From 32717ebf0024f42d3214c76d2e2106634b7dec92f0dd9f0d28b268e83f641053 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 19 Jul 2023 11:19:26 +0000 Subject: [PATCH] - Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for stabilizing FLAG_REF usage (required for reproduceability; bsc#1213463). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=101 --- gh-78214-marshal_stabilize_FLAG_REF.patch | 28 +++++++++++++++++++++++ python310.changes | 15 ++++++++++++ python310.spec | 10 +++++++- 3 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 gh-78214-marshal_stabilize_FLAG_REF.patch diff --git a/gh-78214-marshal_stabilize_FLAG_REF.patch b/gh-78214-marshal_stabilize_FLAG_REF.patch new file mode 100644 index 0000000..d255f3c --- /dev/null +++ b/gh-78214-marshal_stabilize_FLAG_REF.patch @@ -0,0 +1,28 @@ +From 6c8ea7c1dacd42f3ba00440231ec0e6b1a38300d Mon Sep 17 00:00:00 2001 +From: Inada Naoki +Date: Sat, 14 Jul 2018 00:46:11 +0900 +Subject: [PATCH] Use FLAG_REF always for interned strings + +--- + Python/marshal.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/Python/marshal.c ++++ b/Python/marshal.c +@@ -298,9 +298,14 @@ w_ref(PyObject *v, char *flag, WFILE *p) + if (p->version < 3 || p->hashtable == NULL) + return 0; /* not writing object references */ + +- /* if it has only one reference, it definitely isn't shared */ +- if (Py_REFCNT(v) == 1) ++ /* If it has only one reference, it definitely isn't shared. ++ * But we use TYPE_REF always for interned string, to PYC file stable ++ * as possible. ++ */ ++ if (Py_REFCNT(v) == 1 && ++ !(PyUnicode_CheckExact(v) && PyUnicode_CHECK_INTERNED(v))) { + return 0; ++ } + + entry = _Py_hashtable_get_entry(p->hashtable, v); + if (entry != NULL) { diff --git a/python310.changes b/python310.changes index cecc8f8..abf5e7a 100644 --- a/python310.changes +++ b/python310.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Wed Jul 19 11:15:39 UTC 2023 - Matej Cepl + +- Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for + stabilizing FLAG_REF usage (required for reproduceability; + bsc#1213463). + +------------------------------------------------------------------- +Tue Jul 11 07:35:18 UTC 2023 - Matej Cepl + +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). + ------------------------------------------------------------------- Wed Jun 28 16:57:46 UTC 2023 - Matej Cepl diff --git a/python310.spec b/python310.spec index 4ff1b07..1243c6b 100644 --- a/python310.spec +++ b/python310.spec @@ -168,7 +168,14 @@ Patch35: fix_configure_rst.patch Patch36: support-expat-CVE-2022-25236-patched.patch # PATCH-FIX-UPSTREAM bpo-37596-make-set-marshalling.patch bsc#1211765 mcepl@suse.com # Make `set` and `frozenset` marshalling deterministic -Patch39: bpo-37596-make-set-marshalling.patch +Patch38: bpo-37596-make-set-marshalling.patch +# PATCH-FIX-UPSTREAM gh-78214-marshal_stabilize_FLAG_REF.patch bsc#1213463 mcepl@suse.com +# marshal: Stabilize FLAG_REF usage +Patch39: gh-78214-marshal_stabilize_FLAG_REF.patch +# # PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638 mcepl@suse.com +# # Detect email address parsing errors and return empty tuple to +# # indicate the parsing error (old API) +# Patch40: CVE-2023-27043-email-parsing-errors.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -440,6 +447,7 @@ other applications. %endif %patch35 -p1 %patch36 -p1 +%patch38 -p1 %patch39 -p1 # drop Autoconf version requirement