Accepting request 1099501 from devel:languages:python:Factory

- Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for stabilizing FLAG_REF usage (required for reproduceability; bsc#1213463). - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). OBS-URL: https://build.opensuse.org/request/show/1099501 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=34
2023-07-24 16:12:32 +00:00 · 2023-07-24 16:12:32 +00:00 · 0d124ed5f4
commit 0d124ed5f4
parent 7870b5cb09 32717ebf00
3 changed files with 52 additions and 1 deletions
--- a/gh-78214-marshal_stabilize_FLAG_REF.patch
+++ b/gh-78214-marshal_stabilize_FLAG_REF.patch
@ -0,0 +1,28 @@
 From 6c8ea7c1dacd42f3ba00440231ec0e6b1a38300d Mon Sep 17 00:00:00 2001
 From: Inada Naoki <songofacandy@gmail.com>
 Date: Sat, 14 Jul 2018 00:46:11 +0900
 Subject: [PATCH] Use FLAG_REF always for interned strings
 ---
 Python/marshal.c |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
 --- a/Python/marshal.c
 +++ b/Python/marshal.c
@@ -298,9 +298,14 @@ w_ref(PyObject *v, char *flag, WFILE *p)
     if (p->version < 3 || p->hashtable == NULL)
         return 0; /* not writing object references */
 -    /* if it has only one reference, it definitely isn't shared */
 -    if (Py_REFCNT(v) == 1)
 +    /* If it has only one reference, it definitely isn't shared.
 +     * But we use TYPE_REF always for interned string, to PYC file stable
 +     * as possible.
 +     */
 +    if (Py_REFCNT(v) == 1 &&
 +            !(PyUnicode_CheckExact(v) && PyUnicode_CHECK_INTERNED(v))) {
         return 0;
 +    }
     entry = _Py_hashtable_get_entry(p->hashtable, v);
     if (entry != NULL) {
--- a/python310.changes
+++ b/python310.changes
@ -1,3 +1,18 @@
 -------------------------------------------------------------------
 Wed Jul 19 11:15:39 UTC 2023 - Matej Cepl <mcepl@suse.com>
 - Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for
  stabilizing FLAG_REF usage (required for reproduceability;
  bsc#1213463).
 -------------------------------------------------------------------
 Tue Jul 11 07:35:18 UTC 2023 - Matej Cepl <mcepl@suse.com>
 - (bsc#1210638, CVE-2023-27043) Add
  CVE-2023-27043-email-parsing-errors.patch, which detects email
  address parsing errors and returns empty tuple to indicate the
  parsing error (old API).
 -------------------------------------------------------------------
 Wed Jun 28 16:57:46 UTC 2023 - Matej Cepl <mcepl@suse.com>
--- a/python310.spec
+++ b/python310.spec
@ -168,7 +168,14 @@ Patch35:        fix_configure_rst.patch
 Patch36:        support-expat-CVE-2022-25236-patched.patch
 # PATCH-FIX-UPSTREAM bpo-37596-make-set-marshalling.patch bsc#1211765 mcepl@suse.com
 # Make `set` and `frozenset` marshalling deterministic
-Patch39:        bpo-37596-make-set-marshalling.patch
+Patch38:        bpo-37596-make-set-marshalling.patch
 # PATCH-FIX-UPSTREAM gh-78214-marshal_stabilize_FLAG_REF.patch bsc#1213463 mcepl@suse.com
 # marshal: Stabilize FLAG_REF usage
 Patch39:        gh-78214-marshal_stabilize_FLAG_REF.patch
 # # PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638 mcepl@suse.com
 # # Detect email address parsing errors and return empty tuple to
 # # indicate the parsing error (old API)
 # Patch40:        CVE-2023-27043-email-parsing-errors.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@ -440,6 +447,7 @@ other applications.
 %endif
 %patch35 -p1
 %patch36 -p1
 %patch38 -p1
 %patch39 -p1
 # drop Autoconf version requirement