From 773b5da2c2d86a5fccc2e9abda5c18407b28467b03b6d7bc4681fcde73793f7f Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Sat, 11 May 2024 05:48:37 +0000 Subject: [PATCH] - Switch to using the system libexpat (bsc#1219559, CVE-2023-52425) - Make sure to remove all embedded versions of other packages (including expat). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=414 --- python-base.changes | 8 ++++++++ python-base.spec | 13 +++++++++++++ python-doc.changes | 8 ++++++++ python.changes | 8 ++++++++ 4 files changed, 37 insertions(+) diff --git a/python-base.changes b/python-base.changes index 092c6ec..d465808 100644 --- a/python-base.changes +++ b/python-base.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Sat May 11 05:46:55 UTC 2024 - Matej Cepl + +- Switch to using the system libexpat (bsc#1219559, + CVE-2023-52425) +- Make sure to remove all embedded versions of other packages + (including expat). + ------------------------------------------------------------------- Tue Apr 16 15:39:24 UTC 2024 - Matej Cepl diff --git a/python-base.spec b/python-base.spec index e0ca3e0..e5affbe 100644 --- a/python-base.spec +++ b/python-base.spec @@ -346,6 +346,19 @@ cp -p %{SOURCE1} macros.python2 sed -i -e 's/python2_package_prefix python2/python2_package_prefix python/' macros.python2 %endif +# Ensure that we're using the system copy of various libraries, rather than +# copies shipped by upstream in the tarball: +# Remove embedded copy of expat: +rm -r Modules/expat || exit 1 + +# Remove embedded copy of libffi: +for SUBDIR in darwin libffi libffi_arm_wince libffi_msvc libffi_osx ; do + rm -r Modules/_ctypes/$SUBDIR || exit 1 ; +done + +# Remove embedded copy of zlib: +rm -r Modules/zlib || exit 1 + %build %define _lto_cflags %{nil} # -std=gnu89 option is needed to build with gcc14, bsc#1220970 diff --git a/python-doc.changes b/python-doc.changes index 092c6ec..d465808 100644 --- a/python-doc.changes +++ b/python-doc.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Sat May 11 05:46:55 UTC 2024 - Matej Cepl + +- Switch to using the system libexpat (bsc#1219559, + CVE-2023-52425) +- Make sure to remove all embedded versions of other packages + (including expat). + ------------------------------------------------------------------- Tue Apr 16 15:39:24 UTC 2024 - Matej Cepl diff --git a/python.changes b/python.changes index 092c6ec..d465808 100644 --- a/python.changes +++ b/python.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Sat May 11 05:46:55 UTC 2024 - Matej Cepl + +- Switch to using the system libexpat (bsc#1219559, + CVE-2023-52425) +- Make sure to remove all embedded versions of other packages + (including expat). + ------------------------------------------------------------------- Tue Apr 16 15:39:24 UTC 2024 - Matej Cepl