- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote

path names provided when creating a virtual environment
  (bsc#1232241, CVE-2024-9287)
- Update doc-py38-to-py36.patch to include str.removeprefix
  replacement.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=98

doc-py38-to-py36.patch

@@ -1,35 +1,25 @@
 ---
- Doc/conf.py                             |   17 ++++++++--
+ Doc/conf.py                             |    8 ++--
  Doc/tools/check-warnings.py             |    3 +
  Doc/tools/extensions/audit_events.py    |   54 ++++++++++++++++----------------
  Doc/tools/extensions/availability.py    |   15 ++++----
- Doc/tools/extensions/c_annotations.py   |   45 ++++++++++++++++----------
+ Doc/tools/extensions/c_annotations.py   |   37 ++++++++++-----------
  Doc/tools/extensions/glossary_search.py |   10 +----
  Doc/tools/extensions/patchlevel.py      |    9 ++---
- 7 files changed, 87 insertions(+), 66 deletions(-)
+ 7 files changed, 67 insertions(+), 69 deletions(-)
 
 --- a/Doc/conf.py
 +++ b/Doc/conf.py
-@@ -17,6 +17,9 @@ sys.path.append(os.path.abspath('include
- # Python specific content from Doc/Tools/extensions/pyspecific.py
- from pyspecific import SOURCE_URI
- 
-+# Needed for fixing extlinks modification
-+from sphinx import version_info as sphinx_version
-+
- # General configuration
- # ---------------------
- 
-@@ -82,7 +85,7 @@ highlight_language = 'python3'
+@@ -85,7 +85,7 @@ today_fmt = '%B %d, %Y'
+ highlight_language = 'python3'
  
  # Minimum version of sphinx required
- # Keep this version in sync with ``Doc/requirements.txt``.
--needs_sphinx = '8.1.3'
+-needs_sphinx = '7.2.6'
 +needs_sphinx = '4.2.0'
  
  # Create table of contents entries for domain objects (e.g. functions, classes,
  # attributes, etc.). Default is True.
-@@ -337,7 +340,7 @@ html_short_title = f'{release} Documenta
+@@ -342,7 +342,7 @@ html_short_title = f'{release} Documenta
  # (See .readthedocs.yml and https://docs.readthedocs.io/en/stable/reference/environment-variables.html)
  is_deployment_preview = os.getenv("READTHEDOCS_VERSION_TYPE") == "external"
  repository_url = os.getenv("READTHEDOCS_GIT_CLONE_URL", "")
@@ -38,23 +28,22 @@
  html_context = {
      "is_deployment_preview": is_deployment_preview,
      "repository_url": repository_url or None,
-@@ -583,6 +586,16 @@ extlinks = {
- }
- extlinks_detect_hardcoded_links = True
+@@ -598,13 +598,13 @@ extlinks_detect_hardcoded_links = True
+ 
+ if sphinx.version_info[:2] < (8, 1):
+     # Sphinx 8.1 has in-built CVE and CWE roles.
+-    extlinks |= {
++    extlinks.update({
+         "cve": (
+             "https://www.cve.org/CVERecord?id=CVE-%s",
+             "CVE-%s",
+         ),
+         "cwe": ("https://cwe.mitre.org/data/definitions/%s.html", "CWE-%s"),
+-    }
++    })
  
-+if sphinx_version[:2] < (8, 1):
-+   # Sphinx 8.1 has in-built CVE and CWE roles.
-+   extlinks.update({
-+        "cve": (
-+            "https://www.cve.org/CVERecord?id=CVE-%s",
-+            "CVE-%s",
-+        ),
-+        "cwe": ("https://cwe.mitre.org/data/definitions/%s.html", "CWE-%s"),
-+   })
-+
  # Options for c_annotations extension
  # -----------------------------------
- 
 --- a/Doc/tools/check-warnings.py
 +++ b/Doc/tools/check-warnings.py
 @@ -228,7 +228,8 @@ def fail_if_regression(
@@ -221,16 +210,16 @@
  
  from docutils import nodes
  from sphinx import addnodes
-@@ -53,7 +51,7 @@ class Availability(SphinxDirective):
+@@ -52,7 +50,7 @@ class Availability(SphinxDirective):
      optional_arguments = 0
      final_argument_whitespace = True
  
 -    def run(self) -> list[nodes.container]:
 +    def run(self) -> List[nodes.container]:
-         title = sphinx_gettext("Availability")
+         title = "Availability"
          refnode = addnodes.pending_xref(
              title,
-@@ -77,7 +75,7 @@ class Availability(SphinxDirective):
+@@ -76,7 +74,7 @@ class Availability(SphinxDirective):
  
          return [cnode]
  
@@ -239,7 +228,7 @@
          """Parse platform information from arguments
  
          Arguments is a comma-separated string of platforms. A platform may
-@@ -96,12 +94,13 @@ class Availability(SphinxDirective):
+@@ -95,12 +93,13 @@ class Availability(SphinxDirective):
              platform, _, version = arg.partition(" >= ")
              if platform.startswith("not "):
                  version = False
@@ -255,7 +244,7 @@
              logger.warning(
                  "Unknown platform%s or syntax '%s' in '.. availability:: %s', "
                  "see %s:KNOWN_PLATFORMS for a set of known platforms.",
-@@ -114,7 +113,7 @@ class Availability(SphinxDirective):
+@@ -113,7 +112,7 @@ class Availability(SphinxDirective):
          return platforms
  
  
@@ -266,7 +255,7 @@
      return {
 --- a/Doc/tools/extensions/c_annotations.py
 +++ b/Doc/tools/extensions/c_annotations.py
-@@ -9,22 +9,18 @@ Configuration:
+@@ -9,12 +9,10 @@ Configuration:
  * Set ``stable_abi_file`` to the path to stable ABI list.
  """
  
@@ -278,10 +267,9 @@
 -from typing import TYPE_CHECKING
 +from typing import Any, Dict, List, TYPE_CHECKING, Union
  
+ import sphinx
  from docutils import nodes
- from docutils.statemachine import StringList
--from sphinx import addnodes
-+from sphinx import addnodes, version_info
+@@ -23,9 +21,7 @@ from sphinx import addnodes
  from sphinx.locale import _ as sphinx_gettext
  from sphinx.util.docutils import SphinxDirective
  
@@ -292,7 +280,7 @@
  
  ROLE_TO_OBJECT_TYPE = {
      "func": "function",
-@@ -35,20 +31,20 @@ ROLE_TO_OBJECT_TYPE = {
+@@ -36,20 +32,20 @@ ROLE_TO_OBJECT_TYPE = {
  }
  
  
@@ -317,7 +305,7 @@
  class StableABIEntry:
      # Role of the object.
      # Source: Each [item_kind] in stable_abi.toml is mapped to a C Domain role.
-@@ -67,7 +63,7 @@ class StableABIEntry:
+@@ -68,7 +64,7 @@ class StableABIEntry:
      struct_abi_kind: str
  
  
@@ -326,7 +314,7 @@
      refcount_data = {}
      refcounts = refcount_filename.read_text(encoding="utf8")
      for line in refcounts.splitlines():
-@@ -103,7 +99,7 @@ def read_refcount_data(refcount_filename
+@@ -104,7 +100,7 @@ def read_refcount_data(refcount_filename
      return refcount_data
  
  
@@ -335,7 +323,7 @@
      stable_abi_data = {}
      with open(stable_abi_file, encoding="utf8") as fp:
          for record in csv.DictReader(fp):
-@@ -127,11 +123,14 @@ def add_annotations(app: Sphinx, doctree
+@@ -128,11 +124,14 @@ def add_annotations(app: Sphinx, doctree
              continue
          if not par[0].get("ids", None):
              continue
@@ -352,7 +340,7 @@
              if ROLE_TO_OBJECT_TYPE[record.role] != objtype:
                  msg = (
                      f"Object type mismatch in limited API annotation for {name}: "
-@@ -238,7 +237,7 @@ def _unstable_api_annotation() -> nodes.
+@@ -239,7 +238,7 @@ def _unstable_api_annotation() -> nodes.
      )
  
  
@@ -361,7 +349,7 @@
      classes = ["refcount"]
      if result_refs is None:
          rc = sphinx_gettext("Return value: Always NULL.")
-@@ -258,7 +257,7 @@ class LimitedAPIList(SphinxDirective):
+@@ -259,7 +258,7 @@ class LimitedAPIList(SphinxDirective):
      optional_arguments = 0
      final_argument_whitespace = True
  
@@ -370,7 +358,7 @@
          state = self.env.domaindata["c_annotations"]
          content = [
              f"* :c:{record.role}:`{record.name}`"
-@@ -281,13 +280,23 @@ def init_annotations(app: Sphinx) -> Non
+@@ -282,7 +281,7 @@ def init_annotations(app: Sphinx) -> Non
      )
  
  
@@ -379,22 +367,19 @@
      app.add_config_value("refcount_file", "", "env", types={str})
      app.add_config_value("stable_abi_file", "", "env", types={str})
      app.add_directive("limited-api-list", LimitedAPIList)
-     app.connect("builder-inited", init_annotations)
-     app.connect("doctree-read", add_annotations)
+@@ -294,10 +293,10 @@ def setup(app: Sphinx) -> ExtensionMetad
+         from sphinx.domains.c import CObject
  
-+    if version_info[:2] < (7, 2):
-+        from docutils.parsers.rst import directives
-+        from sphinx.domains.c import CObject
-+
-+        # monkey-patch C object...
+         # monkey-patch C object...
+-        CObject.option_spec |= {
 +        CObject.option_spec.update({
-+            "no-index-entry": directives.flag,
-+            "no-contents-entry": directives.flag,
+             "no-index-entry": directives.flag,
+             "no-contents-entry": directives.flag,
+-        }
 +        })
-+
+ 
      return {
          "version": "1.0",
-         "parallel_read_safe": True,
 --- a/Doc/tools/extensions/glossary_search.py
 +++ b/Doc/tools/extensions/glossary_search.py
 @@ -1,18 +1,14 @@

python312.changes

@@ -571,6 +571,15 @@ Thu Oct 24 16:09:00 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
   path names provided when creating a virtual environment
   (bsc#1232241, CVE-2024-9287)
 
+-------------------------------------------------------------------
+Thu Oct 24 16:09:00 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
+
+- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
+  path names provided when creating a virtual environment
+  (bsc#1232241, CVE-2024-9287)
+- Update doc-py38-to-py36.patch to include str.removeprefix
+  replacement.
+
 -------------------------------------------------------------------
 Tue Oct  1 15:32:06 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
 

python312.spec

@@ -124,7 +124,7 @@ Summary:        Python 3 Interpreter
 License:        Python-2.0
 URL:            https://www.python.org/
 Source0:        https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz
-Source1:        https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc
+Source1:        https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore
 Source2:        baselibs.conf
 Source3:        README.SUSE
 Source4:        externally_managed.in