python311

pool/python311

SHA256

Fork 1

a2eeecf0ed Accepting request 1199725 from devel:languages:python:Factory factory Ana Guerrero 2024-09-18 13:25:57 +0000
8d7964cbfc - Update to 3.11.10: - Security - gh-123678: Upgrade libexpat to 2.6.3 - gh-121957: Fixed missing audit events around interactive use of Python, now also properly firing for `python -i, as well as for python -m asyncio. The event in question is cpython.run_stdin. - gh-122133: Authenticate the socket connection for the socket.socketpair() fallback on platforms where AF_UNIX is not available like Windows. Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson <seth@python.org>. Reported by Ellie <el@horse64.org> - gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX, and GNU sparse headers (bsc#1230227, CVE-2024-6232). - gh-118486: :func:os.mkdir on Windows now accepts *mode* of 0o700 to restrict the new directory to the current user. This fixes CVE-2024-4030 affecting :func:tempfile.mkdtemp in scenarios where the base temporary directory is more permissive than the default. - gh-116741: Update bundled libexpat to 2.6.2 - Library - gh-123270: Applied a more surgical fix for malformed payloads in :class:zipfile.Path causing infinite loops (gh-122905) without breaking contents using legitimate characters (bsc#1229704, CVE-2024-8088). - gh-123067: Fix quadratic complexity in parsing "-quoted cookie values with backslashes by :mod:http.cookies (bsc#1229596, CVE-2024-7592). - gh-122905: :class:zipfile.Path` objects now sanitize names devel Matej Cepl 2024-09-09 17:03:10 +0000
f2ba782fa5 - Add gh120226-fix-sendfile-test-kernel-610.patch to avoid failing test_sendfile_close_peer_in_the_middle_of_receiving tests on Linux >= 6.10 (GH-120227). Matej Cepl 2024-09-02 09:45:35 +0000
b98a243190 Accepting request 1197475 from devel:languages:python:Factory Dominique Leuenberger 2024-08-30 11:25:42 +0000
4c1b2b97e5 - Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, CVE-2024-8088). Matej Cepl 2024-08-29 12:48:46 +0000
d310e96459 Accepting request 1192372 from devel:languages:python:Factory Dominique Leuenberger 2024-08-10 17:05:45 +0000
19a07a5898 - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) Matej Cepl 2024-08-07 20:15:48 +0000
763dd72636 - Add CVE-2024-6923-email-hdr-inject.patch to prevent email header injection due to unquoted newlines (bsc#1228780, CVE-2024-6923). Matej Cepl 2024-08-07 12:14:54 +0000
a00e4c0107 Accepting request 1190344 from devel:languages:python:Factory Dominique Leuenberger 2024-07-31 11:28:00 +0000
7a43c0a133 - Remove %suse_update_desktop_file macro as it is not useful any more. Matej Cepl 2024-07-22 21:29:24 +0000
3fa86c4781 Revert %autopatch. Matej Cepl 2024-07-18 22:46:00 +0000
511b0d3f92 - Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 adding reproducibility patches from gh#python/cpython!121872 and gh#python/cpython!121883. - Trying %autopatch again (bsc#1189495 seems to be fixed) Matej Cepl 2024-07-18 22:39:01 +0000
63b5b7e315 - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). Matej Cepl 2024-07-15 12:14:33 +0000
7124f7199f Accepting request 1185397 from devel:languages:python:Factory Ana Guerrero 2024-07-09 18:02:51 +0000
1170d3a502 Accepting request 1184845 from home:dgarcia:usr-local-cpython Matej Cepl 2024-07-04 13:17:01 +0000
b6c310cc5a Accepting request 1183510 from devel:languages:python:Factory Ana Guerrero 2024-06-28 13:46:47 +0000
2f6f68cb45 - Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 (CVE-2024-4032) rearranging definition of private v global IP addresses. Matej Cepl 2024-06-25 21:58:48 +0000
992cbf442e multiple threads (bsc#1226447, CVE-2024-0397). Matej Cepl 2024-06-21 14:02:10 +0000
d00c2f8ffd Accepting request 1171202 from devel:languages:python:Factory Ana Guerrero 2024-05-02 21:42:42 +0000
77ce54fe8f - Update CVE-2023-52425-libexpat-2.6.0-backport.patch so that it uses features sniffing, not just comparing version number. Include also support-expat-CVE-2022-25236-patched.patch. - Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping failing tests. Matej Cepl 2024-05-01 23:30:08 +0000
e54275a76b - Update CVE-2023-52425-libexpat-2.6.0-backport.patch so that it uses features sniffing, not just comparing version number. Include also support-expat-CVE-2022-25236-patched.patch. - Refresh patches: - CVE-2023-27043-email-parsing-errors.patch - fix_configure_rst.patch - skip_if_buildbot-extend.patch - Remove included patch: - support-expat-CVE-2022-25236-patched.patch Matej Cepl 2024-05-01 09:01:36 +0000
37ecd27cc8 Update CVE-2023-52425-libexpat-2.6.0-backport.patch Matej Cepl 2024-04-30 15:37:14 +0000
32bb272437 Accepting request 1169286 from devel:languages:python:Factory Ana Guerrero 2024-04-21 18:24:16 +0000
116be53bb3 Accepting request 1169083 from home:dgarcia:branches:devel:languages:python:Factory Matej Cepl 2024-04-19 22:20:05 +0000
fe7f29284c Accepting request 1166573 from home:dgarcia:branches:devel:languages:python:Factory Matej Cepl 2024-04-10 14:25:37 +0000
19bdd05c49 Accepting request 1161081 from devel:languages:python:Factory Ana Guerrero 2024-03-25 20:06:04 +0000
246a8799b3 - Add reference to CVE-2024-0450 (bsc#1221854) to changelog. other entry or central directory (bsc#1221854, CVE-2024-0450). Matej Cepl 2024-03-24 07:52:22 +0000
eceb720075 - Because of bsc#1189495 we have to revert use of %autopatch. Matej Cepl 2024-03-22 21:22:48 +0000
b1a4352010 Accepting request 1157149 from devel:languages:python:Factory Ana Guerrero 2024-03-13 21:16:00 +0000
11b7cca704 typo Matej Cepl 2024-03-12 10:27:24 +0000
cc88adec5d Fix environmental variables. Matej Cepl 2024-03-12 09:04:03 +0000
5070284313 Cleanup Matej Cepl 2024-03-12 08:54:59 +0000
6acd83df79 autosetup actually doesn't have -m/-M, it's autopatch Matej Cepl 2024-03-12 08:53:52 +0000
f2e8cdf7ce - Rewrite %prep to use %autosetup et al. for compatibility with rpm 4.20. Matej Cepl 2024-03-12 08:46:16 +0000
61edd8bfc6 - bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch to eliminate ResourceWarning which broke the test suite in test_asyncio. Matej Cepl 2024-03-12 08:20:37 +0000
2697832d56 Accepting request 1155683 from home:pmonrealgonzalez:branches:devel:languages:python:Factory Matej Cepl 2024-03-06 21:50:48 +0000
d0d6107118 Accepting request 1153186 from devel:languages:python:Factory Dominique Leuenberger 2024-03-01 22:35:58 +0000
5c654e8335 We cannot run test_delete_false Matej Cepl 2024-02-29 09:21:47 +0000
27413421cf Fix the changelog. Matej Cepl 2024-02-29 07:17:18 +0000
af31ac92dd - (bsc#1219666, CVE-2023-6597) Add CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from gh#python/cpython!99930) fixing symlink bug in cleanup of tempfile.TemporaryDirectory. - Repurpose skip-failing-tests.patch to increase timeout for test.test_asyncio.test_tasks.TimeoutTests.test_timeout_time, which fails on slow machines in IBS (s390x). Matej Cepl 2024-02-29 07:16:40 +0000
b0bca7ad80 - Remove double definition of /usr/bin/idle%%{version} in %%files. Matej Cepl 2024-02-20 22:15:23 +0000
96b991b360 Accepting request 1146838 from devel:languages:python:Factory Ana Guerrero 2024-02-18 19:22:52 +0000
0d9b06c5c0 Accepting request 1146787 from home:dgarcia:branches:devel:languages:python:Factory Matej Cepl 2024-02-15 12:58:25 +0000
4fb12f44cc Accepting request 1145179 from devel:languages:python:Factory Ana Guerrero 2024-02-11 14:45:04 +0000
a7d54cb5c3 Accepting request 1145174 from home:dgarcia:branches:devel:languages:python:Factory Matej Cepl 2024-02-08 12:49:59 +0000
21e9e7f697 Accepting request 1136197 from devel:languages:python:Factory Ana Guerrero 2024-01-08 22:43:42 +0000
380c1fa01b Accepting request 1134225 from home:dgarcia:branches:devel:languages:python:Factory Matej Cepl 2024-01-02 13:44:05 +0000
c7d2aa9012 Accepting request 1134084 from devel:languages:python:Factory Ana Guerrero 2023-12-20 20:00:08 +0000
ebe00d33da - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. Matej Cepl 2023-12-19 15:40:30 +0000
5fae7e4a44 Accepting request 1134054 from devel:languages:python:Factory Matej Cepl 2023-12-19 15:24:17 +0000
727f4c9b01 Accepting request 1134053 from devel:languages:python:Factory Matej Cepl 2023-12-19 15:22:13 +0000
09c8853139 Remove reverting patch Matej Cepl 2023-12-18 16:25:59 +0000
cb3301d2cc - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. Matej Cepl 2023-12-18 16:25:35 +0000
8bce36d459 Remove leftover tarfiles Daniel Garcia 2023-12-18 07:14:53 +0000
a7b11641fe Accepting request 1133399 from home:dgarcia:branches:devel:languages:python:Factory Daniel Garcia 2023-12-15 12:09:56 +0000
18a62cf507 Accepting request 1128112 from devel:languages:python:Factory Ana Guerrero 2023-11-23 20:38:28 +0000
dbc72d69e1 Accepting request 1126597 from home:dgarcia:branches:devel:languages:python:Factory Matej Cepl 2023-11-15 12:57:57 +0000
4b50a8332b Accepting request 1113067 from devel:languages:python:Factory Ana Guerrero 2023-09-25 18:00:36 +0000
558337c773 characters without truncating the path (bsc#1214693, CVE-2023-41105). Matej Cepl 2023-09-15 11:19:47 +0000
382f0f4b58 Accepting request 1109225 from devel:languages:python:Factory Ana Guerrero 2023-09-08 19:15:18 +0000
55316ef9e1 - Update to 3.11.5 (bsc#1214692): - Security - gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. - Core and Builtins - gh-104432: Fix potential unaligned memory access on C APIs involving returned sequences of char * pointers within the grp and socket modules. These were revealed using a -fsaniziter=alignment build on ARM macOS. Patch by Christopher Chavez. - gh-77377: Ensure that multiprocessing synchronization objects created in a fork context are not sent to a different process created in a spawn context. This changes a segfault into an actionable RuntimeError in the parent process. - gh-106092: Fix a segmentation fault caused by a use-after-free bug in frame_dealloc when the trashcan delays the deallocation of a PyFrameObject. - gh-106719: No longer suppress arbitrary errors in the __annotations__ getter and setter in the type and module types. - gh-106723: Propagate frozen_modules to multiprocessing spawned process interpreters. - gh-105979: Fix crash in _imp.get_frozen_object() due to improper exception handling. - gh-105840: Fix possible crashes when specializing function calls with too many __defaults__. - gh-105588: Fix an issue that could result in crashes when Daniel Garcia 2023-09-06 07:58:19 +0000
ecfb0312cf Accepting request 1103332 from devel:languages:python:Factory Dominique Leuenberger 2023-08-11 13:55:02 +0000
f665ac48fe Accepting request 1103305 from home:dirkmueller:Factory Matej Cepl 2023-08-10 13:22:02 +0000
6abedd0987 Accepting request 1102676 from home:dirkmueller:Factory Matej Cepl 2023-08-07 14:46:39 +0000
24fe7e4f9e Accepting request 1102237 from devel:languages:python:Factory Dominique Leuenberger 2023-08-06 14:29:15 +0000
eb7790f0a7 - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! Matej Cepl 2023-08-03 15:27:34 +0000
41e7e28995 - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). (The patch is faulty, gh#python/cpython#106669, but upstream decided not to just revert it). Matej Cepl 2023-08-03 14:58:20 +0000
de765fc92e Readjust patches Matej Cepl 2023-07-18 15:10:43 +0000
55fcbed4eb Accepting request 1098691 from devel:languages:python:Factory Matej Cepl 2023-07-14 14:06:49 +0000
ff02f0908c - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). Matej Cepl 2023-07-12 15:19:06 +0000
fdf11aefc4 Accepting request 1096536 from devel:languages:python:Factory Fabian Vogt 2023-07-06 16:27:44 +0000
f7f28c547b Fix patches Matej Cepl 2023-06-28 19:55:36 +0000
b8797f4452 - Update to Python 3.11.4: - gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727). - gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 (bsc#1208471). - gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. - gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. - gh-103935: trace.__main__ now uses io.open_code() for files to be executed instead of raw open(). - gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details (fixing CVE-2007-4559, bsc#1203750). - Remove upstreamed patches: - CVE-2007-4559-filter-tarfile_extractall.patch Matej Cepl 2023-06-28 19:51:47 +0000
5760576192 Accepting request 1095626 from devel:languages:python:Factory Dominique Leuenberger 2023-06-28 19:33:11 +0000
6bf0620e58 Fix changes Matej Cepl 2023-06-27 13:24:40 +0000
7a2425c221 - Remove obsolete_python_versioned macro again. This mechanism has no business to be in Python 3.11, because we have abolished with it whole interpreter+setuptools+pip product. Python 3.11 should not be replaced by later versions anymore. Matej Cepl 2023-06-26 13:04:00 +0000
c1b0d9c8f9 Accepting request 1092590 from devel:languages:python:Factory Dominique Leuenberger 2023-06-12 13:36:40 +0000
d34496b956 Add missing Jira references to the changelog. Matej Cepl 2023-06-05 12:53:40 +0000
d8e5832ad8 Accepting request 1084262 from devel:languages:python:Factory Dominique Leuenberger 2023-06-03 22:12:15 +0000
39157872a5 - Add CVE-2007-4559-filter-tarfile_extractall.patch to fix bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter for tarfile.extractall". Matej Cepl 2023-05-03 10:14:51 +0000
7cfc036a7d Fix the patch Matej Cepl 2023-05-03 07:07:31 +0000
f503a46aa9 - Add skip_if_buildbot-extend.patch to avoid the bug altogether (extending what skip_if_buildbot covers). Matej Cepl 2023-05-03 05:42:18 +0000
e71e638e14 - Add skip-test_freeze_simple_script.patch Matej Cepl 2023-05-02 23:12:23 +0000
ea266df005 - Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). Matej Cepl 2023-05-02 21:29:28 +0000
a48f5d0f80 - Why in the world we download from HTTP? Matej Cepl 2023-04-30 18:13:43 +0000
b323e62899 Ajust patches Matej Cepl 2023-04-27 22:23:56 +0000
21d42b692c - Update to 3.11.3: - Security - gh-101727: Updated the OpenSSL version used in Windows and macOS binary release builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the OpenSSL 2023-02-07 security advisory. - gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with shell=True. Patch by Eryk Sun, based on a patch by Oleg Iarygin. - Core and Builtins - gh-101975: Fixed stacktop value on tracing entries to avoid corruption on garbage collection. - gh-102701: Fix overflow when creating very large dict. - gh-102416: Do not memoize incorrectly automatically generated loop rules in the parser. Patch by Pablo Galindo. - gh-102356: Fix a bug that caused a crash when deallocating deeply nested filter objects. Patch by Marta Gómez Macías. - gh-102397: Fix segfault from race condition in signal handling during garbage collection. Patch by Kumar Aditya. - gh-102281: Fix potential nullptr dereference and use of uninitialized memory in fileutils. Patch by Max Bachmann. - gh-102126: Fix deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. Patch by Kumar Aditya. - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal module. Patch by Max Bachmann. - gh-101967: Fix possible segfault in positional_only_passed_as_keyword function, when new list created. - gh-101765: Fix SystemError / segmentation fault in iter Matej Cepl 2023-04-27 22:09:02 +0000
ccbbaff24e Revert Matej Cepl 2023-03-27 15:07:38 +0000
8fcb1e736e - Switch off obsoleting previous interpreters. Matej Cepl 2023-03-27 15:03:56 +0000
77f87ebc37 Accepting request 1069317 from devel:languages:python:Factory Dominique Leuenberger 2023-03-05 19:08:01 +0000
9f02c1193d Take care of testclinic Matej Cepl 2023-03-03 19:12:38 +0000
1b24baf605 - Update to 3.11.2: Bug fixes, no changes in API and no security bugs. Matej Cepl 2023-03-03 18:48:38 +0000
9eb1b9b809 Fix the macro Matej Cepl 2023-03-01 20:52:12 +0000
339c66ef3e - Add python310 Obsoletes line to obsolete_python_versioned macro. Matej Cepl 2023-03-01 20:51:07 +0000
c9f46254f9 Accepting request 1067032 from devel:languages:python:Factory Dominique Leuenberger 2023-02-22 14:21:14 +0000
1c719478cb - Add provides for readline and sqlite3 to the main Python package. Matej Cepl 2023-02-21 13:49:09 +0000
34212ca5cf Accepting request 1061556 from devel:languages:python:Factory Dominique Leuenberger 2023-01-28 17:44:01 +0000
0a8a28caaa Accepting request 1061231 from home:kukuk:branches:devel:languages:python:Factory Matej Cepl 2023-01-27 13:46:48 +0000
dd8a3056e1 Accepting request 1060927 from devel:languages:python:Factory Dominique Leuenberger 2023-01-25 16:44:36 +0000
d7b979c1e0 Accepting request 1060635 from home:dirkmueller:Factory Matej Cepl 2023-01-25 13:27:45 +0000

Commit Graph Select branches Hide Pull Requests devel factory Mono Color

Commit Graph

Select branches

Hide Pull Requests

devel

factory