diff --git a/gh-78214-marshal_stabilize_FLAG_REF.patch b/gh-78214-marshal_stabilize_FLAG_REF.patch new file mode 100644 index 0000000..d255f3c --- /dev/null +++ b/gh-78214-marshal_stabilize_FLAG_REF.patch @@ -0,0 +1,28 @@ +From 6c8ea7c1dacd42f3ba00440231ec0e6b1a38300d Mon Sep 17 00:00:00 2001 +From: Inada Naoki +Date: Sat, 14 Jul 2018 00:46:11 +0900 +Subject: [PATCH] Use FLAG_REF always for interned strings + +--- + Python/marshal.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/Python/marshal.c ++++ b/Python/marshal.c +@@ -298,9 +298,14 @@ w_ref(PyObject *v, char *flag, WFILE *p) + if (p->version < 3 || p->hashtable == NULL) + return 0; /* not writing object references */ + +- /* if it has only one reference, it definitely isn't shared */ +- if (Py_REFCNT(v) == 1) ++ /* If it has only one reference, it definitely isn't shared. ++ * But we use TYPE_REF always for interned string, to PYC file stable ++ * as possible. ++ */ ++ if (Py_REFCNT(v) == 1 && ++ !(PyUnicode_CheckExact(v) && PyUnicode_CHECK_INTERNED(v))) { + return 0; ++ } + + entry = _Py_hashtable_get_entry(p->hashtable, v); + if (entry != NULL) { diff --git a/python310.changes b/python310.changes index cecc8f8..abf5e7a 100644 --- a/python310.changes +++ b/python310.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Wed Jul 19 11:15:39 UTC 2023 - Matej Cepl + +- Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for + stabilizing FLAG_REF usage (required for reproduceability; + bsc#1213463). + +------------------------------------------------------------------- +Tue Jul 11 07:35:18 UTC 2023 - Matej Cepl + +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). + ------------------------------------------------------------------- Wed Jun 28 16:57:46 UTC 2023 - Matej Cepl diff --git a/python310.spec b/python310.spec index 4ff1b07..1243c6b 100644 --- a/python310.spec +++ b/python310.spec @@ -168,7 +168,14 @@ Patch35: fix_configure_rst.patch Patch36: support-expat-CVE-2022-25236-patched.patch # PATCH-FIX-UPSTREAM bpo-37596-make-set-marshalling.patch bsc#1211765 mcepl@suse.com # Make `set` and `frozenset` marshalling deterministic -Patch39: bpo-37596-make-set-marshalling.patch +Patch38: bpo-37596-make-set-marshalling.patch +# PATCH-FIX-UPSTREAM gh-78214-marshal_stabilize_FLAG_REF.patch bsc#1213463 mcepl@suse.com +# marshal: Stabilize FLAG_REF usage +Patch39: gh-78214-marshal_stabilize_FLAG_REF.patch +# # PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638 mcepl@suse.com +# # Detect email address parsing errors and return empty tuple to +# # indicate the parsing error (old API) +# Patch40: CVE-2023-27043-email-parsing-errors.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -440,6 +447,7 @@ other applications. %endif %patch35 -p1 %patch36 -p1 +%patch38 -p1 %patch39 -p1 # drop Autoconf version requirement