Merge branch 'factory' into sle-15-sp4

2026-02-13 02:31:07 +01:00
parent cd09787966 02f09793e7
commit 26a31005ec
9 changed files with 876 additions and 2 deletions
--- a/python311.spec
+++ b/python311.spec
@@ -195,11 +195,33 @@ Patch26:        CVE-2025-6075-expandvars-perf-degrad.patch
 # Avoid loading possibly compromised length of HTTP response
 Patch27:        CVE-2025-13836-http-resp-cont-len.patch
 # PATCH-FIX-UPSTREAM CVE-2025-12084-minidom-quad-search.patch bsc#1254997 mcepl@suse.com
-# prevent quadratic behavior in node ID cache clearing 
+# prevent quadratic behavior in node ID cache clearing
 Patch28:        CVE-2025-12084-minidom-quad-search.patch
 # PATCH-FIX-UPSTREAM CVE-2025-13837-plistlib-mailicious-length.patch bsc#1254401 mcepl@suse.com
 # protect against OOM when loading malicious content
-Patch29:        CVE-2025-13837-plistlib-mailicious-length.patch 
+Patch29:        CVE-2025-13837-plistlib-mailicious-length.patch
+# PATCH-FIX-UPSTREAM CVE-2025-11468-email-hdr-fold-comment.patch bsc#1257029 mcepl@suse.com
+# this patch makes things totally awesome
+Patch30:        CVE-2025-11468-email-hdr-fold-comment.patch
+# PATCH-FIX-UPSTREAM CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch bsc#1257031 mcepl@suse.com
+# rejects control characters in http cookies.
+Patch31:        CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
+# PATCH-FIX-UPSTREAM CVE-2026-0865-wsgiref-ctrl-chars.patch bsc#1257042 mcepl@suse.com
+# Reject control characters in wsgiref.headers.Headers
+Patch32:        CVE-2026-0865-wsgiref-ctrl-chars.patch
+# PATCH-FIX-UPSTREAM CVE-2025-15366-imap-ctrl-chars.patch bsc#1257044 mcepl@suse.com
+# Reject control characters in wsgiref.headers.Headers
+Patch33:        CVE-2025-15366-imap-ctrl-chars.patch
+# PATCH-FIX-UPSTREAM CVE-2025-15282-urllib-ctrl-chars.patch bsc#1257046 mcepl@suse.com
+# Reject control characters in urllib
+Patch34:        CVE-2025-15282-urllib-ctrl-chars.patch
+# PATCH-FIX-UPSTREAM CVE-2025-15367-poplib-ctrl-chars.patch bsc#1257041 mcepl@suse.com
+# Reject control characters in poplib
+Patch35:        CVE-2025-15367-poplib-ctrl-chars.patch
+# PATCH-FIX-UPSTREAM CVE-2025-12781-b64decode-alt-chars.patch bsc#1257108 mcepl@suse.com
+# Fix decoding with non-standard Base64 alphabet gh#python/cpython#125346
+Patch36:        CVE-2025-12781-b64decode-alt-chars.patch
+### END OF PATCHES
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  crypto-policies-scripts
@@ -555,6 +577,9 @@ LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \
 %check
 export SUSE_VERSION="0%{?suse_version}"
 export SLE_VERSION="0%{?sle_version}"
+echo "Show the openssl version"
+openssl version -a
+echo ""
 %if %{with general}
 # exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos
 # when you install gdb into your test env