diff --git a/python-base.changes b/python-base.changes index 092c6ec..d465808 100644 --- a/python-base.changes +++ b/python-base.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Sat May 11 05:46:55 UTC 2024 - Matej Cepl + +- Switch to using the system libexpat (bsc#1219559, + CVE-2023-52425) +- Make sure to remove all embedded versions of other packages + (including expat). + ------------------------------------------------------------------- Tue Apr 16 15:39:24 UTC 2024 - Matej Cepl diff --git a/python-base.spec b/python-base.spec index e0ca3e0..e5affbe 100644 --- a/python-base.spec +++ b/python-base.spec @@ -346,6 +346,19 @@ cp -p %{SOURCE1} macros.python2 sed -i -e 's/python2_package_prefix python2/python2_package_prefix python/' macros.python2 %endif +# Ensure that we're using the system copy of various libraries, rather than +# copies shipped by upstream in the tarball: +# Remove embedded copy of expat: +rm -r Modules/expat || exit 1 + +# Remove embedded copy of libffi: +for SUBDIR in darwin libffi libffi_arm_wince libffi_msvc libffi_osx ; do + rm -r Modules/_ctypes/$SUBDIR || exit 1 ; +done + +# Remove embedded copy of zlib: +rm -r Modules/zlib || exit 1 + %build %define _lto_cflags %{nil} # -std=gnu89 option is needed to build with gcc14, bsc#1220970 diff --git a/python-doc.changes b/python-doc.changes index 092c6ec..d465808 100644 --- a/python-doc.changes +++ b/python-doc.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Sat May 11 05:46:55 UTC 2024 - Matej Cepl + +- Switch to using the system libexpat (bsc#1219559, + CVE-2023-52425) +- Make sure to remove all embedded versions of other packages + (including expat). + ------------------------------------------------------------------- Tue Apr 16 15:39:24 UTC 2024 - Matej Cepl diff --git a/python.changes b/python.changes index 092c6ec..d465808 100644 --- a/python.changes +++ b/python.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Sat May 11 05:46:55 UTC 2024 - Matej Cepl + +- Switch to using the system libexpat (bsc#1219559, + CVE-2023-52425) +- Make sure to remove all embedded versions of other packages + (including expat). + ------------------------------------------------------------------- Tue Apr 16 15:39:24 UTC 2024 - Matej Cepl