SHA256
1
0
forked from pool/python38
Commit Graph

152 Commits

Author SHA256 Message Date
Dominique Leuenberger
053e2753e4 Accepting request 1153058 from devel:languages:python:Factory
- (bsc#1219666, CVE-2023-6597) Add
  CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
  gh#python/cpython!99930) fixing symlink bug in cleanup of
  tempfile.TemporaryDirectory.

OBS-URL: https://build.opensuse.org/request/show/1153058
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=44
2024-02-29 20:49:40 +00:00
b2465b642f - (bsc#1219666, CVE-2023-6597) Add
CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
  gh#python/cpython!99930) fixing symlink bug in cleanup of
  tempfile.TemporaryDirectory.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=145
2024-02-28 23:22:48 +00:00
Ana Guerrero
bccd86cdcc Accepting request 1152788 from devel:languages:python:Factory
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1152788
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=43
2024-02-28 18:46:44 +00:00
540802ee0b - Remove double definition of /usr/bin/idle%%{version} in
%%files.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=143
2024-02-20 22:17:37 +00:00
Ana Guerrero
74bd53beae Accepting request 1146871 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/1146871
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=42
2024-02-15 20:01:35 +00:00
e455bcb51a Accepting request 1146815 from home:dgarcia:branches:devel:languages:python:Factory
- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
  with Expat 2.6.0, gh#python/cpython#115289

OBS-URL: https://build.opensuse.org/request/show/1146815
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=141
2024-02-15 14:36:44 +00:00
Ana Guerrero
ad14c29c9a Accepting request 1143660 from devel:languages:python:Factory
- Refresh CVE-2023-27043-email-parsing-errors.patch to
  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- Thus we can remove Revert-gh105127-left-tests.patch, which is
  now useless.

OBS-URL: https://build.opensuse.org/request/show/1143660
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=41
2024-02-04 18:07:22 +00:00
1dc7335dfc - Refresh CVE-2023-27043-email-parsing-errors.patch to
gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- Thus we can remove Revert-gh105127-left-tests.patch, which is
  now useless.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=139
2024-02-02 11:48:17 +00:00
Ana Guerrero
0ab6b54fde Accepting request 1109196 from devel:languages:python:Factory
- Update to 3.8.18 (bsc#1214692):
  - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
    vulnerable to a bypass of the TLS handshake and included
    protections (like certificate verification) and treating sent
    unencrypted data as if it were post-handshake TLS encrypted data.
    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
    Gregory P. Smith.
  - gh-107845: tarfile.data_filter() now takes the location of
    symlinks into account when determining their target, so it will no
    longer reject some valid tarballs with
    LinkOutsideDestinationError.
  - gh-107565: Update multissltests and GitHub CI workflows to use
    OpenSSL 1.1.1v, 3.0.10, and 3.1.2.

OBS-URL: https://build.opensuse.org/request/show/1109196
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=40
2023-09-06 16:59:26 +00:00
36d04b865e - Update to 3.8.18 (bsc#1214692):
- gh-108310: Fixed an issue where instances of ssl.SSLSocket were
    vulnerable to a bypass of the TLS handshake and included
    protections (like certificate verification) and treating sent
    unencrypted data as if it were post-handshake TLS encrypted data.
    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
    Gregory P. Smith.
  - gh-107845: tarfile.data_filter() now takes the location of
    symlinks into account when determining their target, so it will no
    longer reject some valid tarballs with
    LinkOutsideDestinationError.
  - gh-107565: Update multissltests and GitHub CI workflows to use
    OpenSSL 1.1.1v, 3.0.10, and 3.1.2.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=137
2023-09-06 06:19:21 +00:00
Dominique Leuenberger
a1dd924e47 Accepting request 1102235 from devel:languages:python:Factory
- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED!
- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
  partially reverting CVE-2023-27043-email-parsing-errors.patch,
  because of the regression in gh#python/cpython#106669.
- (bsc#1210638, CVE-2023-27043) Add
  CVE-2023-27043-email-parsing-errors.patch, which detects email
  address parsing errors and returns empty tuple to indicate the
  parsing error (old API). (The patch is faulty,
  gh#python/cpython#106669, but upstream decided not to just
  revert it).

OBS-URL: https://build.opensuse.org/request/show/1102235
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=39
2023-08-04 13:03:43 +00:00
0ec3738d87 - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED!
- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
  partially reverting CVE-2023-27043-email-parsing-errors.patch,
  because of the regression in gh#python/cpython#106669.
- (bsc#1210638, CVE-2023-27043) Add
  CVE-2023-27043-email-parsing-errors.patch, which detects email
  address parsing errors and returns empty tuple to indicate the
  parsing error (old API). (The patch is faulty,
  gh#python/cpython#106669, but upstream decided not to just
  revert it).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=135
2023-08-03 15:36:38 +00:00
4d0cce2058 Accepting request 1098688 from devel:languages:python:Factory
Revert faulty fix for CVE-2023-27043 (gh#python/cpython#106669)

OBS-URL: https://build.opensuse.org/request/show/1098688
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=134
2023-07-14 14:05:14 +00:00
ab9641870b Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=133
2023-07-12 16:31:40 +00:00
ad4c4c8221 - (bsc#1210638, CVE-2023-27043) Add
CVE-2023-27043-email-parsing-errors.patch, which detects email
  address parsing errors and returns empty tuple to indicate the
  parsing error (old API).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=132
2023-07-12 15:22:03 +00:00
Dominique Leuenberger
85a5883af2 Accepting request 1095964 from devel:languages:python:Factory
- Update to 3.8.17:
  - gh-103142: The version of OpenSSL used in Windows and
    Mac installers has been upgraded to 1.1.1u to address
    CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
    as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
    fixed previously in 1.1.1t (gh-101727).
  - gh-102153: urllib.parse.urlsplit() now strips leading C0
    control and space characters following the specification for
    URLs defined by WHATWG in response to CVE-2023-24329
    (bsc#1208471).
  - gh-99889: Fixed a security in flaw in uu.decode() that could
    allow for directory traversal based on the input if no
    out_file was specified.
  - gh-104049: Do not expose the local on-disk
    location in directory indexes produced by
    http.client.SimpleHTTPRequestHandler.
  - gh-103935: trace.__main__ now uses io.open_code() for files
    to be executed instead of raw open().
  - gh-102953: The extraction methods in tarfile, and
    shutil.unpack_archive(), have a new filter argument that
    allows limiting tar features than may be surprising or
    dangerous, such as creating files outside the destination
    directory. See Extraction filters for details (fixing
    CVE-2007-4559, bsc#1203750).
- Remove upstreamed patches:
  - CVE-2023-24329-blank-URL-bypass.patch
  - CVE-2007-4559-filter-tarfile_extractall.patch

OBS-URL: https://build.opensuse.org/request/show/1095964
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=38
2023-06-29 15:29:29 +00:00
6037f4f429 - Update to 3.8.17:
- gh-103142: The version of OpenSSL used in Windows and
    Mac installers has been upgraded to 1.1.1u to address
    CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
    as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
    fixed previously in 1.1.1t (gh-101727).
  - gh-102153: urllib.parse.urlsplit() now strips leading C0
    control and space characters following the specification for
    URLs defined by WHATWG in response to CVE-2023-24329
    (bsc#1208471).
  - gh-99889: Fixed a security in flaw in uu.decode() that could
    allow for directory traversal based on the input if no
    out_file was specified.
  - gh-104049: Do not expose the local on-disk
    location in directory indexes produced by
    http.client.SimpleHTTPRequestHandler.
  - gh-103935: trace.__main__ now uses io.open_code() for files
    to be executed instead of raw open().
  - gh-102953: The extraction methods in tarfile, and
    shutil.unpack_archive(), have a new filter argument that
    allows limiting tar features than may be surprising or
    dangerous, such as creating files outside the destination
    directory. See Extraction filters for details (fixing
    CVE-2007-4559, bsc#1203750).
- Remove upstreamed patches:
  - CVE-2023-24329-blank-URL-bypass.patch
  - CVE-2007-4559-filter-tarfile_extractall.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=130
2023-06-28 19:33:18 +00:00
Dominique Leuenberger
dc848e1ea4 Accepting request 1090625 from devel:languages:python:Factory
- Add 99366-patch.dict-can-decorate-async.patch fixing
  gh#python/cpython#98086 (backport from Python 3.10 patch in
  gh#python/cpython!99366), fixing bsc#1211158.
- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
  CVE-2007-4559 (bsc#1203750) by adding the filter for
  tarfile.extractall (PEP 706).

OBS-URL: https://build.opensuse.org/request/show/1090625
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=37
2023-06-03 22:13:23 +00:00
bb69159320 - Add 99366-patch.dict-can-decorate-async.patch fixing
gh#python/cpython#98086 (backport from Python 3.10 patch in
  gh#python/cpython!99366), fixing bsc#1211158.

- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
  CVE-2007-4559 (bsc#1203750) by adding the filter for
  tarfile.extractall (PEP 706).

- Why in the world we download from HTTP?

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=128
2023-06-03 08:20:52 +00:00
ffe74871f7 - Why in the world we download from HTTP?
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=127
2023-04-30 18:17:18 +00:00
Dominique Leuenberger
477aeca3cf Accepting request 1080040 from devel:languages:python:Factory
- Use python3 modules to build the documentation.

OBS-URL: https://build.opensuse.org/request/show/1080040
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=36
2023-04-18 13:53:05 +00:00
Steve Kowalik
c602a4652d - Use python3 modules to build the documentation.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=125
2023-04-18 05:00:56 +00:00
Dominique Leuenberger
c4e259cd47 Accepting request 1068563 from devel:languages:python:Factory
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters

OBS-URL: https://build.opensuse.org/request/show/1068563
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=35
2023-03-03 21:24:10 +00:00
193496d5b0 - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=123
2023-03-01 21:37:15 +00:00
Dominique Leuenberger
6de0cca667 Accepting request 1067029 from devel:languages:python:Factory
- Add provides for readline and sqlite3 to the main Python
  package.

OBS-URL: https://build.opensuse.org/request/show/1067029
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=34
2023-02-22 14:21:10 +00:00
93dd73b453 - Add provides for readline and sqlite3 to the main Python
package.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=121
2023-02-21 13:44:55 +00:00
Dominique Leuenberger
87d61894a0 Accepting request 1061592 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/1061592
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=33
2023-01-29 13:10:07 +00:00
134012c00e Accepting request 1061585 from home:kukuk:branches:devel:languages:python:Factory
- Disable NIS for new products, it's deprecated and gets removed

OBS-URL: https://build.opensuse.org/request/show/1061585
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=119
2023-01-27 16:14:58 +00:00
Dominique Leuenberger
70a582039b Accepting request 1058190 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/1058190
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=32
2023-01-15 16:57:53 +00:00
188f13580b Accepting request 1058145 from home:marxin:branches:devel:languages:python:Factory
- Suppress warnings for Sphinx 6.0+.

OBS-URL: https://build.opensuse.org/request/show/1058145
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=117
2023-01-13 10:28:20 +00:00
Dominique Leuenberger
a9fe505070 Accepting request 1041645 from devel:languages:python:Factory
- Update to 3.8.16:
  - python -m http.server no longer allows terminal
    control characters sent within a garbage request to be
    printed to the stderr server log.
    This is done by changing the http.server
    BaseHTTPRequestHandler .log_message method to replace control
    characters with a \xHH hex escape before printing.
  - Avoid publishing list of active per-interpreter
    audit hooks via the gc module
  - The IDNA codec decoder used on DNS hostnames by
    socket or asyncio related name resolution functions no
    longer involves a quadratic algorithm. This prevents a
    potential CPU denial of service if an out-of-spec excessive
    length hostname involving bidirectional characters were
    decoded. Some protocols such as urllib http 3xx redirects
    potentially allow for an attacker to supply such a
    name (CVE-2022-45061).
  - Update bundled libexpat to 2.5.0
  - Port XKCP’s fix for the buffer overflows in SHA-3
    (CVE-2022-37454).
  - The deprecated mailcap module now refuses to inject
    unsafe text (filenames, MIME types, parameters) into shell
    commands. Instead of using such text, it will warn and act
    as if a match was not found (or for test commands, as if the
    test failed).
- Removed upstream patches:
  - CVE-2022-37454-sha3-buffer-overflow.patch
  - CVE-2022-45061-DoS-by-IDNA-decode.patch

OBS-URL: https://build.opensuse.org/request/show/1041645
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=31
2022-12-09 12:16:47 +00:00
c462da06b7 - Update to 3.8.16:
- python -m http.server no longer allows terminal
    control characters sent within a garbage request to be
    printed to the stderr server log.
    This is done by changing the http.server
    BaseHTTPRequestHandler .log_message method to replace control
    characters with a \xHH hex escape before printing.
  - Avoid publishing list of active per-interpreter
    audit hooks via the gc module
  - The IDNA codec decoder used on DNS hostnames by
    socket or asyncio related name resolution functions no
    longer involves a quadratic algorithm. This prevents a
    potential CPU denial of service if an out-of-spec excessive
    length hostname involving bidirectional characters were
    decoded. Some protocols such as urllib http 3xx redirects
    potentially allow for an attacker to supply such a
    name (CVE-2022-45061).
  - Update bundled libexpat to 2.5.0
  - Port XKCP’s fix for the buffer overflows in SHA-3
    (CVE-2022-37454).
  - The deprecated mailcap module now refuses to inject
    unsafe text (filenames, MIME types, parameters) into shell
    commands. Instead of using such text, it will warn and act
    as if a match was not found (or for test commands, as if the
    test failed).
- Removed upstream patches:
  - CVE-2022-37454-sha3-buffer-overflow.patch
  - CVE-2022-45061-DoS-by-IDNA-decode.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=115
2022-12-08 10:36:29 +00:00
Dominique Leuenberger
20c2782eea Accepting request 1034964 from devel:languages:python:Factory
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.

OBS-URL: https://build.opensuse.org/request/show/1034964
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=30
2022-11-12 16:39:54 +00:00
d73dddf910 - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=113
2022-11-09 18:40:43 +00:00
Dominique Leuenberger
a7cf9db7d6 Accepting request 1032060 from devel:languages:python:Factory
- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix
  bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer
  overflow in hashlib.sha3_* implementations (originally from the
  XKCP library).

OBS-URL: https://build.opensuse.org/request/show/1032060
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=29
2022-10-29 18:16:09 +00:00
f1998cfdab - Add CVE-2022-37454-sha3-buffer-overflow.patch to fix
bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer
  overflow in hashlib.sha3_* implementations (originally from the
  XKCP library).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=111
2022-10-28 19:44:10 +00:00
Dominique Leuenberger
000043d01c Accepting request 1031407 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/1031407
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=28
2022-10-28 17:28:32 +00:00
8e65405c86 Accepting request 1031399 from home:mcepl:branches:devel:languages:python:Factory
- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to
  allow building of documentation with the latest Sphinx 5.3.0
  (gh#python/cpython#98366).

OBS-URL: https://build.opensuse.org/request/show/1031399
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=109
2022-10-26 21:24:58 +00:00
Dominique Leuenberger
50231d7d05 Accepting request 1030237 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/1030237
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=27
2022-10-22 12:11:58 +00:00
75d8efff80 Accepting request 1030164 from home:dgarcia:branches:devel:languages:python:Factory
- Add platlibdir-in-sys.patch to provide sys.platlibdir attribute. This is used
  by python-setuptools in distutils.sysconfig.get_python_lib bsc#1204395

OBS-URL: https://build.opensuse.org/request/show/1030164
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=107
2022-10-20 18:12:06 +00:00
b21d8c938d - Update to 3.8.15:
- Fix multiplying a list by an integer (list *= int): detect
    the integer overflow when the new allocated length is close
    to the maximum size.
  - Fix a shell code injection vulnerability in the
    get-remote-certificate.py example script. The script no
    longer uses a shell to run openssl commands. (originally
    filed as CVE-2022-37460, later withdrawn)
  - Fix command line parsing: reject -X int_max_str_digits option
    with no value (invalid) when the PYTHONINTMAXSTRDIGITS
    environment variable is set to a valid limit.
  - When ValueError is raised if an integer is larger than the
    limit, mention the sys.set_int_max_str_digits() function in
    the error message.
  - Update bundled libexpat to 2.4.9
  - Fixes a potential buffer overrun in msilib.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=106
2022-10-19 07:18:07 +00:00
Dominique Leuenberger
0e86c36d64 Accepting request 1002501 from devel:languages:python:Factory
- Update to 3.8.14:
  - (CVE-2020-10735, bsc#1203125). Converting between int
    and str in bases other than 2 (binary), 4, 8 (octal), 16
    (hexadecimal), or 32 such as base 10 (decimal) now raises a
    ValueError if the number of digits in string form is above a
    limit to avoid potential denial of service attacks due to the
    algorithmic complexity.
    This new limit can be configured or disabled by environment
    variable, command line flag, or sys APIs. See the integer
    string conversion length limitation documentation. The
    default limit is 4300 digits in string form.
  - (CVE-2021-28861, bsc#1202624) http.server: Fix an open
    redirection vulnerability in the HTTP server when an URI path
    starts with //. Vulnerability discovered, and initial fix
    proposed, by Hamza Avvan.
  - Also other bugfixes:
    - Fix contextvars HAMT implementation to handle iteration
      over deep trees. The bug was discovered and fixed by Eli
      Libman. See MagicStack/immutables#84 for more details.
    - Fix ensurepip environment isolation for subprocess running
      pip.
    - Raise ProgrammingError instead of segfaulting on recursive
      usage of cursors in sqlite3 converters. Patch by Sergey
      Fedoseev.
    - Add a new gh role to the documentation to link to GitHub
      issues.
    - Pin Jinja to a version compatible with Sphinx version
      2.4.4.
    - test_ssl is now checking for supported TLS version and
      protocols in more tests.
    - Fix test case for OpenSSL 3.0.1 version. OpenSSL 3.0 uses
      0xMNN00PP0L.
- Removed upstreamed patches:
  - CVE-2021-28861-double-slash-path.patch
- Readjusted patches:
  - bpo-31046_ensurepip_honours_prefix.patch
  - sphinx-update-removed-function.patch
- (bsc#1196784, CVE-2022-25236) Add patch
  support-expat-CVE-2022-25236-patched.patch to allow working
  with different versions of libexpat.

OBS-URL: https://build.opensuse.org/request/show/1002501
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=26
2022-09-17 18:08:05 +00:00
07285bcb8c - Update to 3.8.14:
- (CVE-2020-10735, bsc#1203125). Converting between int
    and str in bases other than 2 (binary), 4, 8 (octal), 16
    (hexadecimal), or 32 such as base 10 (decimal) now raises a
    ValueError if the number of digits in string form is above a
    limit to avoid potential denial of service attacks due to the
    algorithmic complexity.
    This new limit can be configured or disabled by environment
    variable, command line flag, or sys APIs. See the integer
    string conversion length limitation documentation. The
    default limit is 4300 digits in string form.
  - (CVE-2021-28861, bsc#1202624) http.server: Fix an open
    redirection vulnerability in the HTTP server when an URI path
    starts with //. Vulnerability discovered, and initial fix
    proposed, by Hamza Avvan.
  - Also other bugfixes:
    - Fix contextvars HAMT implementation to handle iteration
      over deep trees. The bug was discovered and fixed by Eli
      Libman. See MagicStack/immutables#84 for more details.
    - Fix ensurepip environment isolation for subprocess running
      pip.
    - Raise ProgrammingError instead of segfaulting on recursive
      usage of cursors in sqlite3 converters. Patch by Sergey
      Fedoseev.
    - Add a new gh role to the documentation to link to GitHub
      issues.
    - Pin Jinja to a version compatible with Sphinx version
      2.4.4.
    - test_ssl is now checking for supported TLS version and
      protocols in more tests.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=104
2022-09-11 09:16:44 +00:00
d36b19ed64 Don't mess with Sphinx
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=103
2022-09-10 19:51:56 +00:00
05d6c15465 Better docs BRs?
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=102
2022-09-07 10:45:51 +00:00
c3b8b22402 Better docs BRs?
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=101
2022-09-07 09:46:41 +00:00
34ae254cff Better docs BRs?
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=100
2022-09-06 22:49:37 +00:00
eab98dbd82 Better docs BRs?
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=99
2022-09-06 22:06:30 +00:00
Dominique Leuenberger
312e2a6886 Accepting request 1000772 from devel:languages:python:Factory
- Add patch CVE-2021-28861-double-slash-path.patch:
  * http.server: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)

- Add bpo34990-2038-problem-compileall.patch making compileall.py
  compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
  backport of fix to Python 3.8.
- Add conditional for requiring rpm-build-python, so we should be
  compilable on SLE/Leap.

OBS-URL: https://build.opensuse.org/request/show/1000772
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=25
2022-09-03 21:18:33 +00:00
452f54cf1b - (bsc#1196784, CVE-2022-25236) Add patch
support-expat-CVE-2022-25236-patched.patch to allow working
  with different versions of libexpat.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=97
2022-09-03 02:23:54 +00:00