Revisions of saltbundlepy
Yeray Gutiérrez Cedrés (ygutierrez)
accepted
request 1205692
from
Victor Zhestkov (vizhestkov)
(revision 19)
- Disabe nis module for all targets
Alexander Graul (agraul)
accepted
request 1198554
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 18)
- Add CVE-2024-7592-Fix-quadratic-complexity-in-parsing-quoted.patch: * Fix quadratic complexity in parsing -quoted cookie values with backslashes (bsc#1229873, bsc#1230059, CVE-2024-7592) - Add gh120226-fix-sendfile-test-kernel-610.patch to avoid failing test_sendfile_close_peer_in_the_middle_of_receiving tests on Linux >= 6.10 (GH-120227). - Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058, CVE-2024-8088). - Add CVE-2024-6923-email-hdr-inject.patch to prevent email header injection due to unquoted newlines (bsc#1228780, CVE-2024-6923). - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) - Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 adding reproducibility patches from gh#python/cpython!121872 and gh#python/cpython!121883. - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 (CVE-2024-4032) rearranging definition of private v global IP addresses. multiple threads (bsc#1226447, CVE-2024-0397).
Pablo Suárez Hernández (PSuarezHernandez)
accepted
request 1174634
from
Victor Zhestkov (vizhestkov)
(revision 17)
- Update to 3.11.9: * Security * gh-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425, bsc#1219559) by adding five new methods: xml.etree.ElementTree.XMLParser.flush() xml.etree.ElementTree.XMLPullParser.flush() xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() xml.sax.expatreader.ExpatParser.flush() * gh-115399: Update bundled libexpat to 2.6.0 * gh-115243: Fix possible crashes in collections.deque.index() when the deque is concurrently modified. * gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads. * Core and Builtins * gh-116296: Fix possible refleak in object.__reduce__() internal error handling. * gh-116034: Fix location of the error on a failed assertion. * gh-115823: Properly calculate error ranges in the parser when raising SyntaxError exceptions caused by invalid byte sequences. Patch by Pablo Galindo * gh-112087: For an empty reverse iterator for list will be reduced to reversed(). Patch by Donghee Na. * gh-115011: Setters for members with an unsigned integer type now support the same range of valid values for objects that has a __index__() method as for int. * gh-96497: Fix incorrect resolution of mangled class variables used in assignment expressions in comprehensions.
Victor Zhestkov (vizhestkov)
committed
(revision 16)
- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with patched libexpat below 2.6.0 that doesn't update the version number (gh#python/cpython#117187) * CVE-2023-52425-libexpat-2.6.0-backport.patch
Victor Zhestkov (vizhestkov)
committed
(revision 15)
* python.keyring
Pablo Suárez Hernández (PSuarezHernandez)
accepted
request 1166458
from
Victor Zhestkov (vizhestkov)
(revision 14)
- Update 3.10.14: * gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0 to address CVE-2023-52425, and control of the new reparse deferral functionality was exposed with new APIs (bsc#1219559). * gh-109858: zipfile is now protected from the “quoted-overlap” zipbomb to address CVE-2024-0450. It now raises BadZipFile when attempting to read an entry that overlaps with another entry or central directory. (bsc#1221854) * gh-91133: tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when working around file system permission errors to address CVE-2023-6597 (bsc#1219666) * gh-115197: urllib.request no longer resolves the hostname before checking it against the system’s proxy bypass list on macOS and Windows * gh-81194: a crash in socket.if_indextoname() with a specific value (UINT_MAX) was fixed. Relatedly, an integer overflow in socket.if_indextoname() on 64-bit non-Windows platforms was fixed * gh-113659: .pth files with names starting with a dot or containing the hidden file attribute are now skipped * gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer read out of bounds * gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads - Add old-libexpat.patch making the test suite work with libexpat < 2.6.0 (gh#python/cpython#117187). - Refreshing the patches to adjust for newer version.
Marek Czernek (mczernek)
accepted
request 1159900
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 13)
- Disable NIS for new products, it's deprecated and gets removed
Victor Zhestkov (vizhestkov)
accepted
request 1134166
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 12)
- Explicitly add libexpat1 as dependency when building DEB package
Alexander Graul (agraul)
accepted
request 1117962
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 11)
CVE-2007-4559, bsc#1203750) (PEP 706). * subprocess-raise-timeout.patch
Alexander Graul (agraul)
accepted
request 1117614
from
Victor Zhestkov (vizhestkov)
(revision 10)
- Adjusted the patch removing strict requirement for OpenSSL 1.1.1 Required to revert the changes causing build fails with OpenSSL < 1.1.0 by https://github.com/python/cpython/pull/96932 - Modified: * no-strict-openssl111-dep.patch
Alexander Graul (agraul)
committed
(revision 9)
osc copypac from project:systemsmanagement:saltstack:bundle:testing package:saltbundlepy revision:7
Alexander Graul (agraul)
accepted
request 1117455
from
Alexander Graul (agraul)
(revision 8)
- Revert https://github.com/python/cpython/pull/96932 for OpenSSL < 1.1 - Modified: * no-strict-openssl111-dep.patch
Pablo Suárez Hernández (PSuarezHernandez)
committed
(revision 7)
osc copypac from project:systemsmanagement:saltstack:bundle:next package:saltbundlepy revision:11
Victor Zhestkov (vizhestkov)
accepted
request 1103280
from
Yeray Gutiérrez Cedrés (ygutierrez)
(revision 6)
- Include dependency on libffi for Debian 12
Alexander Graul (agraul)
accepted
request 1081257
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 5)
- Adjust custom patches after latest upgrade to fix building issues - Modified: * skip-test_pyobject_freed_is_freed.patch * call-startup-script-always.patch * no-strict-openssl111-dep.patch - Fix build on openEuler 22.03. - Add invalid-json.patch fixing invalid JSON in Doc/howto/logging-cookbook.rst (somehow similar to gh#python/cpython#102582). - Update to 3.10.10: Bug fixes and regressions handling, no change of behaviour and no security bugs fixed. - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters - Add provides for readline and sqlite3 to the main Python package. - Disable NIS for new products, it's deprecated and gets removed - Update to 3.10.9: - python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server lo This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before
Alexander Graul (agraul)
accepted
request 1008236
from
Victor Zhestkov (vzhestkov)
(revision 4)
- Add missing file reference related to the changelog entry: improve import_failed hook to do the right thing when invoking missing modules with "python3 -m modulename" (boo#942751) - Add missing file reference for rpmlintrc with the rule preventing fail on changing the subpackage which is not following naming rule as we need to avoid conflicts with the existing package - Added: * import_failed.py * saltbundlepy-rpmlintrc
Pablo Suárez Hernández (PSuarezHernandez)
accepted
request 991243
from
Victor Zhestkov (vzhestkov)
(revision 3)
- Update to 3.10.5: - Core and Builtins - gh-93418: Fixed an assert where an f-string has an equal sign ‘=’ following an expression, but there’s no trailing brace. For example, f”{i=”. - gh-91924: Fix __ltrace__ debug feature if the stdout encoding is not UTF-8. Patch by Victor Stinner. - gh-93061: Backward jumps after async for loops are no longer given dubious line numbers. - gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees. - The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details. - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex. - bpo-47212: Raise IndentationError instead of SyntaxError for a bare except with no following indent. Improve SyntaxError locations for an un-parenthesized generator used as arguments. Patch by Matthieu Dartiailh.
Alexander Graul (agraul)
committed
(revision 2)
osc copypac from project:systemsmanagement:saltstack:bundle:next package:saltbundlepy revision:5
Pablo Suárez Hernández (PSuarezHernandez)
committed
(revision 1)
osc copypac from project:systemsmanagement:saltstack:bundle package:saltbundlepy revision:16
Displaying all 19 revisions