Commit Graph

  • 380ee9e726 Accepting request 1297169 from devel:languages:python:Factory factory Dominique Leuenberger 2025-08-03 11:37:52 +00:00
  • 89e9323f9a Upstream patch depended unnecessarily on archiver_tests module, which is not in 3.10.* devel Matej Cepl 2025-08-02 15:54:24 +00:00
  • 0bb8457130 update the patch Matej Cepl 2025-08-01 20:22:59 +00:00
  • 4d0e8ae006 - Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now validates archives to ensure member offsets are non-negative (gh#python/cpython#130577, CVE-2025-8194, bsc#1247249). Matej Cepl 2025-08-01 20:20:01 +00:00
  • a1677ef90d Accepting request 1290033 from devel:languages:python:Factory Ana Guerrero 2025-07-03 10:10:49 +00:00
  • 21d02acf4f - Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). Matej Cepl 2025-07-02 16:01:11 +00:00
  • e00f14a3f1 Accepting request 1288601 from devel:languages:python:Factory Ana Guerrero 2025-06-26 09:39:54 +00:00
  • 868e16eab8 Also addresses CVE-2025-4435 (gh#135034, bsc#1244061). Matej Cepl 2025-06-25 20:02:08 +00:00
  • 0ae2dc2f69 Accepting request 1284259 from devel:languages:python:Factory Ana Guerrero 2025-06-10 10:24:40 +00:00
  • 5c156cd8cb - Update to 3.10.18: - Security - gh-135034: Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 (bsc#1244059), CVE-2025-4330 (bsc#1244060), and CVE-2025-4517 (bsc#1244032). - gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler (CVE-2025-4516, bsc#1243273). - gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. - Library - gh-128840: Fix parsing long IPv6 addresses with embedded IPv4 address. - gh-134062: ipaddress: fix collisions in __hash__() for IPv4Network and IPv6Network objects. - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output according to RFC 3596, §2.5. Patch by Bénédikt Tran. - bpo-43633: Improve the textual representation of IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2) in ipaddress. Patch by Oleksandr Pavliuk. - Remove upstreamed patches: - gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch - CVE-2025-4516-DecodeError-handler.patch Matej Cepl 2025-06-09 17:02:25 +00:00
  • 482cd35216 Accepting request 1281886 from devel:languages:python:Factory Ana Guerrero 2025-06-02 20:01:01 +00:00
  • 93e4904a2a Fix the changelog Matej Cepl 2025-05-30 15:58:10 +00:00
  • c1c3249a12 - Add CVE-2025-4516-DecodeError-handler.patch fixing CVE-2025-4516 (bsc#1243273) blocking DecodeError handling vulnerability, which could lead to DoS. Matej Cepl 2025-05-30 15:54:19 +00:00
  • 7ce49c06e4 remove trailing spaces Matej Cepl 2025-05-28 09:21:18 +00:00
  • 0ceefbe459 - Use extended %%autopatch Matej Cepl 2025-05-22 13:04:12 +00:00
  • 359236be54 Accepting request 1276661 from devel:languages:python:Factory Ana Guerrero 2025-05-12 14:50:28 +00:00
  • 03d327814d - Remove python-3.3.0b1-test-posix_fadvise.patch (not needed since kernel 3.6-rc1) Matej Cepl 2025-05-10 11:42:57 +00:00
  • 8576c1ee61 Accepting request 1270151 from devel:languages:python:Factory Ana Guerrero 2025-04-18 14:14:32 +00:00
  • 91bc0ccbd9 - Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch which makes test_ssl not to stop ThreadedEchoServer on OSError, which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067, gh#python/cpython!126572) Matej Cepl 2025-04-17 01:21:02 +00:00
  • ac296bbdef Accepting request 1269057 from devel:languages:python:Factory Ana Guerrero 2025-04-16 18:37:17 +00:00
  • d9086c0242 - Update to 3.10.17: - gh-131809: Update bundled libexpat to 2.7.1 - gh-131261: Upgrade to libexpat 2.7.0 - gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host parsing would not reject domain names containing square brackets ([ and ]). Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704). - gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed. - gh-80222: Fix bug in the folding of quoted strings when flattening an email message using a modern email policy. Previously when a quoted string was folded so that it spanned more than one line, the surrounding quotes and internal escapes would be omitted. This could theoretically be used to spoof header lines using a carefully constructed quoted string if the resulting rendered email was transmitted or re-parsed. - gh-119511: Fix a potential denial of service in the imaplib module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. On many systems this is harmless as unused virtual memory is only Matej Cepl 2025-04-11 08:15:51 +00:00
  • 6924207e1b Accepting request 1252710 from devel:languages:python:Factory Dominique Leuenberger 2025-03-16 17:58:01 +00:00
  • 39532d51a8 - Skip PGO with %want_reproducible_builds (bsc#1239210) Matej Cepl 2025-03-13 10:02:26 +00:00
  • 789fc8f6f5 Accepting request 1244096 from devel:languages:python:Factory Dominique Leuenberger 2025-02-09 18:59:00 +00:00
  • 18c5374a91 - Add CVE-2025-0938-sq-brackets-domain-names.patch which disallows square brackets ([ and ]) in domain names for parsed URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704) Matej Cepl 2025-02-06 21:23:12 +00:00
  • bca08c148c Accepting request 1228381 from devel:languages:python:Factory Ana Guerrero 2024-12-06 13:24:57 +00:00
  • fd35f5ac9e Fix SPEC Matej Cepl 2024-12-04 21:33:44 +00:00
  • 8a5d187b75 - Update to 3.10.16: - Tests - gh-125041: Re-enable skipped tests for zlib on the s390x architecture: only skip checks of the compressed bytes, which can be different between zlib’s software implementation and the hardware-accelerated implementation. - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a longer key: FIPS mode requires at least of at least 112 bits. The previous key was only 32 bits. Patch by Victor Stinner. - Security - gh-126623: Upgrade libexpat to 2.6.4 - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified (bsc#1233307, CVE-2024-11168). - Library - gh-124651: Properly quote template strings in venv activation scripts (bsc#1232241, CVE-2024-9287). - gh-103848: Add checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format. - Removed upstreamed patches: - CVE-2024-9287-venv_path_unquoted.patch - CVE-2024-11168-validation-IPv6-addrs.patch Matej Cepl 2024-12-04 21:28:34 +00:00
  • 98a593499c Accepting request 1227182 from devel:languages:python:Factory Ana Guerrero 2024-11-30 12:27:20 +00:00
  • 9a60aeb3ff - Apply sphinx-72.patch only conditionally for non-SLE-15 builds. Matej Cepl 2024-11-28 18:17:32 +00:00
  • cae840a2ef Accepting request 1224262 from devel:languages:python:Factory Ana Guerrero 2024-11-15 14:37:43 +00:00
  • 622f9d4446 - Remove -IVendor/ from python-config boo#1231795 Matej Cepl 2024-11-14 16:25:57 +00:00
  • 7ee50cc171 - Add CVE-2024-11168-validation-IPv6-addrs.patch fixing bsc#1233307 (CVE-2024-11168, gh#python/cpython#103848): Improper validation of IPv6 and IPvFuture addresses. Matej Cepl 2024-11-13 14:50:14 +00:00
  • 87b79dfb11 Accepting request 1221276 from devel:languages:python:Factory Ana Guerrero 2024-11-05 14:39:49 +00:00
  • fa752e2d67 - Update sphinx-72.patch to include renaming :noindex: option to :no-index: in Sphinx 7.2 (bsc#1232750). - While renaming drop fix-sphinx-72.patch. Matej Cepl 2024-11-04 21:51:43 +00:00
  • c683cd8edc Accepting request 1220124 from devel:languages:python:Factory Dominique Leuenberger 2024-11-03 06:16:58 +00:00
  • 2bd9540ae5 - Update CVE-2024-9287-venv_path_unquoted.patch according to the upstream PR gh#python/cpython!126301. Matej Cepl 2024-11-01 21:39:14 +00:00
  • c35476ebfa Update the patch Matej Cepl 2024-11-01 16:59:20 +00:00
  • dfc11afc70 Accepting request 1218122 from devel:languages:python:Factory Ana Guerrero 2024-10-25 17:19:04 +00:00
  • f9a24842ef - Add CVE-2024-9287-venv_path_unquoted.patch to properly quote path names provided when creating a virtual environment (bsc#1232241, CVE-2024-9287) Matej Cepl 2024-10-24 20:33:27 +00:00
  • 6d2af095f1 Fix the changelog Matej Cepl 2024-10-03 15:05:34 +00:00
  • ff4810a8a2 - Drop .pyc files from docdir for reproducible builds Matej Cepl 2024-10-02 16:22:51 +00:00
  • a4325ecaa9 Accepting request 1199711 from devel:languages:python:Factory Ana Guerrero 2024-09-18 13:26:05 +00:00
  • 805320f21a - Add sphinx-802.patch to overcome working both with the most recent and older Sphinx versions. Matej Cepl 2024-09-09 15:27:02 +00:00
  • 2999469a13 - Tests - gh-112769: The tests now correctly compare zlib version when :const:zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For example zlib-ng defines the version as `1.3.0.zlib-ng. - gh-117187: Fix XML tests for vanilla Expat <2.6.0. - gh-100454: Fix SSL tests CI for OpenSSL 3.1+ - Security - gh-123678: Upgrade libexpat to 2.6.3 - gh-121957: Fixed missing audit events around interactive use of Python, now also properly firing for python -i, as well as for python -m asyncio. The event in question is cpython.run_stdin. - gh-122133: Authenticate the socket connection for the socket.socketpair() fallback on platforms where AF_UNIX is not available like Windows. Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson <seth@python.org>. Reported by Ellie <el@horse64.org> - gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX, and GNU sparse headers (bsc#1230227, CVE-2024-6232). - gh-118486: :func:os.mkdir on Windows now accepts *mode* of 0o700 to restrict the new directory to the current user. This fixes CVE-2024-4030 affecting :func:tempfile.mkdtemp in scenarios where the base temporary directory is more permissive than the default. - gh-116741: Update bundled libexpat to 2.6.2 - Library - gh-123693: Use platform-agnostic behavior when computing zipfile.Path.name`. Matej Cepl 2024-09-09 14:17:15 +00:00
  • 0f267ba848 - Update to 3.10.15: - Remove upstreamed patches: - CVE-2023-27043-email-parsing-errors.patch - CVE-2024-4032-private-IP-addrs.patch - CVE-2024-6923-email-hdr-inject.patch - CVE-2024-8088-inf-loop-zipfile_Path.patch Matej Cepl 2024-09-09 13:51:57 +00:00
  • 50fc7d4d42 - Add gh120226-fix-sendfile-test-kernel-610.patch to avoid failing test_sendfile_close_peer_in_the_middle_of_receiving tests on Linux >= 6.10 (GH-120227). Matej Cepl 2024-09-02 12:12:17 +00:00
  • b05afb7bf2 Accepting request 1197437 from devel:languages:python:Factory Dominique Leuenberger 2024-08-30 11:29:22 +00:00
  • eb0f4f61b0 Update patch Matej Cepl 2024-08-29 12:14:10 +00:00
  • be25887dfa - Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, CVE-2024-8088). Matej Cepl 2024-08-29 12:04:00 +00:00
  • b0e622c8e8 Accepting request 1192675 from devel:languages:python:Factory Dominique Leuenberger 2024-08-10 17:06:06 +00:00
  • ca334cc307 - Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 adding reproducibility patches from gh#python/cpython!121872 and gh#python/cpython!121883. Matej Cepl 2024-08-07 20:30:36 +00:00
  • a5c76344b0 - Add CVE-2024-6923-email-hdr-inject.patch to prevent email header injection due to unquoted newlines (bsc#1228780, CVE-2024-6923). - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) - Update bluez-devel-vendor.tar.xz Matej Cepl 2024-08-07 15:06:12 +00:00
  • 6af8f5b52d Accepting request 1189131 from devel:languages:python:Factory Dominique Leuenberger 2024-07-24 13:33:10 +00:00
  • 351afad84b - Remove %suse_update_desktop_file macro as it is not useful any more. Matej Cepl 2024-07-22 21:25:49 +00:00
  • 57b3bbe7c5 - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). Matej Cepl 2024-07-15 12:15:29 +00:00
  • f7b7d9f2f6 Accepting request 1185398 from devel:languages:python:Factory Ana Guerrero 2024-07-05 17:45:12 +00:00
  • ef3a96a70c Accepting request 1184844 from home:dgarcia:usr-local-cpython Matej Cepl 2024-07-04 13:17:05 +00:00
  • 9fdf5d0b2c Accepting request 1183503 from devel:languages:python:Factory Ana Guerrero 2024-06-29 13:16:42 +00:00
  • b062a97a85 - Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 (CVE-2024-4032) rearranging definition of private v global IP addresses. Matej Cepl 2024-06-25 22:17:11 +00:00
  • 346624a8d5 Accepting request 1182484 from devel:languages:python:Factory Ana Guerrero 2024-06-24 18:50:16 +00:00
  • 50f46d2e31 across multiple threads (bsc#1226447, CVE-2024-0397) Matej Cepl 2024-06-21 13:27:20 +00:00
  • 1f90dc5291 - Remove old-libexpat.patch, of course. Matej Cepl 2024-06-21 09:50:19 +00:00
  • 31dd9389f8 - Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with patched libexpat below 2.6.0 that doesn't update the version number, just in SLE. Matej Cepl 2024-06-21 09:49:34 +00:00
  • 78324fb6c5 Redownload sources Matej Cepl 2024-04-18 15:36:23 +00:00
  • ccf2930393 Accepting request 1161074 from devel:languages:python:Factory Ana Guerrero 2024-03-26 18:24:42 +00:00
  • 46b4064b47 - Add old-libexpat.patch making the test suite work with libexpat < 2.6.0 (gh#python/cpython#117187). Matej Cepl 2024-03-24 01:15:19 +00:00
  • 949104af99 - Because of bsc#1189495 we have to revert use of %autopatch. Matej Cepl 2024-03-22 21:18:18 +00:00
  • 17f54b09e3 Fix *.changes Matej Cepl 2024-03-22 09:01:33 +00:00
  • f508bcd9bd Fix *.changes Matej Cepl 2024-03-21 20:16:09 +00:00
  • 78ff6e46e1 - libexpat260.patch Matej Cepl 2024-03-21 18:48:55 +00:00
  • c9951abf64 Fix *.changes Matej Cepl 2024-03-21 16:46:39 +00:00
  • 041ff70f73 - Update 3.10.14: - gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0 to address CVE-2023-52425, and control of the new reparse deferral functionality was exposed with new APIs - gh-109858: zipfile is now protected from the “quoted-overlap” zipbomb to address CVE-2024-0450. It now raises BadZipFile when attempting to read an entry that overlaps with another entry or central directory - gh-91133: tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when working around file system permission errors to address CVE-2023-6597 - gh-115197: urllib.request no longer resolves the hostname before checking it against the system’s proxy bypass list on macOS and Windows - gh-81194: a crash in socket.if_indextoname() with a specific value (UINT_MAX) was fixed. Relatedly, an integer overflow in socket.if_indextoname() on 64-bit non-Windows platforms was fixed - gh-113659: .pth files with names starting with a dot or containing the hidden file attribute are now skipped - gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer read out of bounds - gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads - Remove upstreamed patches: - CVE-2023-6597-TempDir-cleaning-symlink.patch - Port to %autosetup and %autopatch. Matej Cepl 2024-03-21 16:45:30 +00:00
  • a358b6b1ec Accepting request 1157645 from devel:languages:python:Factory Ana Guerrero 2024-03-14 16:42:36 +00:00
  • 9d2100328b Accepting request 1155683 from home:pmonrealgonzalez:branches:devel:languages:python:Factory Matej Cepl 2024-03-06 21:50:46 +00:00
  • fb64581e60 Accepting request 1153061 from devel:languages:python:Factory Dominique Leuenberger 2024-03-01 22:34:08 +00:00
  • 9713a81b12 Fix the patch Matej Cepl 2024-02-29 01:27:25 +00:00
  • ec6474e9bc - (bsc#1219666, CVE-2023-6597) Add CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from gh#python/cpython!99930) fixing symlink bug in cleanup of tempfile.TemporaryDirectory. Matej Cepl 2024-02-28 23:32:27 +00:00
  • f660687d3f Accepting request 1152786 from devel:languages:python:Factory Ana Guerrero 2024-02-28 18:44:32 +00:00
  • 3711a039e6 - Remove double definition of /usr/bin/idle%%{version} in %%files. Matej Cepl 2024-02-20 22:16:34 +00:00
  • f2acc64a8c Accepting request 1146869 from devel:languages:python:Factory Ana Guerrero 2024-02-15 19:59:20 +00:00
  • 951fa01e4b Accepting request 1146817 from home:dgarcia:branches:devel:languages:python:Factory Matej Cepl 2024-02-15 14:36:25 +00:00
  • 9168347d4a - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. Matej Cepl 2024-02-12 13:18:00 +00:00
  • 83a7da7040 Accepting request 1110597 from devel:languages:python:Factory Ana Guerrero 2023-09-12 19:02:42 +00:00
  • dc236e4d07 - Link to CVE-2023-40217 bug report in changelog, bsc#1214692 Daniel Garcia 2023-09-05 11:37:11 +00:00
  • 044091027d Accepting request 1108911 from devel:languages:python:Factory Ana Guerrero 2023-09-04 20:52:31 +00:00
  • 310cd89462 Accepting request 1108888 from home:dgarcia:branches:devel:languages:python:Factory Dirk Mueller 2023-09-04 15:07:39 +00:00
  • 9708415de3 Accepting request 1102193 from devel:languages:python:Factory Dominique Leuenberger 2023-08-06 14:29:12 +00:00
  • 4a7871d409 - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. Matej Cepl 2023-08-03 14:14:37 +00:00
  • 0d124ed5f4 Accepting request 1099501 from devel:languages:python:Factory Ana Guerrero 2023-07-24 16:12:32 +00:00
  • 32717ebf00 - Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for stabilizing FLAG_REF usage (required for reproduceability; bsc#1213463). Matej Cepl 2023-07-19 11:19:26 +00:00
  • 3c34744813 Accepting request 1098690 from devel:languages:python:Factory Matej Cepl 2023-07-14 14:06:10 +00:00
  • 18f6b99d17 - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). Matej Cepl 2023-07-12 10:49:44 +00:00
  • 7870b5cb09 Accepting request 1095863 from devel:languages:python:Factory Dominique Leuenberger 2023-06-30 17:58:24 +00:00
  • 4c4727d238 Fix changes Matej Cepl 2023-06-28 19:10:39 +00:00
  • 24b222e77c - CVE-2023-24329-blank-URL-bypass.patch Matej Cepl 2023-06-28 17:58:17 +00:00
  • 402f3ae924 - Update to 3.10.12: - gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727). - gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329. - gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. - gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. - gh-103935: trace.__main__ now uses io.open_code() for files to be executed instead of raw open(). - gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details. - Remove upstreamed patches: - CVE-2007-4559-filter-tarfile_extractall.patch Matej Cepl 2023-06-28 17:56:56 +00:00
  • d26ce719ad Accepting request 1094243 from devel:languages:python:Factory Dominique Leuenberger 2023-06-22 21:24:50 +00:00
  • 895080bf5f Add missing import Matej Cepl 2023-06-20 22:19:48 +00:00
  • f21150c420 - Add bpo-37596-make-set-marshalling.patch making marshalling of set and frozenset deterministic (bsc#1211765). Matej Cepl 2023-06-20 21:41:03 +00:00