buildservice-autocommit accepted request 1099501 from Matej Cepl (mcepl) over 1 year ago (revision 102)

baserev update by copy to link target

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 101)

- Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for
  stabilizing FLAG_REF usage (required for reproduceability;
  bsc#1213463).

• Files Changed
• Browse Source

Matej Cepl (mcepl) accepted request 1098690 from Matej Cepl (mcepl) over 1 year ago (revision 100)

Revert faulty fix for CVE-2023-27043 (gh#python/cpython#106669)

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 99)

- (bsc#1210638, CVE-2023-27043) Add
  CVE-2023-27043-email-parsing-errors.patch, which detects email
  address parsing errors and returns empty tuple to indicate the
  parsing error (old API).

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1095863 from Matej Cepl (mcepl) over 1 year ago (revision 98)

baserev update by copy to link target

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 97)

Fix changes

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 96)

  - CVE-2023-24329-blank-URL-bypass.patch

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 95)

- Update to 3.10.12:
  - gh-103142: The version of OpenSSL used in Windows and
    Mac installers has been upgraded to 1.1.1u to address
    CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
    as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
    fixed previously in 1.1.1t (gh-101727).
  - gh-102153: urllib.parse.urlsplit() now strips leading C0
    control and space characters following the specification for
    URLs defined by WHATWG in response to CVE-2023-24329.
  - gh-99889: Fixed a security in flaw in uu.decode() that could
    allow for directory traversal based on the input if no
    out_file was specified.
  - gh-104049: Do not expose the local on-disk
    location in directory indexes produced by
    http.client.SimpleHTTPRequestHandler.
  - gh-103935: trace.__main__ now uses io.open_code() for files
    to be executed instead of raw open().
  - gh-102953: The extraction methods in tarfile, and
    shutil.unpack_archive(), have a new filter argument that
    allows limiting tar features than may be surprising or
    dangerous, such as creating files outside the destination
    directory. See Extraction filters for details.
- Remove upstreamed patches:
  - CVE-2007-4559-filter-tarfile_extractall.patch

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1094243 from Matej Cepl (mcepl) over 1 year ago (revision 94)

baserev update by copy to link target

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 93)

Add missing import

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 92)

- Add bpo-37596-make-set-marshalling.patch making marshalling of
  `set` and `frozenset` deterministic (bsc#1211765).

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 91)

Remove nonsensical commit message.

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1086101 from Factory Maintainer (factory-maintainer) over 1 year ago (revision 90)

baserev update by copy to link target

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 89)

Adjust CVE-2007-4559-filter-tarfile_extractall.patch.

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 88)

Why in the world we download from HTTP?

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 87)

We can always chmod

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 86)

There is no wasi in 3.10

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 85)

- Update to 3.10.11:
  - Core and Builtins
    - gh-102416: Do not memoize incorrectly automatically
      generated loop rules in the parser. Patch by Pablo Galindo.
    - gh-102356: Fix a bug that caused a crash when deallocating
      deeply nested filter objects. Patch by Marta Gómez Macías.
    - gh-102397: Fix segfault from race condition in signal
      handling during garbage collection. Patch by Kumar Aditya.
    - gh-102126: Fix deadlock at shutdown when clearing thread
      states if any finalizer tries to acquire the runtime head
      lock. Patch by Kumar Aditya.
    - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal
      module. Patch by Max Bachmann.
    - gh-101967: Fix possible segfault in
      positional_only_passed_as_keyword function, when new list
      created.
    - gh-101765: Fix SystemError / segmentation fault in iter
      __reduce__ when internal access of builtins.__dict__ keys
      mutates the iter object.
  - Library
    - gh-102947: Improve traceback when dataclasses.fields() is
      called on a non-dataclass. Patch by Alex Waygood
    - gh-101979: Fix a bug where parentheses in the metavar
      argument to argparse.ArgumentParser.add_argument() were
      dropped. Patch by Yeojin Kim.
    - gh-102179: Fix os.dup2() error message for negative fds.
    - gh-101961: For the binary mode, fileinput.hookcompressed()
      doesn’t set the encoding value even if the value is
      None. Patch by Gihwan Kim.
    - gh-101936: The default value of fp becomes io.BytesIO

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 84)

- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
  CVE-2007-4559 (bsc#1203750) by adding the filter for
  tarfile.extractall (PEP 706).

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 83)

Revert

• Files Changed
• Browse Source