE5NSE14WXpFemVtNHZiRGxDT1VrNFdVMUVTbmhEYVZWWk1tVmtOVUZMTlRJelZFbDVOelZqYlVnclNWbFBOMWhQUkU5RU9EWlpVMnQ1ZEhaVENpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "v7JJYJmQIgSRobkoUKBxNe0IMeQXOM9oHWPPAbKo+9E="}, "signature": "MEYCIQD2an1m5/IixrVlaYiqC1Bjnjg7xny10qUl9XxH3hIJCQIhAKYxc4My3XNwlpGDSnPM0cSX13yc0cg7pSUVBKdk8vLj"}} diff --git a/python310.changes b/python310.changes index 41ecc0a..1571a67 100644 --- a/python310.changes +++ b/python310.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Wed Dec 4 21:23:20 UTC 2024 - Matej Cepl + +- Update to 3.10.16: + - Tests + - gh-125041: Re-enable skipped tests for zlib on the + s390x architecture: only skip checks of the compressed + bytes, which can be different between zlib’s software + implementation and the hardware-accelerated implementation. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS + mode. Use a longer key: FIPS mode requires at least of at + least 112 bits. The previous key was only 32 bits. Patch by + Victor Stinner. + - Security + - gh-126623: Upgrade libexpat to 2.6.4 + - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to + consistently use the mapped IPv4 address value for deciding + properties. Properties which have their behavior fixed are + is_multicast, is_reserved, is_link_local, is_global, and + is_unspecified (bsc#1233307, CVE-2024-11168). + - Library + - gh-124651: Properly quote template strings in venv + activation scripts (bsc#1232241, CVE-2024-9287). + - gh-103848: Add checks to ensure that [ bracketed ] hosts + found by urllib.parse.urlsplit() are of IPv6 or IPvFuture + format. +- Removed upstreamed patches: + - CVE-2024-9287-venv_path_unquoted.patch + - CVE-2024-11168-validation-IPv6-addrs.patch + ------------------------------------------------------------------- Thu Nov 14 07:06:20 UTC 2024 - Matej Cepl diff --git a/python310.spec b/python310.spec index 4ec7a9b..a84a6f7 100644 --- a/python310.spec +++ b/python310.spec @@ -108,13 +108,13 @@ Obsoletes: python39%{?1:-%{1}} # _md5.cpython-38m-x86_64-linux-gnu.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so Name: %{python_pkg_name}%{psuffix} -Version: 3.10.15 +Version: 3.10.16 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 URL: https://www.python.org/ Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz -Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore Source2: baselibs.conf Source3: README.SUSE Source7: macros.python3 @@ -204,12 +204,6 @@ Patch27: gh120226-fix-sendfile-test-kernel-610.patch # PATCH-FIX-UPSTREAM sphinx-802.patch mcepl@suse.com # status_iterator method moved between the Sphinx versions Patch28: sphinx-802.patch -# PATCH-FIX-UPSTREAM CVE-2024-9287-venv_path_unquoted.patch gh#python/cpython#124651 mcepl@suse.com -# venv should properly quote path names provided when creating a venv -Patch29: CVE-2024-9287-venv_path_unquoted.patch -# PATCH-FIX-UPSTREAM CVE-2024-11168-validation-IPv6-addrs.patch bsc#1233307 mcepl@suse.com -# improve validation of IPv6 and IPvFuture addresses in urlparse and urlsplit -Patch30: CVE-2024-11168-validation-IPv6-addrs.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -493,8 +487,6 @@ other applications. %patch -p1 -P 24 %patch -p1 -P 27 %patch -p1 -P 28 -%patch -p1 -P 29 -%patch -p1 -P 30 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac