rpm/python310
SHA256
1
0
Fork 0
forked from pool/python310
Code Pull Requests Activity

- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999

Browse Source 
adding reproducibility patches from gh#python/cpython!121872
  and gh#python/cpython!121883.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=140
This commit is contained in:
Matej Cepl 2024-08-07 20:30:36 +00:00 committed by Git OBS Bridge
parent e761be5380
commit 1716dfe088
4 changed files with 67 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
CVE-2024-6923-email-hdr-inject.patch
View File

@ -25,24 +25,22 @@ Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Bas Bloemsaat <bas@bloemsaat.org> Co-authored-by: Bas Bloemsaat <bas@bloemsaat.org>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
--- ---
Doc/library/email.errors.rst | 6 ++ Doc/library/email.errors.rst | 6
Doc/library/email.policy.rst | 18 ++++++ Doc/library/email.policy.rst | 18 ++
Doc/whatsnew/3.10.rst | 12 ++++ Doc/whatsnew/3.10.rst | 12 +
Lib/email/_header_value_parser.py | 12 +++- Lib/email/_header_value_parser.py | 12 +
Lib/email/_policybase.py | 8 +++ Lib/email/_policybase.py | 8 +
Lib/email/errors.py | 4 ++ Lib/email/errors.py | 4
Lib/email/generator.py | 13 +++- Lib/email/generator.py | 13 +-
Lib/test/test_email/test_generator.py | 62 +++++++++++++++++++ Lib/test/test_email/test_generator.py | 62 ++++++++++
Lib/test/test_email/test_policy.py | 26 ++++++++ Lib/test/test_email/test_policy.py | 26 ++++
...-07-27-16-10-41.gh-issue-121650.nf6oc9.rst | 5 ++ Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst | 5
10 files changed, 162 insertions(+), 4 deletions(-) 10 files changed, 162 insertions(+), 4 deletions(-)
create mode 100644 Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst create mode 100644 Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
diff --git a/Doc/library/email.errors.rst b/Doc/library/email.errors.rst
index 194a98696f437d..f737f0282c5489 100644
--- a/Doc/library/email.errors.rst --- a/Doc/library/email.errors.rst
+++ b/Doc/library/email.errors.rst +++ b/Doc/library/email.errors.rst
@@ -59,6 +59,12 @@ The following exception classes are defined in the :mod:`email.errors` module: @@ -59,6 +59,12 @@ The following exception classes are defi
:class:`~email.mime.image.MIMEImage`). :class:`~email.mime.image.MIMEImage`).
@ -55,8 +53,6 @@ index 194a98696f437d..f737f0282c5489 100644
Here is the list of the defects that the :class:`~email.parser.FeedParser` Here is the list of the defects that the :class:`~email.parser.FeedParser`
can find while parsing messages. Note that the defects are added to the message can find while parsing messages. Note that the defects are added to the message
where the problem was found, so for example, if a message nested inside a where the problem was found, so for example, if a message nested inside a
diff --git a/Doc/library/email.policy.rst b/Doc/library/email.policy.rst
index bf53b9520fc723..eba43b5169ddcf 100644
--- a/Doc/library/email.policy.rst --- a/Doc/library/email.policy.rst
+++ b/Doc/library/email.policy.rst +++ b/Doc/library/email.policy.rst
@@ -229,6 +229,24 @@ added matters. To illustrate:: @@ -229,6 +229,24 @@ added matters. To illustrate::
@ -84,11 +80,9 @@ index bf53b9520fc723..eba43b5169ddcf 100644
The following :class:`Policy` method is intended to be called by code using The following :class:`Policy` method is intended to be called by code using
the email library to create policy instances with custom settings: the email library to create policy instances with custom settings:
diff --git a/Doc/whatsnew/3.10.rst b/Doc/whatsnew/3.10.rst
index f71a50163f49ea..2d9f7608162863 100644
--- a/Doc/whatsnew/3.10.rst --- a/Doc/whatsnew/3.10.rst
+++ b/Doc/whatsnew/3.10.rst +++ b/Doc/whatsnew/3.10.rst
@@ -2372,3 +2372,15 @@ ipaddress @@ -2357,3 +2357,15 @@ ipaddress
* Fixed ``is_global`` and ``is_private`` behavior in ``IPv4Address``, * Fixed ``is_global`` and ``is_private`` behavior in ``IPv4Address``,
``IPv6Address``, ``IPv4Network`` and ``IPv6Network``. ``IPv6Address``, ``IPv4Network`` and ``IPv6Network``.
@ -104,11 +98,9 @@ index f71a50163f49ea..2d9f7608162863 100644
+ If you need to turn this safety feature off, + If you need to turn this safety feature off,
+ set :attr:`~email.policy.Policy.verify_generated_headers`. + set :attr:`~email.policy.Policy.verify_generated_headers`.
+ (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`.) + (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`.)
diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py
index e637e6df06612d..e1b99d5b417253 100644
--- a/Lib/email/_header_value_parser.py --- a/Lib/email/_header_value_parser.py
+++ b/Lib/email/_header_value_parser.py +++ b/Lib/email/_header_value_parser.py
@@ -92,6 +92,8 @@ @@ -92,6 +92,8 @@ TOKEN_ENDS = TSPECIALS | WSP
ASPECIALS = TSPECIALS | set("*'%") ASPECIALS = TSPECIALS | set("*'%")
ATTRIBUTE_ENDS = ASPECIALS | WSP ATTRIBUTE_ENDS = ASPECIALS | WSP
EXTENDED_ATTRIBUTE_ENDS = ATTRIBUTE_ENDS - set('%') EXTENDED_ATTRIBUTE_ENDS = ATTRIBUTE_ENDS - set('%')
@ -117,7 +109,7 @@ index e637e6df06612d..e1b99d5b417253 100644
def quote_string(value): def quote_string(value):
return '"'+str(value).replace('\\', '\\\\').replace('"', r'\"')+'"' return '"'+str(value).replace('\\', '\\\\').replace('"', r'\"')+'"'
@@ -2778,9 +2780,13 @@ def _refold_parse_tree(parse_tree, *, policy): @@ -2778,9 +2780,13 @@ def _refold_parse_tree(parse_tree, *, po
wrap_as_ew_blocked -= 1 wrap_as_ew_blocked -= 1
continue continue
tstr = str(part) tstr = str(part)
@ -134,11 +126,9 @@ index e637e6df06612d..e1b99d5b417253 100644
try: try:
tstr.encode(encoding) tstr.encode(encoding)
charset = encoding charset = encoding
diff --git a/Lib/email/_policybase.py b/Lib/email/_policybase.py
index c9cbadd2a80c48..d1f48211f90970 100644
--- a/Lib/email/_policybase.py --- a/Lib/email/_policybase.py
+++ b/Lib/email/_policybase.py +++ b/Lib/email/_policybase.py
@@ -157,6 +157,13 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta): @@ -157,6 +157,13 @@ class Policy(_PolicyBase, metaclass=abc.
message_factory -- the class to use to create new message objects. message_factory -- the class to use to create new message objects.
If the value is None, the default is Message. If the value is None, the default is Message.
@ -152,7 +142,7 @@ index c9cbadd2a80c48..d1f48211f90970 100644
""" """
raise_on_defect = False raise_on_defect = False
@@ -165,6 +172,7 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta): @@ -165,6 +172,7 @@ class Policy(_PolicyBase, metaclass=abc.
max_line_length = 78 max_line_length = 78
mangle_from_ = False mangle_from_ = False
message_factory = None message_factory = None
@ -160,8 +150,6 @@ index c9cbadd2a80c48..d1f48211f90970 100644
def handle_defect(self, obj, defect): def handle_defect(self, obj, defect):
"""Based on policy, either raise defect or call register_defect. """Based on policy, either raise defect or call register_defect.
diff --git a/Lib/email/errors.py b/Lib/email/errors.py
index 3ad00565549968..02aa5eced6ae46 100644
--- a/Lib/email/errors.py --- a/Lib/email/errors.py
+++ b/Lib/email/errors.py +++ b/Lib/email/errors.py
@@ -29,6 +29,10 @@ class CharsetError(MessageError): @@ -29,6 +29,10 @@ class CharsetError(MessageError):
@ -175,11 +163,9 @@ index 3ad00565549968..02aa5eced6ae46 100644
# These are parsing defects which the parser was able to work around. # These are parsing defects which the parser was able to work around.
class MessageDefect(ValueError): class MessageDefect(ValueError):
"""Base class for a message defect.""" """Base class for a message defect."""
diff --git a/Lib/email/generator.py b/Lib/email/generator.py
index c9b121624e08d5..89224ae41cbc67 100644
--- a/Lib/email/generator.py --- a/Lib/email/generator.py
+++ b/Lib/email/generator.py +++ b/Lib/email/generator.py
@@ -14,12 +14,14 @@ @@ -14,12 +14,14 @@ import random
from copy import deepcopy from copy import deepcopy
from io import StringIO, BytesIO from io import StringIO, BytesIO
from email.utils import _has_surrogates from email.utils import _has_surrogates
@ -194,7 +180,7 @@ index c9b121624e08d5..89224ae41cbc67 100644
@@ -223,7 +225,16 @@ def _dispatch(self, msg): @@ -223,7 +225,16 @@ class Generator:
def _write_headers(self, msg): def _write_headers(self, msg):
for h, v in msg.raw_items(): for h, v in msg.raw_items():
@ -212,11 +198,9 @@ index c9b121624e08d5..89224ae41cbc67 100644
# A blank line always separates headers from body # A blank line always separates headers from body
self.write(self._NL) self.write(self._NL)
diff --git a/Lib/test/test_email/test_generator.py b/Lib/test/test_email/test_generator.py
index 89e7edeb63a892..d29400f0ed1dbb 100644
--- a/Lib/test/test_email/test_generator.py --- a/Lib/test/test_email/test_generator.py
+++ b/Lib/test/test_email/test_generator.py +++ b/Lib/test/test_email/test_generator.py
@@ -6,6 +6,7 @@ @@ -6,6 +6,7 @@ from email.message import EmailMessage
from email.generator import Generator, BytesGenerator from email.generator import Generator, BytesGenerator
from email.headerregistry import Address from email.headerregistry import Address
from email import policy from email import policy
@ -224,7 +208,7 @@ index 89e7edeb63a892..d29400f0ed1dbb 100644
from test.test_email import TestEmailBase, parameterize from test.test_email import TestEmailBase, parameterize
@@ -216,6 +217,44 @@ def test_rfc2231_wrapping_switches_to_default_len_if_too_narrow(self): @@ -216,6 +217,44 @@ class TestGeneratorBase:
g.flatten(msg) g.flatten(msg)
self.assertEqual(s.getvalue(), self.typ(expected)) self.assertEqual(s.getvalue(), self.typ(expected))
@ -269,7 +253,7 @@ index 89e7edeb63a892..d29400f0ed1dbb 100644
class TestGenerator(TestGeneratorBase, TestEmailBase): class TestGenerator(TestGeneratorBase, TestEmailBase):
@@ -224,6 +263,29 @@ class TestGenerator(TestGeneratorBase, TestEmailBase): @@ -224,6 +263,29 @@ class TestGenerator(TestGeneratorBase, T
ioclass = io.StringIO ioclass = io.StringIO
typ = str typ = str
@ -299,8 +283,6 @@ index 89e7edeb63a892..d29400f0ed1dbb 100644
class TestBytesGenerator(TestGeneratorBase, TestEmailBase): class TestBytesGenerator(TestGeneratorBase, TestEmailBase):
diff --git a/Lib/test/test_email/test_policy.py b/Lib/test/test_email/test_policy.py
index e87c275549406d..ff1ddf7d7a8fca 100644
--- a/Lib/test/test_email/test_policy.py --- a/Lib/test/test_email/test_policy.py
+++ b/Lib/test/test_email/test_policy.py +++ b/Lib/test/test_email/test_policy.py
@@ -26,6 +26,7 @@ class PolicyAPITests(unittest.TestCase): @@ -26,6 +26,7 @@ class PolicyAPITests(unittest.TestCase):
@ -311,7 +293,7 @@ index e87c275549406d..ff1ddf7d7a8fca 100644
} }
# These default values are the ones set on email.policy.default. # These default values are the ones set on email.policy.default.
# If any of these defaults change, the docs must be updated. # If any of these defaults change, the docs must be updated.
@@ -277,6 +278,31 @@ def test_short_maxlen_error(self): @@ -277,6 +278,31 @@ class PolicyAPITests(unittest.TestCase):
with self.assertRaises(email.errors.HeaderParseError): with self.assertRaises(email.errors.HeaderParseError):
policy.fold("Subject", subject) policy.fold("Subject", subject)
@ -343,9 +325,6 @@ index e87c275549406d..ff1ddf7d7a8fca 100644
# XXX: Need subclassing tests. # XXX: Need subclassing tests.
# For adding subclassed objects, make sure the usual rules apply (subclass # For adding subclassed objects, make sure the usual rules apply (subclass
# wins), but that the order still works (right overrides left). # wins), but that the order still works (right overrides left).
diff --git a/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
new file mode 100644
index 00000000000000..83dd28d4ac575b
--- /dev/null --- /dev/null
+++ b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst +++ b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
@@ -0,0 +1,5 @@ @@ -0,0 +1,5 @@

37
bso1227999-reproducible-builds.patch Normal file
View File

@ -0,0 +1,37 @@
From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
Date: Tue, 16 Jul 2024 21:39:33 +0200
Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH
to make builds reproducible.
See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.
---
Doc/conf.py | 3 ++-
Doc/library/functions.rst | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
--- a/Doc/conf.py
+++ b/Doc/conf.py
@@ -89,7 +89,8 @@ html_short_title = '%s Documentation' %
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
-html_last_updated_fmt = '%b %d, %Y'
+html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))
+html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time))
# Path to find HTML templates.
templates_path = ['tools/templates']
--- a/Doc/library/functions.rst
+++ b/Doc/library/functions.rst
@@ -1320,7 +1320,7 @@ are always available. They are listed h
(where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`,
and :mod:`shutil`.
- .. audit-event:: open file,mode,flags open
+ .. audit-event:: open path,mode,flags open
The ``mode`` and ``flags`` arguments may have been modified or inferred from
the original call.

3
python310.changes
View File

@ -4,6 +4,9 @@ Wed Aug 7 13:40:44 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email - Add CVE-2024-6923-email-hdr-inject.patch to prevent email
header injection due to unquoted newlines (bsc#1228780, header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923). CVE-2024-6923).
- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999
adding reproducibility patches from gh#python/cpython!121872
and gh#python/cpython!121883.
- %{profileopt} variable is set according to the variable - %{profileopt} variable is set according to the variable
%{do_profiling} (bsc#1227999) %{do_profiling} (bsc#1227999)
- Update bluez-devel-vendor.tar.xz - Update bluez-devel-vendor.tar.xz

6
python310.spec
View File

@ -203,9 +203,12 @@ Patch22: CVE-2023-52425-libexpat-2.6.0-backport.patch
# PATCH-FIX-UPSTREAM CVE-2024-4032-private-IP-addrs.patch bsc#1226448 mcepl@suse.com # PATCH-FIX-UPSTREAM CVE-2024-4032-private-IP-addrs.patch bsc#1226448 mcepl@suse.com
# rearrange definition of private v global IP addresses # rearrange definition of private v global IP addresses
Patch23: CVE-2024-4032-private-IP-addrs.patch Patch23: CVE-2024-4032-private-IP-addrs.patch
# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com
# reproducibility patches
Patch24: bso1227999-reproducible-builds.patch
# PATCH-FIX-UPSTREAM CVE-2024-6923-email-hdr-inject.patch bsc#1228780 mcepl@suse.com # PATCH-FIX-UPSTREAM CVE-2024-6923-email-hdr-inject.patch bsc#1228780 mcepl@suse.com
# prevent email header injection, patch from gh#python/cpython!122608 # prevent email header injection, patch from gh#python/cpython!122608
Patch24: CVE-2024-6923-email-hdr-inject.patch Patch25: CVE-2024-6923-email-hdr-inject.patch
BuildRequires: autoconf-archive BuildRequires: autoconf-archive
BuildRequires: automake BuildRequires: automake
BuildRequires: fdupes BuildRequires: fdupes
@ -485,6 +488,7 @@ other applications.
%patch -p1 -P 22 %patch -p1 -P 22
%patch -p1 -P 23 %patch -p1 -P 23
%patch -p1 -P 24 %patch -p1 -P 24
%patch -p1 -P 25
# drop Autoconf version requirement # drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac