Accepting request 1100886 from devel:languages:python:Factory

- Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for stabilizing FLAG_REF usage (required for reproduceability; bsc#1213463). - Revert faulty fix for CVE-2023-27043 (gh#python/cpython#106669) OBS-URL: https://build.opensuse.org/request/show/1100886 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python39?expand=0&rev=47
2023-07-27 14:49:51 +00:00 · 2023-07-27 14:49:51 +00:00 · 0999da949b
commit 0999da949b
parent 22c0faa015 b5917212a3
3 changed files with 44 additions and 0 deletions
--- a/gh-78214-marshal_stabilize_FLAG_REF.patch
+++ b/gh-78214-marshal_stabilize_FLAG_REF.patch
@ -0,0 +1,28 @@
+From 6c8ea7c1dacd42f3ba00440231ec0e6b1a38300d Mon Sep 17 00:00:00 2001
+From: Inada Naoki <songofacandy@gmail.com>
+Date: Sat, 14 Jul 2018 00:46:11 +0900
+Subject: [PATCH] Use FLAG_REF always for interned strings
+
+---
+ Python/marshal.c |    9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/Python/marshal.c
+++ b/Python/marshal.c
+@@ -298,9 +298,14 @@ w_ref(PyObject *v, char *flag, WFILE *p)
+     if (p->version < 3 || p->hashtable == NULL)
+         return 0; /* not writing object references */
+ 
+-    /* if it has only one reference, it definitely isn't shared */
+-    if (Py_REFCNT(v) == 1)
+    /* If it has only one reference, it definitely isn't shared.
+     * But we use TYPE_REF always for interned string, to PYC file stable
+     * as possible.
+     */
+    if (Py_REFCNT(v) == 1 &&
+            !(PyUnicode_CheckExact(v) && PyUnicode_CHECK_INTERNED(v))) {
+         return 0;
+    }
+ 
+     entry = _Py_hashtable_get_entry(p->hashtable, v);
+     if (entry != NULL) {
--- a/python39.changes
+++ b/python39.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Wed Jul 19 11:15:39 UTC 2023 - Matej Cepl <mcepl@suse.com>
+
+- Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for
+  stabilizing FLAG_REF usage (required for reproduceability;
+  bsc#1213463).
+
+-------------------------------------------------------------------
+Fri Jul 14 10:25:54 UTC 2023 - Matej Cepl <mcepl@suse.com>
+
+- Revert faulty fix for CVE-2023-27043 (gh#python/cpython#106669)
+
 -------------------------------------------------------------------
 Fri Jun 30 20:23:43 UTC 2023 - Matej Cepl <mcepl@suse.com>

--- a/python39.spec
+++ b/python39.spec
@ -161,6 +161,9 @@ Patch35:        support-expat-CVE-2022-25236-patched.patch
 # PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com
 # this patch makes things totally awesome
 Patch37:        98437-sphinx.locale._-as-gettext-in-pyspecific.patch
+# PATCH-FIX-UPSTREAM gh-78214-marshal_stabilize_FLAG_REF.patch bsc#1213463 mcepl@suse.com
+# marshal: Stabilize FLAG_REF usage
+Patch39:        gh-78214-marshal_stabilize_FLAG_REF.patch
 # PATCH-FIX-UPSTREAM 99366-patch.dict-can-decorate-async.patch bsc#[0-9]+ mcepl@suse.com
 # Patch for gh#python/cpython#98086
 Patch40:        99366-patch.dict-can-decorate-async.patch
@ -425,6 +428,7 @@ other applications.
 %endif
 %patch35 -p1
 %patch37 -p1
+%patch39 -p1
 %patch40 -p1
 %if 0%{?sle_version} && 0%{?sle_version} <= 150500
 %patch41 -p1