rpm/python38
SHA256
1
0
Fork 0
forked from pool/python38
Code Pull Requests Activity

- Update to 3.8.19:

Browse Source 
- Security
    - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
      (CVE-2023-52425) by adding five new methods:
        xml.etree.ElementTree.XMLParser.flush()
        xml.etree.ElementTree.XMLPullParser.flush()
        xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
        xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
        xml.sax.expatreader.ExpatParser.flush()
    - gh-115399: Update bundled libexpat to 2.6.0
    - gh-113659: Skip .pth files with names starting with a dot
      or hidden file attribute.
  - Core and Builtins
    - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004
      codecs read out of bounds
  - Library
    - gh-115197: urllib.request no longer resolves the hostname
      before checking it against the system’s proxy bypass list
      on macOS and Windows.
    - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
    - gh-81194: Fix a crash in socket.if_indextoname() with
      specific value (UINT_MAX). Fix an integer overflow in
      socket.if_indextoname() on 64-bit non-Windows platforms.
    - gh-109858: Protect zipfile from “quoted-overlap”
      zipbomb. It now raises BadZipFile when try to read an entry
      that overlaps with other entry or central directory.
    - gh-107077: Seems that in some conditions, OpenSSL will
      return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL
      when a certification verification has failed, but
      the error parameters will still contain ERR_LIB_SSL

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=149
This commit is contained in:
Matej Cepl 2024-03-21 20:34:23 +00:00 committed by Git OBS Bridge
parent 9e0baf2aee
commit 9921186373
14 changed files with 97 additions and 348 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CVE-2019-5010-null-defer-x509-cert-DOS.patch
View File

@ -21,7 +21,7 @@ https://bugs.python.org/issue35746
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -501,6 +501,27 @@ class BasicSocketTests(unittest.TestCase
@@ -507,6 +507,27 @@ class BasicSocketTests(unittest.TestCase
}
)

191
CVE-2023-6597-TempDir-cleaning-symlink.patch
View File

@ -1,191 +0,0 @@
---
Lib/tempfile.py | 26 +-
Lib/test/test_tempfile.py | 117 +++++++++-
Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst | 2
3 files changed, 136 insertions(+), 9 deletions(-)
--- a/Lib/tempfile.py
+++ b/Lib/tempfile.py
@@ -263,6 +263,22 @@ def _mkstemp_inner(dir, pre, suf, flags,
raise FileExistsError(_errno.EEXIST,
"No usable temporary file name found")
+def _dont_follow_symlinks(func, path, *args):
+ # Pass follow_symlinks=False, unless not supported on this platform.
+ if func in _os.supports_follow_symlinks:
+ func(path, *args, follow_symlinks=False)
+ elif _os.name == 'nt' or not _os.path.islink(path):
+ func(path, *args)
+
+def _resetperms(path):
+ try:
+ chflags = _os.chflags
+ except AttributeError:
+ pass
+ else:
+ _dont_follow_symlinks(chflags, path, 0)
+ _dont_follow_symlinks(_os.chmod, path, 0o700)
+
# User visible interfaces.
@@ -786,17 +802,11 @@ class TemporaryDirectory(object):
def _rmtree(cls, name):
def onerror(func, path, exc_info):
if issubclass(exc_info[0], PermissionError):
- def resetperms(path):
- try:
- _os.chflags(path, 0)
- except AttributeError:
- pass
- _os.chmod(path, 0o700)
try:
if path != name:
- resetperms(_os.path.dirname(path))
- resetperms(path)
+ _resetperms(_os.path.dirname(path))
+ _resetperms(path)
try:
_os.unlink(path)
--- a/Lib/test/test_tempfile.py
+++ b/Lib/test/test_tempfile.py
@@ -1377,6 +1377,103 @@ class TestTemporaryDirectory(BaseTestCas
"were deleted")
d2.cleanup()
+ @support.skip_unless_symlink
+ def test_cleanup_with_symlink_modes(self):
+ # cleanup() should not follow symlinks when fixing mode bits (#91133)
+ with self.do_create(recurse=0) as d2:
+ file1 = os.path.join(d2, 'file1')
+ open(file1, 'wb').close()
+ dir1 = os.path.join(d2, 'dir1')
+ os.mkdir(dir1)
+ for mode in range(8):
+ mode <<= 6
+ with self.subTest(mode=format(mode, '03o')):
+ def test(target, target_is_directory):
+ d1 = self.do_create(recurse=0)
+ symlink = os.path.join(d1.name, 'symlink')
+ os.symlink(target, symlink,
+ target_is_directory=target_is_directory)
+ try:
+ os.chmod(symlink, mode, follow_symlinks=False)
+ except NotImplementedError:
+ pass
+ try:
+ os.chmod(symlink, mode)
+ except FileNotFoundError:
+ pass
+ os.chmod(d1.name, mode)
+ d1.cleanup()
+ self.assertFalse(os.path.exists(d1.name))
+
+ with self.subTest('nonexisting file'):
+ test('nonexisting', target_is_directory=False)
+ with self.subTest('nonexisting dir'):
+ test('nonexisting', target_is_directory=True)
+
+ with self.subTest('existing file'):
+ os.chmod(file1, mode)
+ old_mode = os.stat(file1).st_mode
+ test(file1, target_is_directory=False)
+ new_mode = os.stat(file1).st_mode
+ self.assertEqual(new_mode, old_mode,
+ '%03o != %03o' % (new_mode, old_mode))
+
+ with self.subTest('existing dir'):
+ os.chmod(dir1, mode)
+ old_mode = os.stat(dir1).st_mode
+ test(dir1, target_is_directory=True)
+ new_mode = os.stat(dir1).st_mode
+ self.assertEqual(new_mode, old_mode,
+ '%03o != %03o' % (new_mode, old_mode))
+
+ @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.chflags')
+ @support.skip_unless_symlink
+ def test_cleanup_with_symlink_flags(self):
+ # cleanup() should not follow symlinks when fixing flags (#91133)
+ flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK
+ self.check_flags(flags)
+
+ with self.do_create(recurse=0) as d2:
+ file1 = os.path.join(d2, 'file1')
+ open(file1, 'wb').close()
+ dir1 = os.path.join(d2, 'dir1')
+ os.mkdir(dir1)
+ def test(target, target_is_directory):
+ d1 = self.do_create(recurse=0)
+ symlink = os.path.join(d1.name, 'symlink')
+ os.symlink(target, symlink,
+ target_is_directory=target_is_directory)
+ try:
+ os.chflags(symlink, flags, follow_symlinks=False)
+ except NotImplementedError:
+ pass
+ try:
+ os.chflags(symlink, flags)
+ except FileNotFoundError:
+ pass
+ os.chflags(d1.name, flags)
+ d1.cleanup()
+ self.assertFalse(os.path.exists(d1.name))
+
+ with self.subTest('nonexisting file'):
+ test('nonexisting', target_is_directory=False)
+ with self.subTest('nonexisting dir'):
+ test('nonexisting', target_is_directory=True)
+
+ with self.subTest('existing file'):
+ os.chflags(file1, flags)
+ old_flags = os.stat(file1).st_flags
+ test(file1, target_is_directory=False)
+ new_flags = os.stat(file1).st_flags
+ self.assertEqual(new_flags, old_flags)
+
+ with self.subTest('existing dir'):
+ os.chflags(dir1, flags)
+ old_flags = os.stat(dir1).st_flags
+ test(dir1, target_is_directory=True)
+ new_flags = os.stat(dir1).st_flags
+ self.assertEqual(new_flags, old_flags)
+
@support.cpython_only
def test_del_on_collection(self):
# A TemporaryDirectory is deleted when garbage collected
@@ -1489,9 +1586,27 @@ class TestTemporaryDirectory(BaseTestCas
d.cleanup()
self.assertFalse(os.path.exists(d.name))
- @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.lchflags')
+ def check_flags(self, flags):
+ # skip the test if these flags are not supported (ex: FreeBSD 13)
+ filename = support.TESTFN
+ try:
+ open(filename, "w").close()
+ try:
+ os.chflags(filename, flags)
+ except OSError as exc:
+ # "OSError: [Errno 45] Operation not supported"
+ self.skipTest(f"chflags() doesn't support flags "
+ f"{flags:#b}: {exc}")
+ else:
+ os.chflags(filename, 0)
+ finally:
+ support.unlink(filename)
+
+ @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.chflags')
def test_flags(self):
flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK
+ self.check_flags(flags)
+
d = self.do_create(recurse=3, dirs=2, files=2)
with d:
# Change files and directories flags recursively.
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst
@@ -0,0 +1,2 @@
+Fix a bug in :class:`tempfile.TemporaryDirectory` cleanup, which now no longer
+dereferences symlinks when working around file system permission errors.

6
F00102-lib64.patch
View File

@ -82,7 +82,7 @@ Co-authored-by: Iryna Shcherbina <shcherbina.iryna@gmail.com>
os.path.join(destination, "include", "python", "foopkg"))
--- a/Lib/site.py
+++ b/Lib/site.py
@@ -335,11 +335,15 @@ def getsitepackages(prefixes=None):
@@ -344,11 +344,15 @@ def getsitepackages(prefixes=None):
seen.add(prefix)
if os.sep == '/':
@ -130,7 +130,7 @@ Co-authored-by: Iryna Shcherbina <shcherbina.iryna@gmail.com>
'data': '{userbase}',
--- a/Lib/test/test_site.py
+++ b/Lib/test/test_site.py
@@ -268,8 +268,8 @@ class HelperFunctionsTests(unittest.Test
@@ -307,8 +307,8 @@ class HelperFunctionsTests(unittest.Test
dirs = site.getsitepackages()
if os.sep == '/':
# OS X, Linux, FreeBSD, etc
@ -183,7 +183,7 @@ Co-authored-by: Iryna Shcherbina <shcherbina.iryna@gmail.com>
}
--- a/configure
+++ b/configure
@@ -15264,9 +15264,9 @@ fi
@@ -15276,9 +15276,9 @@ fi
if test x$PLATFORM_TRIPLET = x; then

13
F00251-change-user-install-location.patch
View File

@ -9,12 +9,10 @@ is not detected to make pip and distutils install into separate location.
Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe
---
Lib/distutils/command/install.py | 15 +++++++++++++--
Lib/site.py | 9 ++++++++-
Lib/distutils/command/install.py | 15 +++++++++++++--
Lib/site.py | 9 ++++++++-
2 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/Lib/distutils/command/install.py b/Lib/distutils/command/install.py
index ae4f915669..0e4fd5b74a 100644
--- a/Lib/distutils/command/install.py
+++ b/Lib/distutils/command/install.py
@@ -418,8 +418,19 @@ class install(Command):
@ -39,11 +37,9 @@ index ae4f915669..0e4fd5b74a 100644
else:
if self.exec_prefix is None:
diff --git a/Lib/site.py b/Lib/site.py
index 22d53fa562..9513526109 100644
--- a/Lib/site.py
+++ b/Lib/site.py
@@ -348,7 +348,14 @@ def getsitepackages(prefixes=None):
@@ -357,7 +357,14 @@ def getsitepackages(prefixes=None):
return sitepackages
def addsitepackages(known_paths, prefixes=None):
@ -59,6 +55,3 @@ index 22d53fa562..9513526109 100644
for sitedir in getsitepackages(prefixes):
if os.path.isdir(sitedir):
addsitedir(sitedir, known_paths)
--
2.21.0

3
Python-3.8.18.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3ffb71cd349a326ba7b2fadc7e7df86ba577dd9c4917e52a8401adbda7405e3f
size 20696952

16
Python-3.8.18.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmTnuvoACgkQsmmV4xAl
BWj4nA//brAaCYj+V6woO1gcYScI2xk2Ncmq3Mj1T/s0tkLxpFcaevsu4snnY4tV
VhGVTMZPBSi7F1stLXwwb2WLisuNsr2oYCdze2BKyMWyRrF1SlLX+Uj7R5PQbZRn
b7PuFTQcfUxXISkof6fL8dhfF+uWkLUO83xxb/Yxl37IXZVIXaJbOFQtIVRxhbFC
U4yAwKdzMLpvwOdzHgc5l6GewUdIkBWGVObalSXs8jCOeu+GY/Q17oUQv9pxsSp6
UY1nnvfYSPzOeIB5QzdNVoISP4DZRacZu5k26niK2QhUUdey66KWPBUgxQ5jFoJl
bhpA1Idp9p54sNgZOSYkWsMvoLSBkXuzfcmfgGCANZ2FYkGCs0En6YbUHwBTjWdk
ll+ZrxZuYTy1JfP0fFEp1vLBBSdjla5MIDFp5DRT0GL82GvwGvPyH5JEhhinFReZ
kkdk2leRUWKhNhGfv9Ln3A/glNX2txIDKuXT1/N2CQXxfOpQA6QqFGjkUVAQa8iY
LqpHyTs66pmrTqqEzbRUv6o+fEvJPzMzhs526EBvpzj/xhCY2we84FEAzKtF6Vmm
vT4bHKhw6eKfpGZFbSQrH2mnl4b7B/6zPfzsotec44tNijeuc/fAlJfaINg2Xvcg
9rhOV6KGsNI6K5PNdemQxJ1hoeDS7WnKJPAutQQor1uqrvekby0=
=F51n
-----END PGP SIGNATURE-----

3
Python-3.8.19.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d2807ac69f69b84fd46a0b93bbd02a4fa48d3e70f4b2835ff0f72a2885040076
size 18975156

16
Python-3.8.19.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmX5t/gACgkQsmmV4xAl
BWgW0RAAkQYR6L3LNvuAg3OS/wD6Kouv3CnXeAwYY/BHglsHawtz+gM4jZRK8fIo
vEKBk6uoZBvXX1yJR+cxLZOxb9K/X7zYJXyBxRav8veBzXePTVhJBNSS/ckE0ARN
bD8M2P/7byMlm616aNNE1hrIIaxNoX8/yTEK3DmISQonc8vCW6ygIXm3Vw/6rqG8
n16MGG2r4dNEI+pEs8LPj8/VBaHHkbyvK9y2DQ8ywBqsaE459bN4HdzTkMxh28s0
scDl33PwTabFgVUTXILs+vBNnHc6ylo6gEd6fAe7Epec5wnvexKykel9ZtidxHwB
KQl2YKErJGF97T1Aj/Cru82jBYS/YS2QVy2cX0sYhiTgOXsvB7vOViFESR3IlSEL
aQv+f+lBXZp8T4MbDuzz2H7dqNY0sYqmTcqJU9r4H+RGLw43PHLSRVfIDPiaheA+
n1ZYzzgfm2uucO+iIpDwAOvTWznj4YcFwX116fn2kJYLtJeI58wVIbtMTDCl/l9U
hNY+b5L5JsHlyoRSjDwAtQVBm3fS0YqV4OhWglhvvuEdobRK+F3+hmHvo18YxZyl
WXLBUwZy9LQoEyuc1YFemWYw7g3u1ru8WTCFtPm91OeErkKq3QuqwiCjROgUmN9D
xUypHTocPhkdF1yEVqG+HMDin9Rw+l2KMgFt5XLNYFvAycGlsk4=
=Uo2Y
-----END PGP SIGNATURE-----

8
SUSE-FEDORA-multilib.patch
View File

@ -86,7 +86,7 @@
else:
--- a/Lib/site.py
+++ b/Lib/site.py
@@ -335,12 +335,18 @@ def getsitepackages(prefixes=None):
@@ -344,12 +344,18 @@ def getsitepackages(prefixes=None):
seen.add(prefix)
if os.sep == '/':
@ -107,7 +107,7 @@
else:
sitepackages.append(prefix)
sitepackages.append(os.path.join(prefix, "lib64", "site-packages"))
@@ -348,14 +354,7 @@ def getsitepackages(prefixes=None):
@@ -357,14 +363,7 @@ def getsitepackages(prefixes=None):
return sitepackages
def addsitepackages(known_paths, prefixes=None):
@ -198,7 +198,7 @@
os.makedirs(lib_dynload)
--- a/Lib/test/test_site.py
+++ b/Lib/test/test_site.py
@@ -268,8 +268,11 @@ class HelperFunctionsTests(unittest.Test
@@ -307,8 +307,11 @@ class HelperFunctionsTests(unittest.Test
dirs = site.getsitepackages()
if os.sep == '/':
# OS X, Linux, FreeBSD, etc
@ -341,7 +341,7 @@
}
--- a/configure
+++ b/configure
@@ -15264,9 +15264,9 @@ fi
@@ -15276,9 +15276,9 @@ fi
if test x$PLATFORM_TRIPLET = x; then

107
libexpat260.patch
View File

@ -1,107 +0,0 @@
From f2eebf3c38eae77765247791576b437ec25ccfe2 Mon Sep 17 00:00:00 2001
From: Serhiy Storchaka <storchaka@gmail.com>
Date: Sun, 11 Feb 2024 12:08:39 +0200
Subject: [PATCH] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0
(GH-115164)
Feeding the parser by too small chunks defers parsing to prevent
CVE-2023-52425. Future versions of Expat may be more reactive.
(cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
---
Lib/test/test_xml_etree.py | 58 ++++++++++++-------
...-02-08-14-21-28.gh-issue-115133.ycl4ko.rst | 2 +
2 files changed, 38 insertions(+), 22 deletions(-)
create mode 100644 Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
Index: Python-3.8.18/Lib/test/test_xml_etree.py
===================================================================
--- Python-3.8.18.orig/Lib/test/test_xml_etree.py
+++ Python-3.8.18/Lib/test/test_xml_etree.py
@@ -14,6 +14,7 @@ import locale
import operator
import os
import pickle
+import pyexpat
import sys
import textwrap
import types
@@ -103,6 +104,10 @@ EXTERNAL_ENTITY_XML = """\
<document>&entity;</document>
"""
+fails_with_expat_2_6_0 = (unittest.expectedFailure
+ if pyexpat.version_info >= (2, 6, 0) else
+ lambda test: test)
+
def checkwarnings(*filters, quiet=False):
def decorator(test):
def newtest(*args, **kwargs):
@@ -1266,28 +1271,37 @@ class XMLPullParserTest(unittest.TestCas
self.assertEqual([(action, elem.tag) for action, elem in events],
expected)
- def test_simple_xml(self):
- for chunk_size in (None, 1, 5):
- with self.subTest(chunk_size=chunk_size):
- parser = ET.XMLPullParser()
- self.assert_event_tags(parser, [])
- self._feed(parser, "<!-- comment -->\n", chunk_size)
- self.assert_event_tags(parser, [])
- self._feed(parser,
- "<root>\n <element key='value'>text</element",
- chunk_size)
- self.assert_event_tags(parser, [])
- self._feed(parser, ">\n", chunk_size)
- self.assert_event_tags(parser, [('end', 'element')])
- self._feed(parser, "<element>text</element>tail\n", chunk_size)
- self._feed(parser, "<empty-element/>\n", chunk_size)
- self.assert_event_tags(parser, [
- ('end', 'element'),
- ('end', 'empty-element'),
- ])
- self._feed(parser, "</root>\n", chunk_size)
- self.assert_event_tags(parser, [('end', 'root')])
- self.assertIsNone(parser.close())
+ def test_simple_xml(self, chunk_size=None):
+ parser = ET.XMLPullParser()
+ self.assert_event_tags(parser, [])
+ self._feed(parser, "<!-- comment -->\n", chunk_size)
+ self.assert_event_tags(parser, [])
+ self._feed(parser,
+ "<root>\n <element key='value'>text</element",
+ chunk_size)
+ self.assert_event_tags(parser, [])
+ self._feed(parser, ">\n", chunk_size)
+ self.assert_event_tags(parser, [('end', 'element')])
+ self._feed(parser, "<element>text</element>tail\n", chunk_size)
+ self._feed(parser, "<empty-element/>\n", chunk_size)
+ self.assert_event_tags(parser, [
+ ('end', 'element'),
+ ('end', 'empty-element'),
+ ])
+ self._feed(parser, "</root>\n", chunk_size)
+ self.assert_event_tags(parser, [('end', 'root')])
+ self.assertIsNone(parser.close())
+
+ @fails_with_expat_2_6_0
+ def test_simple_xml_chunk_1(self):
+ self.test_simple_xml(chunk_size=1)
+
+ @fails_with_expat_2_6_0
+ def test_simple_xml_chunk_5(self):
+ self.test_simple_xml(chunk_size=5)
+
+ def test_simple_xml_chunk_22(self):
+ self.test_simple_xml(chunk_size=22)
def test_feed_while_iterating(self):
parser = ET.XMLPullParser()
Index: Python-3.8.18/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
===================================================================
--- /dev/null
+++ Python-3.8.18/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
@@ -0,0 +1,2 @@
+Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat
+2.6.0.

8
python-3.3.0b1-localpath.patch
View File

@ -1,7 +1,11 @@
---
Lib/site.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/Lib/site.py
+++ b/Lib/site.py
@@ -76,7 +76,7 @@ import _sitebuiltins
import io
@@ -77,7 +77,7 @@ import io
import stat
# Prefixes for site-packages; add additional prefixes like /usr/local here
-PREFIXES = [sys.prefix, sys.exec_prefix]

57
python38.changes
View File

@ -1,3 +1,60 @@
-------------------------------------------------------------------
Thu Mar 21 20:29:12 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Update to 3.8.19:
- Security
- gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
(CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
- gh-115399: Update bundled libexpat to 2.6.0
- gh-113659: Skip .pth files with names starting with a dot
or hidden file attribute.
- Core and Builtins
- gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004
codecs read out of bounds
- Library
- gh-115197: urllib.request no longer resolves the hostname
before checking it against the systems proxy bypass list
on macOS and Windows.
- gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
- gh-81194: Fix a crash in socket.if_indextoname() with
specific value (UINT_MAX). Fix an integer overflow in
socket.if_indextoname() on 64-bit non-Windows platforms.
- gh-109858: Protect zipfile from “quoted-overlap”
zipbomb. It now raises BadZipFile when try to read an entry
that overlaps with other entry or central directory.
- gh-107077: Seems that in some conditions, OpenSSL will
return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL
when a certification verification has failed, but
the error parameters will still contain ERR_LIB_SSL
and SSL_R_CERTIFICATE_VERIFY_FAILED. We are now
detecting this situation and raising the appropiate
ssl.SSLCertVerificationError. Patch by Pablo Galindo
- gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup,
which now no longer dereferences symlinks when working
around file system permission errors.
- Documentation
- gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under
“XML vulnerabilities”.
- Tests
- gh-108310: SSL tests for pre-handshake close were
previously not enabled on Python 3.8 due to an incorrect
backport. This is now fixed. Patch by Lumír Balhar.
- Remove upstreamed patches:
- CVE-2023-6597-TempDir-cleaning-symlink.patch
- libexpat260.patch
- Refreshed patches:
- CVE-2019-5010-null-defer-x509-cert-DOS.patch
- F00102-lib64.patch
- F00251-change-user-install-location.patch
- python-3.3.0b1-localpath.patch
- skip_random_failing_tests.patch
- SUSE-FEDORA-multilib.patch
-------------------------------------------------------------------
Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

10
python38.spec
View File

@ -92,7 +92,7 @@
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
Version: 3.8.18
Version: 3.8.19
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@ -183,12 +183,6 @@ Patch41: 99366-patch.dict-can-decorate-async.patch
# Detect email address parsing errors and return empty tuple to
# indicate the parsing error (old API), from gh#python/cpython!105127
Patch42: CVE-2023-27043-email-parsing-errors.patch
# PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115289
# Fix tests for XMLPullParser with Expat 2.6.0
Patch43: libexpat260.patch
# PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com
# tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930)
Patch44: CVE-2023-6597-TempDir-cleaning-symlink.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@ -461,8 +455,6 @@ other applications.
%patch -P 38 -p1
%patch -P 41 -p1
%patch -P 42 -p1
%patch -P 43 -p1
%patch -P 44 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac

5
skip_random_failing_tests.patch
View File

@ -78,7 +78,8 @@ Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
---
Lib/test/_test_multiprocessing.py | 3 +++
Lib/test/test_asyncio/test_events.py | 4 +++-
2 files changed, 6 insertions(+), 1 deletion(-)
Lib/test/test_buffer.py | 1 +
3 files changed, 7 insertions(+), 1 deletion(-)
--- a/Lib/test/_test_multiprocessing.py
+++ b/Lib/test/_test_multiprocessing.py
@ -98,7 +99,7 @@ Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
def test_async_timeout(self):
res = self.pool.apply_async(sqr, (6, TIMEOUT2 + 1.0))
get = TimingWrapper(res.get)
@@ -4643,6 +4645,7 @@ class TestWait(unittest.TestCase):
@@ -4651,6 +4653,7 @@ class TestWait(unittest.TestCase):
sem.release()
time.sleep(period)