Disaable nis build explicitly

• Files Changed
• Browse Source

- Disabe nis module for all targets

• Files Changed
• Browse Source

- Add CVE-2024-7592-Fix-quadratic-complexity-in-parsing-quoted.patch:
  * Fix quadratic complexity in parsing -quoted cookie values with
    backslashes (bsc#1229873, bsc#1230059, CVE-2024-7592)
- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid
  failing test_sendfile_close_peer_in_the_middle_of_receiving
  tests on Linux >= 6.10 (GH-120227).
- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent
  malformed payload to cause infinite loops in zipfile.Path
  (bsc#1229704, bsc#1230058, CVE-2024-8088).
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
  header injection due to unquoted newlines (bsc#1228780,
  CVE-2024-6923).
  
- %{profileopt} variable is set according to the variable
  %{do_profiling} (bsc#1227999)
- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999
  adding reproducibility patches from gh#python/cpython!121872
  and gh#python/cpython!121883.
- Stop using %%defattr, it seems to be breaking proper executable
  attributes on /usr/bin/ scripts (bsc#1227378). 
- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448
  (CVE-2024-4032) rearranging definition of private v global IP
  addresses.

    multiple threads (bsc#1226447, CVE-2024-0397).

• Files Changed
• Browse Source

- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
  patched libexpat below 2.6.0 that doesn't update the version number
  (gh#python/cpython#117187)
  * CVE-2023-52425-libexpat-2.6.0-backport.patch

• Files Changed
• Browse Source

- Update to 3.11.9:
  * Security
  * gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
    (CVE-2023-52425,  bsc#1219559) by adding five new methods:
    xml.etree.ElementTree.XMLParser.flush()
    xml.etree.ElementTree.XMLPullParser.flush()
    xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
    xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
    xml.sax.expatreader.ExpatParser.flush()
  * gh-115399: Update bundled libexpat to 2.6.0
  * gh-115243: Fix possible crashes in collections.deque.index()
    when the deque is concurrently modified.
  * gh-114572: ssl.SSLContext.cert_store_stats() and
    ssl.SSLContext.get_ca_certs() now correctly lock access to the
    certificate store, when the ssl.SSLContext is shared across
    multiple threads.
  * Core and Builtins
  * gh-116296: Fix possible refleak in object.__reduce__() internal
    error handling.
  * gh-116034: Fix location of the error on a failed assertion.
  * gh-115823: Properly calculate error ranges in the parser when
    raising SyntaxError exceptions caused by invalid byte sequences.
    Patch by Pablo Galindo
  * gh-112087: For an empty reverse iterator for list will be
    reduced to reversed(). Patch by Donghee Na.
  * gh-115011: Setters for members with an unsigned integer type now
    support the same range of valid values for objects that has a
    __index__() method as for int.
  * gh-96497: Fix incorrect resolution of mangled class variables
    used in assignment expressions in comprehensions.

• Files Changed
• Browse Source

- Use saltbundlepy-libffi instead of libffi provided by distro
  to make the Salt Bundle less dependant on packages of client.

• Files Changed
• Browse Source

Drop unnecessary externally_managed.in

• Files Changed
• Browse Source

- Align changelog
- Remove extra full stops from latest changelog entry

• Files Changed
• Browse Source

- Disable NIS for new products, it's deprecated and gets removed

• Files Changed
• Browse Source

• Files Changed
• Browse Source

osc copypac from project:systemsmanagement:saltstack:bundle:next package:saltbundlepy revision:13

• Files Changed
• Browse Source

- Update to 3.11.5 (bsc#1214692):
  * Security
  * gh-108310: Fixed an issue where instances of ssl.SSLSocket were
    vulnerable to a bypass of the TLS handshake and included
    protections (like certificate verification) and treating sent
    unencrypted data as if it were post-handshake TLS encrypted data.
    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
    Gregory P. Smith.
  * Core and Builtins
  * gh-104432: Fix potential unaligned memory access on C APIs
    involving returned sequences of char * pointers within the grp
    and socket modules. These were revealed using a
    -fsaniziter=alignment build on ARM macOS. Patch by Christopher
    Chavez.
  * gh-77377: Ensure that multiprocessing synchronization objects
    created in a fork context are not sent to a different process
    created in a spawn context. This changes a segfault into an
    actionable RuntimeError in the parent process.
  * gh-106092: Fix a segmentation fault caused by a use-after-free
    bug in frame_dealloc when the trashcan delays the deallocation
    of a PyFrameObject.
  * gh-106719: No longer suppress arbitrary errors in the
    __annotations__ getter and setter in the type and module types.
  * gh-106723: Propagate frozen_modules to multiprocessing spawned
    process interpreters.
  * gh-105979: Fix crash in _imp.get_frozen_object() due to improper
    exception handling.
  * gh-105840: Fix possible crashes when specializing function calls
    with too many __defaults__.
  * gh-105588: Fix an issue that could result in crashes when

• Files Changed
• Browse Source

    CVE-2007-4559, bsc#1203750) (PEP 706).
  * subprocess-raise-timeout.patch

• Files Changed
• Browse Source

osc copypac from project:systemsmanagement:saltstack:bundle:testing package:saltbundlepy revision:10

• Files Changed
• Browse Source

- Add fix-sphinx-72.patch to make it work with latest sphinx version
  gh#python/cpython#97950
- Update to 3.10.13 (bsc#1214692):
  - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
    vulnerable to a bypass of the TLS handshake and included
    protections (like certificate verification) and treating sent
    unencrypted data as if it were post-handshake TLS encrypted data.
    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
    Gregory P. Smith.
  - gh-107845: tarfile.data_filter() now takes the location of
    symlinks into account when determining their target, so it will no
    longer reject some valid tarballs with
    LinkOutsideDestinationError.
  - gh-107565: Update multissltests and GitHub CI workflows to use
    OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
  - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
    *consumed was not set.
- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
  partially reverting CVE-2023-27043-email-parsing-errors.patch,
  because of the regression in gh#python/cpython#106669.
- Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for
  stabilizing FLAG_REF usage (required for reproduceability;
  bsc#1213463).
- (bsc#1210638, CVE-2023-27043) Add
  CVE-2023-27043-email-parsing-errors.patch, which detects email
  address parsing errors and returns empty tuple to indicate the
  parsing error (old API).
- Update to 3.10.12:
  - gh-103142: The version of OpenSSL used in Windows and
    Mac installers has been upgraded to 1.1.1u to address

• Files Changed
• Browse Source

- Change the order of adding test files in the spec
  to prevent different build results with debbuild.

• Files Changed
• Browse Source

- Include dependency on libffi for Debian 12

• Files Changed
• Browse Source

Realign changelog according to bundle:testing

• Files Changed
• Browse Source

- Adjust custom patches after latest upgrade to fix building issues
- Modified:
  * skip-test_pyobject_freed_is_freed.patch
  * call-startup-script-always.patch
  * no-strict-openssl111-dep.patch

- Fix build on openEuler 22.03. 

- Add invalid-json.patch fixing invalid JSON in
  Doc/howto/logging-cookbook.rst (somehow similar to
  gh#python/cpython#102582).

- Update to 3.10.10:
  Bug fixes and regressions handling, no change of behaviour and
  no security bugs fixed.
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters

- Add provides for readline and sqlite3 to the main Python
  package.

- Disable NIS for new products, it's deprecated and gets removed

- Update to 3.10.9:
  - python -m http.server no longer allows terminal
    control characters sent within a garbage request to be
    printed to the stderr server lo This is done by changing
    the http.server BaseHTTPRequestHandler .log_message method
    to replace control characters with a \xHH hex escape before

• Files Changed
• Browse Source

osc copypac from project:systemsmanagement:saltstack:bundle:testing package:saltbundlepy revision:3

• Files Changed
• Browse Source