Overview Repositories Revisions Requests Users Attributes Meta

Revisions of python310

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1224262 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 53) 
- Remove -IVendor/ from python-config boo#1231795
- Add CVE-2024-11168-validation-IPv6-addrs.patch
  fixing bsc#1233307 (CVE-2024-11168,
  gh#python/cpython#103848): Improper validation of IPv6 and
  IPvFuture addresses.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1221276 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 52) 
- Update sphinx-72.patch to include renaming :noindex: option to
  :no-index: in Sphinx 7.2 (bsc#1232750).
- While renaming drop fix-sphinx-72.patch.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1220124 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 51) 
- Update CVE-2024-9287-venv_path_unquoted.patch according to the
  upstream PR gh#python/cpython!126301.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1218122 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 50) 
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
  path names provided when creating a virtual environment
  (bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
  (bsc#1230906).
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1199711 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 49) 
- Update to 3.10.15:
  - Tests
    - gh-112769: The tests now correctly compare zlib version
      when :const:`zlib.ZLIB_RUNTIME_VERSION` contains
      non-integer suffixes. For example zlib-ng defines the
      version as ``1.3.0.zlib-ng``.
    - gh-117187: Fix XML tests for vanilla Expat <2.6.0.
    - gh-100454: Fix SSL tests CI for OpenSSL 3.1+
  - Security
    - gh-123678: Upgrade libexpat to 2.6.3
    - gh-121957: Fixed missing audit events around interactive
      use of Python, now also properly firing for ``python -i``,
      as well as for ``python -m asyncio``. The event in question
      is ``cpython.run_stdin``.
    - gh-122133: Authenticate the socket connection for the
      ``socket.socketpair()`` fallback on platforms where
      ``AF_UNIX`` is not available like Windows. Patch by
      Gregory P. Smith <greg@krypto.org> and Seth Larson
      <seth@python.org>. Reported by Ellie <el@horse64.org>
    - gh-121285: Remove backtracking from tarfile header
      parsing for ``hdrcharset``, PAX, and GNU sparse headers
      (bsc#1230227, CVE-2024-6232).
    - gh-118486: :func:`os.mkdir` on Windows now accepts
      *mode* of ``0o700`` to restrict the new directory to
      the current user. This fixes CVE-2024-4030 affecting
      :func:`tempfile.mkdtemp` in scenarios where the base
      temporary directory is more permissive than the default.
    - gh-116741: Update bundled libexpat to 2.6.2
  - Library
    - gh-123693: Use platform-agnostic behavior when computing
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1197437 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 48) 
- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent
  malformed payload to cause infinite loops in zipfile.Path
  (bsc#1229704, CVE-2024-8088).
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1192675 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 47) 
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
  header injection due to unquoted newlines (bsc#1228780,
  CVE-2024-6923).
- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999
  adding reproducibility patches from gh#python/cpython!121872
  and gh#python/cpython!121883.
- %{profileopt} variable is set according to the variable
  %{do_profiling} (bsc#1227999)
- Update bluez-devel-vendor.tar.xz
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1189131 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 46) 
- Remove %suse_update_desktop_file macro as it is not useful any
  more.

- Stop using %%defattr, it seems to be breaking proper executable
  attributes on /usr/bin/ scripts (bsc#1227378).
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1183503 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 44) 
- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448
  (CVE-2024-4032) rearranging definition of private v global IP
  addresses.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1182484 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 43) 
- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
  patched libexpat below 2.6.0 that doesn't update the version number,
  just in SLE.
- Remove old-libexpat.patch, of course.

    across multiple threads (bsc#1226447, CVE-2024-0397)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1161074 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 42) 
- Add old-libexpat.patch making the test suite work with
  libexpat < 2.6.0 (gh#python/cpython#117187).
- Because of bsc#1189495 we have to revert use of %autopatch.
- Update 3.10.14:
  - gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0
    to address CVE-2023-52425, and control of the new reparse
    deferral functionality was exposed with new APIs
    (bsc#1219559).
  - gh-109858: zipfile is now protected from the “quoted-overlap”
    zipbomb to address CVE-2024-0450. It now raises BadZipFile
    when attempting to read an entry that overlaps with another
    entry or central directory. (bsc#1221854)
  - gh-91133: tempfile.TemporaryDirectory cleanup no longer
    dereferences symlinks when working around file system
    permission errors to address CVE-2023-6597 (bsc#1219666)
  - gh-115197: urllib.request no longer resolves the hostname
    before checking it against the system’s proxy bypass list on
    macOS and Windows
  - gh-81194: a crash in socket.if_indextoname() with a specific
    value (UINT_MAX) was fixed. Relatedly, an integer overflow in
    socket.if_indextoname() on 64-bit non-Windows platforms was
    fixed
  - gh-113659: .pth files with names starting with a dot or
    containing the hidden file attribute are now skipped
  - gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer
    read out of bounds
  - gh-114572: ssl.SSLContext.cert_store_stats() and
    ssl.SSLContext.get_ca_certs() now correctly lock access to
    the certificate store, when the ssl.SSLContext is shared
    across multiple threads
- Remove upstreamed patches:
  - CVE-2023-6597-TempDir-cleaning-symlink.patch
  - libexpat260.patch
- Readjust patches:
  -  F00251-change-user-install-location.patch
  -  fix_configure_rst.patch
  -  python-3.3.0b1-localpath.patch
  -  skip-test_pyobject_freed_is_freed.patch
- Port to %autosetup and %autopatch.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1157645 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 41) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1153061 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 40) 
- (bsc#1219666, CVE-2023-6597) Add
  CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
  gh#python/cpython!99930) fixing symlink bug in cleanup of
  tempfile.TemporaryDirectory.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1152786 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 39) 
Automatic submission by obs-autosubmit
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1110597 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 37) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1102193 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 35) 
- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
  partially reverting CVE-2023-27043-email-parsing-errors.patch,
  because of the regression in gh#python/cpython#106669.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1099501 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 34) 
- Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for
  stabilizing FLAG_REF usage (required for reproduceability;
  bsc#1213463).
- (bsc#1210638, CVE-2023-27043) Add
  CVE-2023-27043-email-parsing-errors.patch, which detects email
  address parsing errors and returns empty tuple to indicate the
  parsing error (old API).
Displaying revisions 1 - 20 of 53
openSUSE Build Service is sponsored by
Places