From 311f19ba89e76c1c56872a219eb949e7ddff0d92949c1be45705a100df9c0bf4 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 13 Oct 2023 16:13:04 +0000 Subject: [PATCH] - (bsc#1215454, gh-108310)Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. - Update to 3.9.17 (bsc#1212015): * Support Expat >= 2.4.4 (jsc#SLE-21253, CVE-2022-25236) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=165 --- downport-Sphinx-features.patch | 11 ++-- no-skipif-doctests.patch | 91 ++++++++++++++++++---------------- python39.changes | 17 ++++--- 3 files changed, 63 insertions(+), 56 deletions(-) diff --git a/downport-Sphinx-features.patch b/downport-Sphinx-features.patch index 141f156..cedb1d9 100644 --- a/downport-Sphinx-features.patch +++ b/downport-Sphinx-features.patch @@ -40,7 +40,7 @@ Permission bits, as for :func:`os.chmod`. -@@ -727,14 +722,12 @@ A ``TarInfo`` object has the following p +@@ -727,7 +722,6 @@ A ``TarInfo`` object has the following p .. attribute:: TarInfo.linkname @@ -48,6 +48,7 @@ Name of the target file name, which is only present in :class:`TarInfo` objects of type :const:`LNKTYPE` and :const:`SYMTYPE`. +@@ -739,7 +733,6 @@ A ``TarInfo`` object has the following p .. attribute:: TarInfo.uid @@ -55,7 +56,7 @@ User ID of the user who originally stored this member. -@@ -745,7 +738,6 @@ A ``TarInfo`` object has the following p +@@ -750,7 +743,6 @@ A ``TarInfo`` object has the following p attribute. .. attribute:: TarInfo.gid @@ -63,7 +64,7 @@ Group ID of the user who originally stored this member. -@@ -756,7 +748,6 @@ A ``TarInfo`` object has the following p +@@ -761,7 +753,6 @@ A ``TarInfo`` object has the following p attribute. .. attribute:: TarInfo.uname @@ -71,7 +72,7 @@ User name. -@@ -767,7 +758,6 @@ A ``TarInfo`` object has the following p +@@ -772,7 +763,6 @@ A ``TarInfo`` object has the following p attribute. .. attribute:: TarInfo.gname @@ -79,7 +80,7 @@ Group name. -@@ -778,7 +768,6 @@ A ``TarInfo`` object has the following p +@@ -783,7 +773,6 @@ A ``TarInfo`` object has the following p attribute. .. attribute:: TarInfo.pax_headers diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch index 62758d3..2394bf5 100644 --- a/no-skipif-doctests.patch +++ b/no-skipif-doctests.patch @@ -1,5 +1,10 @@ only in patch2: unchanged: +--- + Doc/conf.py | 2 - + Doc/library/turtle.rst | 82 ------------------------------------------------- + 2 files changed, 1 insertion(+), 83 deletions(-) + --- a/Doc/conf.py +++ b/Doc/conf.py @@ -46,7 +46,7 @@ today_fmt = '%B %d, %Y' @@ -314,7 +319,7 @@ unchanged: >>> turtle.color("black", "red") >>> turtle.begin_fill() -@@ -1075,7 +1036,6 @@ More drawing control +@@ -1074,7 +1035,6 @@ More drawing control variables to the default values. .. doctest:: @@ -322,7 +327,7 @@ unchanged: >>> turtle.goto(0,-22) >>> turtle.left(100) -@@ -1127,7 +1087,6 @@ Visibility +@@ -1125,7 +1085,6 @@ Visibility drawing observably. .. doctest:: @@ -330,7 +335,7 @@ unchanged: >>> turtle.hideturtle() -@@ -1138,7 +1097,6 @@ Visibility +@@ -1136,7 +1095,6 @@ Visibility Make the turtle visible. .. doctest:: @@ -338,7 +343,7 @@ unchanged: >>> turtle.showturtle() -@@ -1169,7 +1127,6 @@ Appearance +@@ -1167,7 +1125,6 @@ Appearance deal with shapes see Screen method :func:`register_shape`. .. doctest:: @@ -346,7 +351,7 @@ unchanged: >>> turtle.shape() 'classic' -@@ -1195,7 +1152,6 @@ Appearance +@@ -1193,7 +1150,6 @@ Appearance ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. .. doctest:: @@ -354,7 +359,7 @@ unchanged: >>> turtle.resizemode() 'noresize' -@@ -1219,7 +1175,6 @@ Appearance +@@ -1217,7 +1173,6 @@ Appearance of the shapes's outline. .. doctest:: @@ -362,7 +367,7 @@ unchanged: >>> turtle.shapesize() (1.0, 1.0, 1) -@@ -1244,7 +1199,6 @@ Appearance +@@ -1242,7 +1197,6 @@ Appearance heading of the turtle are sheared. .. doctest:: @@ -370,7 +375,7 @@ unchanged: >>> turtle.shape("circle") >>> turtle.shapesize(5,2) -@@ -1261,7 +1215,6 @@ Appearance +@@ -1259,7 +1213,6 @@ Appearance change the turtle's heading (direction of movement). .. doctest:: @@ -378,7 +383,7 @@ unchanged: >>> turtle.reset() >>> turtle.shape("circle") -@@ -1281,7 +1234,6 @@ Appearance +@@ -1279,7 +1232,6 @@ Appearance (direction of movement). .. doctest:: @@ -386,7 +391,7 @@ unchanged: >>> turtle.reset() >>> turtle.shape("circle") -@@ -1307,7 +1259,6 @@ Appearance +@@ -1305,7 +1257,6 @@ Appearance turtle (its direction of movement). .. doctest:: @@ -394,7 +399,7 @@ unchanged: >>> turtle.reset() >>> turtle.shape("circle") -@@ -1336,7 +1287,6 @@ Appearance +@@ -1334,7 +1285,6 @@ Appearance given matrix. .. doctest:: @@ -402,7 +407,7 @@ unchanged: >>> turtle = Turtle() >>> turtle.shape("square") -@@ -1352,7 +1302,6 @@ Appearance +@@ -1350,7 +1300,6 @@ Appearance can be used to define a new shape or components of a compound shape. .. doctest:: @@ -410,7 +415,7 @@ unchanged: >>> turtle.shape("square") >>> turtle.shapetransform(4, -1, 0, 2) -@@ -1377,7 +1326,6 @@ Using events +@@ -1375,7 +1324,6 @@ Using events procedural way: .. doctest:: @@ -418,7 +423,7 @@ unchanged: >>> def turn(x, y): ... left(180) -@@ -1398,7 +1346,6 @@ Using events +@@ -1396,7 +1344,6 @@ Using events ``None``, existing bindings are removed. .. doctest:: @@ -426,7 +431,7 @@ unchanged: >>> class MyTurtle(Turtle): ... def glow(self,x,y): -@@ -1426,7 +1373,6 @@ Using events +@@ -1424,7 +1371,6 @@ Using events mouse-click event on that turtle. .. doctest:: @@ -434,7 +439,7 @@ unchanged: >>> turtle.ondrag(turtle.goto) -@@ -1454,7 +1400,6 @@ Special Turtle methods +@@ -1452,7 +1398,6 @@ Special Turtle methods Return the last recorded polygon. .. doctest:: @@ -442,7 +447,7 @@ unchanged: >>> turtle.home() >>> turtle.begin_poly() -@@ -1474,7 +1419,6 @@ Special Turtle methods +@@ -1472,7 +1417,6 @@ Special Turtle methods turtle properties. .. doctest:: @@ -450,7 +455,7 @@ unchanged: >>> mick = Turtle() >>> joe = mick.clone() -@@ -1487,7 +1431,6 @@ Special Turtle methods +@@ -1485,7 +1429,6 @@ Special Turtle methods return the "anonymous turtle": .. doctest:: @@ -458,7 +463,7 @@ unchanged: >>> pet = getturtle() >>> pet.fd(50) -@@ -1501,7 +1444,6 @@ Special Turtle methods +@@ -1499,7 +1442,6 @@ Special Turtle methods TurtleScreen methods can then be called for that object. .. doctest:: @@ -466,7 +471,7 @@ unchanged: >>> ts = turtle.getscreen() >>> ts -@@ -1519,7 +1461,6 @@ Special Turtle methods +@@ -1517,7 +1459,6 @@ Special Turtle methods ``None``, the undobuffer is disabled. .. doctest:: @@ -474,7 +479,7 @@ unchanged: >>> turtle.setundobuffer(42) -@@ -1529,7 +1470,6 @@ Special Turtle methods +@@ -1527,7 +1468,6 @@ Special Turtle methods Return number of entries in the undobuffer. .. doctest:: @@ -482,7 +487,7 @@ unchanged: >>> while undobufferentries(): ... undo() -@@ -1552,7 +1492,6 @@ below: +@@ -1550,7 +1490,6 @@ below: For example: .. doctest:: @@ -490,7 +495,7 @@ unchanged: >>> s = Shape("compound") >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) -@@ -1563,7 +1502,6 @@ below: +@@ -1561,7 +1500,6 @@ below: 3. Now add the Shape to the Screen's shapelist and use it: .. doctest:: @@ -498,7 +503,7 @@ unchanged: >>> register_shape("myshape", s) >>> shape("myshape") -@@ -1583,7 +1521,6 @@ Most of the examples in this section ref +@@ -1581,7 +1519,6 @@ Most of the examples in this section ref ``screen``. .. doctest:: @@ -506,7 +511,7 @@ unchanged: :hide: >>> screen = Screen() -@@ -1600,7 +1537,6 @@ Window control +@@ -1598,7 +1535,6 @@ Window control Set or return background color of the TurtleScreen. .. doctest:: @@ -514,7 +519,7 @@ unchanged: >>> screen.bgcolor("orange") >>> screen.bgcolor() -@@ -1686,7 +1622,6 @@ Window control +@@ -1690,7 +1626,6 @@ Window control distorted. .. doctest:: @@ -522,7 +527,7 @@ unchanged: >>> screen.reset() >>> screen.setworldcoordinates(-50,-7.5,50,7.5) -@@ -1697,7 +1632,6 @@ Window control +@@ -1701,7 +1636,6 @@ Window control ... left(45); fd(2) # a regular octagon .. doctest:: @@ -530,7 +535,7 @@ unchanged: :hide: >>> screen.reset() -@@ -1719,7 +1653,6 @@ Animation control +@@ -1723,7 +1657,6 @@ Animation control Optional argument: .. doctest:: @@ -538,7 +543,7 @@ unchanged: >>> screen.delay() 10 -@@ -1741,7 +1674,6 @@ Animation control +@@ -1745,7 +1678,6 @@ Animation control :func:`delay`). .. doctest:: @@ -546,7 +551,7 @@ unchanged: >>> screen.tracer(8, 25) >>> dist = 2 -@@ -1778,7 +1710,6 @@ Using screen events +@@ -1782,7 +1714,6 @@ Using screen events must have the focus. (See method :func:`listen`.) .. doctest:: @@ -554,7 +559,7 @@ unchanged: >>> def f(): ... fd(50) -@@ -1799,7 +1730,6 @@ Using screen events +@@ -1803,7 +1734,6 @@ Using screen events must have focus. (See method :func:`listen`.) .. doctest:: @@ -562,7 +567,7 @@ unchanged: >>> def f(): ... fd(50) -@@ -1824,7 +1754,6 @@ Using screen events +@@ -1828,7 +1758,6 @@ Using screen events named ``turtle``: .. doctest:: @@ -570,7 +575,7 @@ unchanged: >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will >>> # make the turtle move to the clicked point. -@@ -1844,7 +1773,6 @@ Using screen events +@@ -1848,7 +1777,6 @@ Using screen events Install a timer that calls *fun* after *t* milliseconds. .. doctest:: @@ -578,7 +583,7 @@ unchanged: >>> running = True >>> def f(): -@@ -1926,7 +1854,6 @@ Settings and special methods +@@ -1930,7 +1858,6 @@ Settings and special methods ============ ========================= =================== .. doctest:: @@ -586,7 +591,7 @@ unchanged: >>> mode("logo") # resets turtle heading to north >>> mode() -@@ -1941,7 +1868,6 @@ Settings and special methods +@@ -1945,7 +1872,6 @@ Settings and special methods values of color triples have to be in the range 0..\ *cmode*. .. doctest:: @@ -594,7 +599,7 @@ unchanged: >>> screen.colormode(1) >>> turtle.pencolor(240, 160, 80) -@@ -1962,7 +1888,6 @@ Settings and special methods +@@ -1966,7 +1892,6 @@ Settings and special methods do with a Tkinter Canvas. .. doctest:: @@ -602,7 +607,7 @@ unchanged: >>> cv = screen.getcanvas() >>> cv -@@ -1974,7 +1899,6 @@ Settings and special methods +@@ -1978,7 +1903,6 @@ Settings and special methods Return a list of names of all currently available turtle shapes. .. doctest:: @@ -610,7 +615,7 @@ unchanged: >>> screen.getshapes() ['arrow', 'blank', 'circle', ..., 'turtle'] -@@ -1998,7 +1922,6 @@ Settings and special methods +@@ -2002,7 +1926,6 @@ Settings and special methods coordinates: Install the corresponding polygon shape. .. doctest:: @@ -618,7 +623,7 @@ unchanged: >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) -@@ -2014,7 +1937,6 @@ Settings and special methods +@@ -2018,7 +1941,6 @@ Settings and special methods Return the list of turtles on the screen. .. doctest:: @@ -626,7 +631,7 @@ unchanged: >>> for turtle in screen.turtles(): ... turtle.color("red") -@@ -2076,7 +1998,6 @@ Methods specific to Screen, not inherite +@@ -2080,7 +2002,6 @@ Methods specific to Screen, not inherite center window vertically .. doctest:: @@ -634,7 +639,7 @@ unchanged: >>> screen.setup (width=200, height=200, startx=0, starty=0) >>> # sets window to 200x200 pixels, in upper left of screen -@@ -2092,7 +2013,6 @@ Methods specific to Screen, not inherite +@@ -2096,7 +2017,6 @@ Methods specific to Screen, not inherite Set title of turtle window to *titlestring*. .. doctest:: @@ -642,7 +647,7 @@ unchanged: >>> screen.title("Welcome to the turtle zoo!") -@@ -2163,7 +2083,6 @@ Public classes +@@ -2167,7 +2087,6 @@ Public classes Example: .. doctest:: @@ -650,7 +655,7 @@ unchanged: >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) >>> s = Shape("compound") -@@ -2510,7 +2429,6 @@ Changes since Python 3.0 +@@ -2514,7 +2433,6 @@ Changes since Python 3.0 .. doctest:: diff --git a/python39.changes b/python39.changes index 088bedb..04fdd82 100644 --- a/python39.changes +++ b/python39.changes @@ -2,12 +2,13 @@ Wed Sep 6 06:38:27 UTC 2023 - Daniel Garcia - Update to 3.9.18 (bsc#1214692): - - gh-108310: Fixed an issue where instances of ssl.SSLSocket were - vulnerable to a bypass of the TLS handshake and included - protections (like certificate verification) and treating sent - unencrypted data as if it were post-handshake TLS encrypted data. - Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by - Gregory P. Smith. + - (bsc#1215454, gh-108310)Fixed an issue where instances + of ssl.SSLSocket were vulnerable to a bypass of the TLS + handshake and included protections (like certificate + verification) and treating sent unencrypted data as if it + were post-handshake TLS encrypted data. Security issue + reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory + P. Smith. - gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with @@ -56,7 +57,7 @@ Fri Jun 30 20:23:43 UTC 2023 - Matej Cepl ------------------------------------------------------------------- Wed Jun 28 19:12:12 UTC 2023 - Matej Cepl -- Update to 3.9.17: +- Update to 3.9.17 (bsc#1212015): - gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, @@ -453,7 +454,7 @@ Fri May 20 14:18:15 UTC 2022 - Matej Cepl - gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter. - Add patch support-expat-245.patch: - * Support Expat >= 2.4.4 (jsc#SLE-21253) + * Support Expat >= 2.4.4 (jsc#SLE-21253, CVE-2022-25236) ------------------------------------------------------------------- Sat Mar 26 22:22:24 UTC 2022 - Matej Cepl