From c65f6c6577b175af683e218bd3cd764811cdb9bb7e0ad412e36d0a64055c4f55 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 10 Jun 2022 09:43:57 +0000 Subject: [PATCH 1/5] - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=102 --- CVE-2015-20107-mailcap-unsafe-filenames.patch | 136 ++++++++++++++++++ python39.changes | 7 + python39.spec | 4 + 3 files changed, 147 insertions(+) create mode 100644 CVE-2015-20107-mailcap-unsafe-filenames.patch diff --git a/CVE-2015-20107-mailcap-unsafe-filenames.patch b/CVE-2015-20107-mailcap-unsafe-filenames.patch new file mode 100644 index 0000000..d3dfb86 --- /dev/null +++ b/CVE-2015-20107-mailcap-unsafe-filenames.patch @@ -0,0 +1,136 @@ +From c3e7f139b440d7424986204e9f3fc2275aea3377 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Wed, 27 Apr 2022 18:17:33 +0200 +Subject: [PATCH 1/4] gh-68966: Make mailcap refuse to match unsafe + filenames/types/params + +--- + Doc/library/mailcap.rst | 12 ++++ + Lib/mailcap.py | 26 +++++++++- + Lib/test/test_mailcap.py | 8 ++- + Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst | 4 + + 4 files changed, 46 insertions(+), 4 deletions(-) + +--- a/Doc/library/mailcap.rst ++++ b/Doc/library/mailcap.rst +@@ -60,6 +60,18 @@ standard. However, mailcap files are su + use) to determine whether or not the mailcap line applies. :func:`findmatch` + will automatically check such conditions and skip the entry if the check fails. + ++ .. versionchanged:: 3.11 ++ ++ To prevent security issues with shell metacharacters (symbols that have ++ special effects in a shell command line), ``findmatch`` will refuse ++ to inject ASCII characters other than alphanumerics and ``@+=:,./-_`` ++ into the returned command line. ++ ++ If a disallowed character appears in *filename*, ``findmatch`` will always ++ return ``(None, None)`` as if no entry was found. ++ If such a character appears elsewhere (a value in *plist* or in *MIMEtype*), ++ ``findmatch`` will ignore all mailcap entries which use that value. ++ A :mod:`warning ` will be raised in either case. + + .. function:: getcaps() + +--- a/Lib/mailcap.py ++++ b/Lib/mailcap.py +@@ -2,6 +2,7 @@ + + import os + import warnings ++import re + + __all__ = ["getcaps","findmatch"] + +@@ -13,6 +14,11 @@ def lineno_sort_key(entry): + else: + return 1, 0 + ++_find_unsafe = re.compile(r'[^\xa1-\U0010FFFF\w@+=:,./-]').search ++ ++class UnsafeMailcapInput(Warning): ++ """Warning raised when refusing unsafe input""" ++ + + # Part 1: top-level interface. + +@@ -165,15 +171,22 @@ def findmatch(caps, MIMEtype, key='view' + entry to use. + + """ ++ if _find_unsafe(filename): ++ msg = "Refusing to use mailcap with filename %r. Use a safe temporary filename." % (filename,) ++ warnings.warn(msg, UnsafeMailcapInput) ++ return None, None + entries = lookup(caps, MIMEtype, key) + # XXX This code should somehow check for the needsterminal flag. + for e in entries: + if 'test' in e: + test = subst(e['test'], filename, plist) ++ if test is None: ++ continue + if test and os.system(test) != 0: + continue + command = subst(e[key], MIMEtype, filename, plist) +- return command, e ++ if command is not None: ++ return command, e + return None, None + + def lookup(caps, MIMEtype, key=None): +@@ -206,6 +219,10 @@ def subst(field, MIMEtype, filename, pli + elif c == 's': + res = res + filename + elif c == 't': ++ if _find_unsafe(MIMEtype): ++ msg = "Refusing to substitute MIME type %r into a shell command." % (MIMEtype,) ++ warnings.warn(msg, UnsafeMailcapInput) ++ return None + res = res + MIMEtype + elif c == '{': + start = i +@@ -213,7 +230,12 @@ def subst(field, MIMEtype, filename, pli + i = i+1 + name = field[start:i] + i = i+1 +- res = res + findparam(name, plist) ++ param = findparam(name, plist) ++ if _find_unsafe(param): ++ msg = "Refusing to substitute parameter %r (%s) into a shell command" % (param, name) ++ warnings.warn(msg, UnsafeMailcapInput) ++ return None ++ res = res + param + # XXX To do: + # %n == number of parts if type is multipart/* + # %F == list of alternating type and filename for parts +--- a/Lib/test/test_mailcap.py ++++ b/Lib/test/test_mailcap.py +@@ -121,7 +121,8 @@ class HelperFunctionTest(unittest.TestCa + (["", "audio/*", "foo.txt"], ""), + (["echo foo", "audio/*", "foo.txt"], "echo foo"), + (["echo %s", "audio/*", "foo.txt"], "echo foo.txt"), +- (["echo %t", "audio/*", "foo.txt"], "echo audio/*"), ++ (["echo %t", "audio/*", "foo.txt"], None), ++ (["echo %t", "audio/wav", "foo.txt"], "echo audio/wav"), + (["echo \\%t", "audio/*", "foo.txt"], "echo %t"), + (["echo foo", "audio/*", "foo.txt", plist], "echo foo"), + (["echo %{total}", "audio/*", "foo.txt", plist], "echo 3") +@@ -205,7 +206,10 @@ class FindmatchTest(unittest.TestCase): + ('"An audio fragment"', audio_basic_entry)), + ([c, "audio/*"], + {"filename": fname}, +- ("/usr/local/bin/showaudio audio/*", audio_entry)), ++ (None, None)), ++ ([c, "audio/wav"], ++ {"filename": fname}, ++ ("/usr/local/bin/showaudio audio/wav", audio_entry)), + ([c, "message/external-body"], + {"plist": plist}, + ("showexternal /dev/null default john python.org /tmp foo bar", message_entry)) +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst +@@ -0,0 +1,4 @@ ++The deprecated mailcap module now refuses to inject unsafe text (filenames, ++MIME types, parameters) into shell commands. Instead of using such text, it ++will warn and act as if a match was not found (or for test commands, as if ++the test failed). diff --git a/python39.changes b/python39.changes index 9ae1c83..fc24719 100644 --- a/python39.changes +++ b/python39.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Jun 9 16:43:30 UTC 2022 - Matej Cepl + +- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid + CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the + command injection in the mailcap module. + ------------------------------------------------------------------- Fri May 20 14:18:15 UTC 2022 - Matej Cepl diff --git a/python39.spec b/python39.spec index 50a5254..c21c2c8 100644 --- a/python39.spec +++ b/python39.spec @@ -154,6 +154,9 @@ Patch34: skip-test_pyobject_freed_is_freed.patch # PATCH-FIX-UPSTREAM support-expat-245.patch jsc#SLE-21253 mcepl@suse.com # Makes Python resilient to changes of API of libexpat Patch35: support-expat-245.patch +# PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511 mcepl@suse.com +# avoid the command injection in the mailcap module. +Patch36: CVE-2015-20107-mailcap-unsafe-filenames.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -414,6 +417,7 @@ other applications. %patch05 -p1 %endif %patch35 -p1 +%patch36 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac From 2253eadce984c4668f3b66358049b1fd96ddd8f0dfb9e16e9c337c28139e7f5a Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 10 Jun 2022 18:01:18 +0000 Subject: [PATCH 2/5] - Fix building of documentation and the universal configuration of the %primary_interpreter. - (bsc#1196784, CVE-2022-25236) Rename patch: support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5 as it was fully patched against CVE-2022-25236. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=103 --- python39.changes | 6 ++ python39.spec | 22 ++++--- support-expat-245.patch | 75 ---------------------- support-expat-CVE-2022-25236-patched.patch | 49 ++++++++++++++ 4 files changed, 67 insertions(+), 85 deletions(-) delete mode 100644 support-expat-245.patch create mode 100644 support-expat-CVE-2022-25236-patched.patch diff --git a/python39.changes b/python39.changes index fc24719..2b9b921 100644 --- a/python39.changes +++ b/python39.changes @@ -4,6 +4,12 @@ Thu Jun 9 16:43:30 UTC 2022 - Matej Cepl - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. +- Fix building of documentation and the universal configuration of the + %primary_interpreter. +- (bsc#1196784, CVE-2022-25236) Rename patch: + support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch + and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5 + as it was fully patched against CVE-2022-25236. ------------------------------------------------------------------- Fri May 20 14:18:15 UTC 2022 - Matej Cepl diff --git a/python39.spec b/python39.spec index c21c2c8..dc1b989 100644 --- a/python39.spec +++ b/python39.spec @@ -51,7 +51,11 @@ %define python_pkg_name python39 # Will provide the python3-* provides # Will do the /usr/bin/python3 and all the core links -%define primary_interpreter 0 +%if 0%{?sle_version} || 0%{?suse_version} >= 1550 +%define primary_interpreter 0 +%else +%define primary_interpreter 1 +%endif # We don't process beta signs well %define folderversion 3.9.13 %define tarname Python-%{tarversion} @@ -151,9 +155,9 @@ Patch33: no-skipif-doctests.patch # PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com # skip a test failing on SLE-15 Patch34: skip-test_pyobject_freed_is_freed.patch -# PATCH-FIX-UPSTREAM support-expat-245.patch jsc#SLE-21253 mcepl@suse.com +# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com # Makes Python resilient to changes of API of libexpat -Patch35: support-expat-245.patch +Patch35: support-expat-CVE-2022-25236-patched.patch # PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511 mcepl@suse.com # avoid the command injection in the mailcap module. Patch36: CVE-2015-20107-mailcap-unsafe-filenames.patch @@ -184,12 +188,12 @@ BuildRequires: pkgconfig(libtirpc) BuildRequires: mpdecimal-devel %endif %if %{with doc} -%if 0%{?suse_version} >= 1550 -BuildRequires: %{python_pkg_name}-Sphinx -BuildRequires: %{python_pkg_name}-python-docs-theme >= 2022.1 -%else +%if 0%{?sle_version} && 0%{?sle_version} <= 150300 BuildRequires: python3-Sphinx BuildRequires: python3-python-docs-theme >= 2022.1 +%else +BuildRequires: %{python_pkg_name}-Sphinx +BuildRequires: %{python_pkg_name}-python-docs-theme >= 2022.1 %endif %endif %if %{with general} @@ -407,10 +411,8 @@ other applications. %patch25 -p1 %patch29 -p1 %patch32 -p1 -%if 0%{?suse_version} <= 1500 -%patch33 -p1 -%endif %if 0%{?sle_version} && 0%{?sle_version} <= 150300 +%patch33 -p1 %patch34 -p1 %endif %if %{with mpdecimal} diff --git a/support-expat-245.patch b/support-expat-245.patch deleted file mode 100644 index f4761ee..0000000 --- a/support-expat-245.patch +++ /dev/null @@ -1,75 +0,0 @@ -From d4f5bb912e67299b59b814b89a5afd9a8821a14e Mon Sep 17 00:00:00 2001 -From: "Miss Islington (bot)" - <31488909+miss-islington@users.noreply.github.com> -Date: Mon, 21 Feb 2022 11:03:08 -0800 -Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453) - (GH-31471) - -Curly brackets were never allowed in namespace URIs -according to RFC 3986, and so-called namespace-validating -XML parsers have the right to reject them a invalid URIs. - -libexpat >=2.4.5 has become strcter in that regard due to -related security issues; with ET.XML instantiating a -namespace-aware parser under the hood, this test has no -future in CPython. - -References: -- https://datatracker.ietf.org/doc/html/rfc3968 -- https://www.w3.org/TR/xml-names/ - -Also, test_minidom.py: Support Expat >=2.4.5 -(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e) - -Co-authored-by: Sebastian Pipping ---- - Lib/test/test_minidom.py | 13 ++++------ - Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst | 1 - 2 files changed, 7 insertions(+), 7 deletions(-) - create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst - ---- a/Lib/test/test_minidom.py -+++ b/Lib/test/test_minidom.py -@@ -6,12 +6,11 @@ import io - from test import support - import unittest - --import pyexpat -+import xml.parsers.expat - import xml.dom.minidom - - from xml.dom.minidom import parse, Node, Document, parseString - from xml.dom.minidom import getDOMImplementation --from xml.parsers.expat import ExpatError - - - tstfile = support.findfile("test.xml", subdir="xmltestdata") -@@ -1149,10 +1148,10 @@ class MinidomTest(unittest.TestCase): - - # Verify that character decoding errors raise exceptions instead - # of crashing -- if pyexpat.version_info >= (2, 4, 5): -- self.assertRaises(ExpatError, parseString, -+ if xml.parsers.expat.version_info >= (2, 4, 4): -+ self.assertRaises(xml.parsers.expat.ExpatError, parseString, - b'') -- self.assertRaises(ExpatError, parseString, -+ self.assertRaises(xml.parsers.expat.ExpatError, parseString, - b'Comment \xe7a va ? Tr\xe8s bien ?') - else: - self.assertRaises(UnicodeDecodeError, parseString, -@@ -1617,8 +1616,8 @@ class MinidomTest(unittest.TestCase): - self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) - - def testExceptionOnSpacesInXMLNSValue(self): -- if pyexpat.version_info >= (2, 4, 5): -- context = self.assertRaisesRegex(ExpatError, 'syntax error') -+ if xml.parsers.expat.version_info >= (2, 4, 4): -+ context = self.assertRaisesRegex(xml.parsers.expat.ExpatError, 'syntax error') - else: - context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') - ---- /dev/null -+++ b/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst -@@ -0,0 +1 @@ -+Make test suite support Expat >=2.4.5 diff --git a/support-expat-CVE-2022-25236-patched.patch b/support-expat-CVE-2022-25236-patched.patch new file mode 100644 index 0000000..34cc199 --- /dev/null +++ b/support-expat-CVE-2022-25236-patched.patch @@ -0,0 +1,49 @@ +From 7da97f61816f3cadaa6788804b22a2434b40e8c5 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 21 Feb 2022 08:16:09 -0800 +Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453) + (GH-31472) + +Curly brackets were never allowed in namespace URIs +according to RFC 3986, and so-called namespace-validating +XML parsers have the right to reject them a invalid URIs. + +libexpat >=2.4.5 has become strcter in that regard due to +related security issues; with ET.XML instantiating a +namespace-aware parser under the hood, this test has no +future in CPython. + +References: +- https://datatracker.ietf.org/doc/html/rfc3968 +- https://www.w3.org/TR/xml-names/ + +Also, test_minidom.py: Support Expat >=2.4.5 +(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e) + +Co-authored-by: Sebastian Pipping +--- + Lib/test/test_minidom.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst + +--- a/Lib/test/test_minidom.py ++++ b/Lib/test/test_minidom.py +@@ -1149,7 +1149,7 @@ class MinidomTest(unittest.TestCase): + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): ++ if pyexpat.version_info >= (2, 4, 4): + self.assertRaises(ExpatError, parseString, + b'') + self.assertRaises(ExpatError, parseString, +@@ -1617,7 +1617,7 @@ class MinidomTest(unittest.TestCase): + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): ++ if pyexpat.version_info >= (2, 4, 4): + context = self.assertRaisesRegex(ExpatError, 'syntax error') + else: + context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') From 9b7188a56a5370a0b6b4a203852a743af2b5a8bef6cab757d2623e74c1b1e734 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 14 Jun 2022 18:41:45 +0000 Subject: [PATCH 3/5] Adjust support-expat-CVE-2022-25236-patched.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=104 --- support-expat-CVE-2022-25236-patched.patch | 56 +++++++++++++++++----- 1 file changed, 44 insertions(+), 12 deletions(-) diff --git a/support-expat-CVE-2022-25236-patched.patch b/support-expat-CVE-2022-25236-patched.patch index 34cc199..30e8b04 100644 --- a/support-expat-CVE-2022-25236-patched.patch +++ b/support-expat-CVE-2022-25236-patched.patch @@ -23,27 +23,59 @@ Also, test_minidom.py: Support Expat >=2.4.5 Co-authored-by: Sebastian Pipping --- - Lib/test/test_minidom.py | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) + Lib/test/test_minidom.py | 25 ++++++++++--------------- + 1 file changed, 10 insertions(+), 15 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst --- a/Lib/test/test_minidom.py +++ b/Lib/test/test_minidom.py -@@ -1149,7 +1149,7 @@ class MinidomTest(unittest.TestCase): +@@ -6,12 +6,11 @@ import io + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Node, Document, parseString + from xml.dom.minidom import getDOMImplementation +-from xml.parsers.expat import ExpatError ++from xml.parsers.expat import ExpatError, version_info + + + tstfile = support.findfile("test.xml", subdir="xmltestdata") +@@ -1149,13 +1148,11 @@ class MinidomTest(unittest.TestCase): # Verify that character decoding errors raise exceptions instead # of crashing - if pyexpat.version_info >= (2, 4, 5): -+ if pyexpat.version_info >= (2, 4, 4): - self.assertRaises(ExpatError, parseString, - b'') - self.assertRaises(ExpatError, parseString, -@@ -1617,7 +1617,7 @@ class MinidomTest(unittest.TestCase): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1617,12 +1614,10 @@ class MinidomTest(unittest.TestCase): self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) def testExceptionOnSpacesInXMLNSValue(self): - if pyexpat.version_info >= (2, 4, 5): -+ if pyexpat.version_info >= (2, 4, 4): - context = self.assertRaisesRegex(ExpatError, 'syntax error') - else: - context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): From 04678e52adee7419f780cb59c214c69685cbb282a8c8e1d3c96d15bfcbe159bc Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 15 Jun 2022 04:53:24 +0000 Subject: [PATCH 4/5] Adjust support-expat-CVE-2022-25236-patched.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=105 --- support-expat-CVE-2022-25236-patched.patch | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/support-expat-CVE-2022-25236-patched.patch b/support-expat-CVE-2022-25236-patched.patch index 30e8b04..011a751 100644 --- a/support-expat-CVE-2022-25236-patched.patch +++ b/support-expat-CVE-2022-25236-patched.patch @@ -23,13 +23,13 @@ Also, test_minidom.py: Support Expat >=2.4.5 Co-authored-by: Sebastian Pipping --- - Lib/test/test_minidom.py | 25 ++++++++++--------------- - 1 file changed, 10 insertions(+), 15 deletions(-) + Lib/test/test_minidom.py | 23 +++++++++-------------- + 1 file changed, 9 insertions(+), 14 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst --- a/Lib/test/test_minidom.py +++ b/Lib/test/test_minidom.py -@@ -6,12 +6,11 @@ import io +@@ -6,7 +6,6 @@ import io from test import support import unittest @@ -37,12 +37,6 @@ Co-authored-by: Sebastian Pipping import xml.dom.minidom from xml.dom.minidom import parse, Node, Document, parseString - from xml.dom.minidom import getDOMImplementation --from xml.parsers.expat import ExpatError -+from xml.parsers.expat import ExpatError, version_info - - - tstfile = support.findfile("test.xml", subdir="xmltestdata") @@ -1149,13 +1148,11 @@ class MinidomTest(unittest.TestCase): # Verify that character decoding errors raise exceptions instead From 56c63c9ae256045fb7bd3fda7c20efcf27d34c2afd07f9a967a8e0f9ad3b085f Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 16 Jun 2022 11:52:38 +0000 Subject: [PATCH 5/5] Fix changelog OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=106 --- python39.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python39.changes b/python39.changes index 2b9b921..e7ba203 100644 --- a/python39.changes +++ b/python39.changes @@ -263,7 +263,7 @@ Sat Mar 26 22:22:24 UTC 2022 - Matej Cepl including bugfix for EntryPoint.extras, which was returning match objects and not the extras strings. - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip - 22.0.4) + 22.0.4, bnc#1186819, CVE-2021-3572) - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically determine size of signal handler stack size CPython allocates using getauxval(AT_MINSIGSTKSZ). This changes allows for