From 303cf28c8d291473afd4aab55ddfd4411510bb67e623f697802de53ac4ea79c3 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 9 Apr 2025 20:09:20 +0000 Subject: [PATCH] =?UTF-8?q?-=20Update=20to=203.9.22:=20=20=20-=20gh-131809?= =?UTF-8?q?:=20Update=20bundled=20libexpat=20to=202.7.1=20=20=20-=20gh-131?= =?UTF-8?q?261:=20Upgrade=20to=20libexpat=202.7.0=20=20=20-=20gh-105704:?= =?UTF-8?q?=20When=20using=20urllib.parse.urlsplit()=20and=20=20=20=20=20u?= =?UTF-8?q?rllib.parse.urlparse()=20host=20parsing=20would=20not=20reject?= =?UTF-8?q?=20domain=20=20=20=20=20names=20containing=20square=20brackets?= =?UTF-8?q?=20([=20and=20]).=20Square=20brackets=20=20=20=20=20are=20only?= =?UTF-8?q?=20valid=20for=20IPv6=20and=20IPvFuture=20hosts=20according=20t?= =?UTF-8?q?o=20RFC=20=20=20=20=203986=20Section=203.2.2=20(bsc#1236705,=20?= =?UTF-8?q?CVE-2025-0938,=20=20=20=20=20gh#python/cpython#105704).=20=20?= =?UTF-8?q?=20-=20gh-121284:=20Fix=20bug=20in=20the=20folding=20of=20rfc20?= =?UTF-8?q?47=20encoded-words=20=20=20=20=20when=20flattening=20an=20email?= =?UTF-8?q?=20message=20using=20a=20modern=20email=20=20=20=20=20policy.?= =?UTF-8?q?=20Previously=20when=20an=20encoded-word=20was=20too=20long=20f?= =?UTF-8?q?or=20=20=20=20=20a=20line,=20it=20would=20be=20decoded,=20split?= =?UTF-8?q?=20across=20lines,=20and=20=20=20=20=20re-encoded.=20But=20comm?= =?UTF-8?q?as=20and=20other=20special=20characters=20in=20the=20=20=20=20?= =?UTF-8?q?=20original=20text=20could=20be=20left=20unencoded=20and=20unqu?= =?UTF-8?q?oted.=20This=20=20=20=20=20could=20theoretically=20be=20used=20?= =?UTF-8?q?to=20spoof=20header=20lines=20using=20a=20=20=20=20=20carefully?= =?UTF-8?q?=20constructed=20encoded-word=20if=20the=20resulting=20rendered?= =?UTF-8?q?=20=20=20=20=20email=20was=20transmitted=20or=20re-parsed.=20?= =?UTF-8?q?=20=20-=20gh-119511:=20Fix=20a=20potential=20denial=20of=20serv?= =?UTF-8?q?ice=20in=20the=20imaplib=20=20=20=20=20module.=20When=20connect?= =?UTF-8?q?ing=20to=20a=20malicious=20server,=20it=20could=20=20=20=20=20c?= =?UTF-8?q?ause=20an=20arbitrary=20amount=20of=20memory=20to=20be=20alloca?= =?UTF-8?q?ted.=20On=20many=20=20=20=20=20systems=20this=20is=20harmless?= =?UTF-8?q?=20as=20unused=20virtual=20memory=20is=20only=20=20=20=20=20a?= =?UTF-8?q?=20mapping,=20but=20if=20this=20hit=20a=20virtual=20address=20s?= =?UTF-8?q?ize=20limit=20=20=20=20=20it=20could=20lead=20to=20a=20MemoryEr?= =?UTF-8?q?ror=20or=20other=20process=20crash.=20On=20=20=20=20=20unusual?= =?UTF-8?q?=20systems=20or=20builds=20where=20all=20allocated=20memory=20i?= =?UTF-8?q?s=20=20=20=20=20touched=20and=20backed=20by=20actual=20ram=20or?= =?UTF-8?q?=20storage=20it=20could=E2=80=99ve=20=20=20=20=20consumed=20res?= =?UTF-8?q?ources=20doing=20so=20until=20similarly=20crashing.=20=20=20-?= =?UTF-8?q?=20gh-121277:=20Writers=20of=20CPython=E2=80=99s=20documentatio?= =?UTF-8?q?n=20can=20now=20use=20=20=20=20=20next=20as=20the=20version=20f?= =?UTF-8?q?or=20the=20versionchanged,=20versionadded,=20=20=20=20=20deprec?= =?UTF-8?q?ated=20directives.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=226 --- Python-3.9.21.tar.xz | 3 --- Python-3.9.21.tar.xz.sigstore | 1 - Python-3.9.22.tar.xz | 3 +++ Python-3.9.22.tar.xz.sigstore | 1 + python39.changes | 36 +++++++++++++++++++++++++++++++++++ python39.spec | 2 +- 6 files changed, 41 insertions(+), 5 deletions(-) delete mode 100644 Python-3.9.21.tar.xz delete mode 100644 Python-3.9.21.tar.xz.sigstore create mode 100644 Python-3.9.22.tar.xz create mode 100644 Python-3.9.22.tar.xz.sigstore diff --git a/Python-3.9.21.tar.xz b/Python-3.9.21.tar.xz deleted file mode 100644 index e7cba3a..0000000 --- a/Python-3.9.21.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3126f59592c9b0d798584755f2bf7b081fa1ca35ce7a6fea980108d752a05bb1 -size 19647056 diff --git a/Python-3.9.21.tar.xz.sigstore b/Python-3.9.21.tar.xz.sigstore deleted file mode 100644 index 1dec9be..0000000 --- a/Python-3.9.21.tar.xz.sigstore +++ /dev/null @@ -1 +0,0 @@ -{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzjCCAlSgAwIBAgIUW+0j3NwKUHtsI1ptyYDZcjihgN8wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTg1MjI5WhcNMjQxMjAzMTkwMjI5WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYDe8pRetus9jnxd7MLkTXY+JFkJDLrMGG40CRT61fjbNBLG8qSu85JdE0K/6cJ2r1rp1KGoRxFqzBopuxLvq0KOCAXMwggFvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUUQGcKMIMB1YvHguNrtBN/O+znCYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPbHVrYXN6QGxhbmdhLnBsMCwGCisGAQQBg78wAQEEHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDAuBgorBgEEAYO/MAEIBCAMHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABk43d4kwAAAQDAEcwRQIhAP1aIIMfmTWlY4AFegXN2tMa8KyWEgWytzfGodqj5MK+AiBMiejbQYMtnn8G3dzcxgb73sI6X3Y9VypRrPQ+2BXpizAKBggqhkjOPQQDAwNoADBlAjEA5dOgdBqrjV3UtzmGrk7XboUaiaC31bOUovEmM3lPM8f75yvuHqLHxFHRYb66/pR2AjAvdfASd9+vSfOZhgU+SuI7yqJHRR2W9HEWfFJ/ylD6O5jvq7Jj89RqjPY/56pzgn4="}, "tlogEntries": [{"logIndex": "153125339", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733251949", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQCWfGwPTo62Z/ZRWemot0baNqIzk8NkgOnErKNcGr9yZwIgYDkSVZZj1dXSEnrYmCLnTSF+ZPi2WVGIfQaNE+60gEA="}, "inclusionProof": {"logIndex": "31221077", "rootHash": "CgxjjOo9aZHWhFVAsfJkBugtjSsQD8OHBNjPkaHgKTc=", "treeSize": "31221078", "hashes": ["uhJ3YCyxQmBvz2Fu8n+Ww05PJRAU2nemHSQGGGFlfms=", "gY0cbMQCQcEj7ffNNi51pVaZiruqT+3cB+Dba7Gmxd4=", "m6zxQGEBGI3OJHBvuOkUnGlSR+Jt2JZ+RzenGTHbwYg=", "9uvJ6nsFFcO7iFR4Tw8yH0oOvXKul11TbUuENQy2TKk=", "mFUurhY02kRwS+kqOqGgYLFZYh5nQ9NYMtY/EtqykTI=", "Ian0jhOi0sfcLr99+d1R1/aCvZLioGpN5ZGSSYovttU=", "tH2CD4P6s9/APjnJWsTvHjNo8l825tfN4DUr+zItATY=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31221078\nCgxjjOo9aZHWhFVAsfJkBugtjSsQD8OHBNjPkaHgKTc=\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiB80M3LsYgHA0J0/ixs038lqL8G88FqomAMCqfogNRYeAIhAKMQKC1VOYlED8cwFuSVh/3uaCCjPlT2jlHB27KX1ukQ\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIzMTI2ZjU5NTkyYzliMGQ3OTg1ODQ3NTVmMmJmN2IwODFmYTFjYTM1Y2U3YTZmZWE5ODAxMDhkNzUyYTA1YmIxIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUURvVjc3NGRKSHdscGlBNDRzMkRzZ0VCelNNVTArMWdPdE0zT0F3cnFqMnR3SWdXNis0QlUzZTkydXdybjBXdVJZVWZhZEVpNjBlTEhDREZMRi9RZGg1NFVNPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZha05EUVd4VFowRjNTVUpCWjBsVlZ5c3dhak5PZDB0VlNIUnpTVEZ3ZEhsWlJGcGphbWxvWjA0NGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHY3hUV3BKTlZkb1kwNU5hbEY0VFdwQmVrMVVhM2ROYWtrMVYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZaUkdVNGNGSmxkSFZ6T1dwdWVHUTNUVXhyVkZoWkswcEdhMHBFVEhKTlIwYzBNRU1LVWxRMk1XWnFZazVDVEVjNGNWTjFPRFZLWkVVd1N5ODJZMG95Y2pGeWNERkxSMjlTZUVaeGVrSnZjSFY0VEhaeE1FdFBRMEZZVFhkblowWjJUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZWVVVkakNrdE5TVTFDTVZsMlNHZDFUbkowUWs0dlR5dDZia05aZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVlraFdjbGxZVGpaUlIzaG9ZbTFrYUV4dVFuTk5RM2RIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBJYldnd1pFaENlazlwT0haYU1td3dZVWhXYVV4dFRuWmlVemx6WWpKa2NHSnBPWFpaV0ZZd1lVUkJkVUpuYjNKQ1owVkZRVmxQTDAxQlJVbENRMEZOQ2todGFEQmtTRUo2VDJrNGRsb3liREJoU0ZacFRHMU9kbUpUT1hOaU1tUndZbWs1ZGxsWVZqQmhSRU5DYVdkWlMwdDNXVUpDUVVoWFpWRkpSVUZuVWpnS1FraHZRV1ZCUWpKQlRqQTVUVWR5UjNoNFJYbFplR3RsU0Vwc2JrNTNTMmxUYkRZME0ycDVkQzgwWlV0amIwRjJTMlUyVDBGQlFVSnJORE5rTkd0M1FRcEJRVkZFUVVWamQxSlJTV2hCVURGaFNVbE5abTFVVjJ4Wk5FRkdaV2RZVGpKMFRXRTRTM2xYUldkWGVYUjZaa2R2WkhGcU5VMUxLMEZwUWsxcFpXcGlDbEZaVFhSdWJqaEhNMlI2WTNobllqY3pjMGsyV0ROWk9WWjVjRkp5VUZFck1rSlljR2w2UVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV2UVVSQ2JFRnFSVUVLTldSUFoyUkNjWEpxVmpOVmRIcHRSM0pyTjFoaWIxVmhhV0ZETXpGaVQxVnZka1Z0VFROc1VFMDRaamMxZVhaMVNIRk1TSGhHU0ZKWllqWTJMM0JTTWdwQmFrRjJaR1pCVTJRNUszWlRaazlhYUdkVksxTjFTVGQ1Y1VwSVVsSXlWemxJUlZkbVJrb3ZlV3hFTms4MWFuWnhOMHBxT0RsU2NXcFFXUzgxTm5CNkNtZHVORDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "MSb1lZLJsNeYWEdV8r97CB+hyjXOem/qmAEI11KgW7E="}, "signature": "MEUCIQDoV774dJHwlpiA44s2DsgEBzSMU0+1gOtM3OAwrqj2twIgW6+4BU3e92uwrn0WuRYUfadEi60eLHCDFLF/Qdh54UM="}} diff --git a/Python-3.9.22.tar.xz b/Python-3.9.22.tar.xz new file mode 100644 index 0000000..d991e4e --- /dev/null +++ b/Python-3.9.22.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8c136d199d3637a1fce98a16adc809c1d83c922d02d41f3614b34f8b6e7d38ec +size 19652572 diff --git a/Python-3.9.22.tar.xz.sigstore b/Python-3.9.22.tar.xz.sigstore new file mode 100644 index 0000000..e7470a7 --- /dev/null +++ b/Python-3.9.22.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzzCCAlWgAwIBAgIUF5l4z/m7U4YV9ObX9yrHVSrwtQIwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNDA4MTY0MDM2WhcNMjUwNDA4MTY1MDM2WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKB5tIN2pdPcLI8+G/2PvFf5mNXRVX30+9UWQwD1XLtPM2SHNpdOXPTjAqC9BVr2lzSq0y0CBNWlQ7d8vTe7ctaOCAXQwggFwMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkWbkA26gAO+nn/4RBqHwOJwqouYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPbHVrYXN6QGxhbmdhLnBsMCwGCisGAQQBg78wAQEEHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDAuBgorBgEEAYO/MAEIBCAMHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDCBiwYKKwYBBAHWeQIEAgR9BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABlhZGbmQAAAQDAEgwRgIhAL64P7MeYczG0eTPRtbKWh+JK3QONJeTX1Siu1QatF86AiEAgWJoJpZ5wnhvnNll68ZfS4A5NWZrmBQV1jNl6vWn31AwCgYIKoZIzj0EAwMDaAAwZQIwFisaGblldHezzUuq5dHK++zSJ0A+h+TLvlSsP5GortlcKRHvWpNpbNBEgIde2Jh9AjEAi1SXirGnti3TDZHPkuMPpdCT49lydH5aP8RlZfx279WUB5mbJLV+ckvS1lR/vL/S"}, "tlogEntries": [{"logIndex": "193991733", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1744130436", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQCZojFg3d0b1VlT1iIYzQD9qi0Gco8pMfY7ySidgb4VWAIgX2rTgPF7dLilPXnWN4zEd3ZCpuV6RDl8c42m+mok2ks="}, "inclusionProof": {"logIndex": "72087471", "rootHash": "q/PkICD5uDg5OlvIWNsF+lXN1ZiHEWNqVvtzFtmAPlk=", "treeSize": "72087476", "hashes": ["4yUybcYvtBlJ50W9AAsyNwk4NR+F6hiMzaeYCGGB1u8=", "1+97TstZdQ7MhyOhcTb/5wXWWmSsTbW39uY9kLhnhfo=", "q3YXOnHzg/M0HDq9vcHtAaCfgL1bSUam96gi2CbgGnk=", "kV8g3sPKmH7KgUIy4uT6+MtE52LZBdVAU2cDVyNekgU=", "SIo81b3kZgGsX/FWdBQYuvP5papZCszfK1URvAzEKDw=", "qSrXBipOR98Puq+IERBcOWHKeidS0RBLwd959YHA0D4=", "b7hTc5162/5hAKKTNfIy2OShk3XeVpGyGUwnpNrnRWg=", "GXs5uhC5teyVctnWE7ExxF5zLscIRrTKPGgu1U1Juec=", "SEpdK86t0h91343ndP33NAdKXC2lyurSAYMUT30LXYw=", "nATuuvI7Y38ODRIhealRzPKZWWvhMr6ltN0JKaAyLfM=", "TQThq+xH/Rys7mbboD00p4znY8nZ9kiJ56STr/CKVdw=", "7MlcOPugq/cko9b3dV9PgEuxQTnIJE5JYyv5V8MSoKg=", "Y0UveOhlrOl08kRY9fZBgfV5WllXxE42rV8NE+GgwCs=", "RgE76aZZETQ/ZXQCSka8ujxPpjA9SjPpXZFpkrF58Gk=", "+MDT1rEJIJ21rvjo6a7jzRPh//LjIcmfFhNEV/fA+jA=", "QReFEOB9XSZtDKsjRtA0fGnYGMYD2Z7qn50auG1YlWo=", "K26LG80DXyb+bC58c4Nw00WigG52v0PCsZGY3ExGsts=", "WEm5OgPzJpYROv+4CcrieexCYyQKrLUH3hbxmcQQ+DM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n72087476\nq/PkICD5uDg5OlvIWNsF+lXN1ZiHEWNqVvtzFtmAPlk=\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiEAptmnbism1EAeeK49B0IwJz0Y3HYhyW39gnaBoHxVFQECICnFiKtwk9Wce+nL732qSHuv60Qt7s+aJJpXG9NB1c/7\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4YzEzNmQxOTlkMzYzN2ExZmNlOThhMTZhZGM4MDljMWQ4M2M5MjJkMDJkNDFmMzYxNGIzNGY4YjZlN2QzOGVjIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJRTVDSUJaNkEzZ2FsU1lTY1ByVEV2ZU1pcEpQMklwVE1uVHcwWWU1bkNpREFpQk9xaGlUZTFYbFJOanloZW5tS0ZGNzZrVm1PaDA5blpOdXFhWWx6ZjlGaXc9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZla05EUVd4WFowRjNTVUpCWjBsVlJqVnNOSG92YlRkVk5GbFdPVTlpV0RsNWNraFdVM0ozZEZGSmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVFUVRSTlZGa3dUVVJOTWxkb1kwNU5hbFYzVGtSQk5FMVVXVEZOUkUweVYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZMUWpWMFNVNHljR1JRWTB4Sk9DdEhMekpRZGtabU5XMU9XRkpXV0RNd0t6bFZWMUVLZDBReFdFeDBVRTB5VTBoT2NHUlBXRkJVYWtGeFF6bENWbkl5YkhwVGNUQjVNRU5DVGxkc1VUZGtPSFpVWlRkamRHRlBRMEZZVVhkblowWjNUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyVjJKckNrRXlObWRCVHl0dWJpODBVa0p4U0hkUFNuZHhiM1ZaZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVlraFdjbGxZVGpaUlIzaG9ZbTFrYUV4dVFuTk5RM2RIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBJYldnd1pFaENlazlwT0haYU1td3dZVWhXYVV4dFRuWmlVemx6WWpKa2NHSnBPWFpaV0ZZd1lVUkJkVUpuYjNKQ1owVkZRVmxQTDAxQlJVbENRMEZOQ2todGFEQmtTRUo2VDJrNGRsb3liREJoU0ZacFRHMU9kbUpUT1hOaU1tUndZbWs1ZGxsWVZqQmhSRU5DYVhkWlMwdDNXVUpDUVVoWFpWRkpSVUZuVWprS1FraHpRV1ZSUWpOQlRqQTVUVWR5UjNoNFJYbFplR3RsU0Vwc2JrNTNTMmxUYkRZME0ycDVkQzgwWlV0amIwRjJTMlUyVDBGQlFVSnNhRnBIWW0xUlFRcEJRVkZFUVVWbmQxSm5TV2hCVERZMFVEZE5aVmxqZWtjd1pWUlFVblJpUzFkb0swcExNMUZQVGtwbFZGZ3hVMmwxTVZGaGRFWTROa0ZwUlVGblYwcHZDa3B3V2pWM2JtaDJiazVzYkRZNFdtWlRORUUxVGxkYWNtMUNVVll4YWs1c05uWlhiak14UVhkRFoxbEpTMjlhU1hwcU1FVkJkMDFFWVVGQmQxcFJTWGNLUm1sellVZGliR3hrU0dWNmVsVjFjVFZrU0VzckszcFRTakJCSzJnclZFeDJiRk56VURWSGIzSjBiR05MVWtoMlYzQk9jR0pPUWtWblNXUmxNa3BvT1FwQmFrVkJhVEZUV0dseVIyNTBhVE5VUkZwSVVHdDFUVkJ3WkVOVU5EbHNlV1JJTldGUU9GSnNXbVo0TWpjNVYxVkNOVzFpU2t4V0syTnJkbE14YkZJdkNuWk1MMU1LTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "jBNtGZ02N6H86YoWrcgJwdg8ki0C1B82FLNPi259OOw="}, "signature": "MEQCIE5CIBZ6A3galSYScPrTEveMipJP2IpTMnTw0Ye5nCiDAiBOqhiTe1XlRNjyhenmKFF76kVmOh09nZNuqaYlzf9Fiw=="}} diff --git a/python39.changes b/python39.changes index fab7d68..46939e4 100644 --- a/python39.changes +++ b/python39.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Wed Apr 9 20:04:17 UTC 2025 - Matej Cepl + +- Update to 3.9.22: + - gh-131809: Update bundled libexpat to 2.7.1 + - gh-131261: Upgrade to libexpat 2.7.0 + - gh-105704: When using urllib.parse.urlsplit() and + urllib.parse.urlparse() host parsing would not reject domain + names containing square brackets ([ and ]). Square brackets + are only valid for IPv6 and IPvFuture hosts according to RFC + 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938, + gh#python/cpython#105704). + - gh-121284: Fix bug in the folding of rfc2047 encoded-words + when flattening an email message using a modern email + policy. Previously when an encoded-word was too long for + a line, it would be decoded, split across lines, and + re-encoded. But commas and other special characters in the + original text could be left unencoded and unquoted. This + could theoretically be used to spoof header lines using a + carefully constructed encoded-word if the resulting rendered + email was transmitted or re-parsed. + - gh-119511: Fix a potential denial of service in the imaplib + module. When connecting to a malicious server, it could + cause an arbitrary amount of memory to be allocated. On many + systems this is harmless as unused virtual memory is only + a mapping, but if this hit a virtual address size limit + it could lead to a MemoryError or other process crash. On + unusual systems or builds where all allocated memory is + touched and backed by actual ram or storage it could’ve + consumed resources doing so until similarly crashing. + - gh-121277: Writers of CPython’s documentation can now use + next as the version for the versionchanged, versionadded, + deprecated directives. +- Remote upstreamed patch: + - CVE-2025-0938-sq-brackets-domain-names.patch + ------------------------------------------------------------------- Mon Mar 10 15:44:31 UTC 2025 - Bernhard Wiedemann diff --git a/python39.spec b/python39.spec index 7e447e2..4899857 100644 --- a/python39.spec +++ b/python39.spec @@ -99,7 +99,7 @@ %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.9.21 +Version: 3.9.22 Release: 0 Summary: Python 3 Interpreter License: Python-2.0