Revisions of saltbundlepy
Yeray Gutiérrez Cedrés (ygutierrez)
accepted
request 1205692
from
Victor Zhestkov (vizhestkov)
(revision 19)
- Disabe nis module for all targets
Alexander Graul (agraul)
accepted
request 1198554
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 18)
- Add CVE-2024-7592-Fix-quadratic-complexity-in-parsing-quoted.patch:
* Fix quadratic complexity in parsing -quoted cookie values with
backslashes (bsc#1229873, bsc#1230059, CVE-2024-7592)
- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid
failing test_sendfile_close_peer_in_the_middle_of_receiving
tests on Linux >= 6.10 (GH-120227).
- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent
malformed payload to cause infinite loops in zipfile.Path
(bsc#1229704, bsc#1230058, CVE-2024-8088).
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- %{profileopt} variable is set according to the variable
%{do_profiling} (bsc#1227999)
- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999
adding reproducibility patches from gh#python/cpython!121872
and gh#python/cpython!121883.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448
(CVE-2024-4032) rearranging definition of private v global IP
addresses.
multiple threads (bsc#1226447, CVE-2024-0397).
Pablo Suárez Hernández (PSuarezHernandez)
accepted
request 1174634
from
Victor Zhestkov (vizhestkov)
(revision 17)
- Update to 3.11.9:
* Security
* gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
(CVE-2023-52425, bsc#1219559) by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
* gh-115399: Update bundled libexpat to 2.6.0
* gh-115243: Fix possible crashes in collections.deque.index()
when the deque is concurrently modified.
* gh-114572: ssl.SSLContext.cert_store_stats() and
ssl.SSLContext.get_ca_certs() now correctly lock access to the
certificate store, when the ssl.SSLContext is shared across
multiple threads.
* Core and Builtins
* gh-116296: Fix possible refleak in object.__reduce__() internal
error handling.
* gh-116034: Fix location of the error on a failed assertion.
* gh-115823: Properly calculate error ranges in the parser when
raising SyntaxError exceptions caused by invalid byte sequences.
Patch by Pablo Galindo
* gh-112087: For an empty reverse iterator for list will be
reduced to reversed(). Patch by Donghee Na.
* gh-115011: Setters for members with an unsigned integer type now
support the same range of valid values for objects that has a
__index__() method as for int.
* gh-96497: Fix incorrect resolution of mangled class variables
used in assignment expressions in comprehensions.
Victor Zhestkov (vizhestkov)
committed
(revision 16)
- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with patched libexpat below 2.6.0 that doesn't update the version number (gh#python/cpython#117187) * CVE-2023-52425-libexpat-2.6.0-backport.patch
Pablo Suárez Hernández (PSuarezHernandez)
accepted
request 1166458
from
Victor Zhestkov (vizhestkov)
(revision 14)
- Update 3.10.14:
* gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0
to address CVE-2023-52425, and control of the new reparse
deferral functionality was exposed with new APIs
(bsc#1219559).
* gh-109858: zipfile is now protected from the “quoted-overlap”
zipbomb to address CVE-2024-0450. It now raises BadZipFile
when attempting to read an entry that overlaps with another
entry or central directory. (bsc#1221854)
* gh-91133: tempfile.TemporaryDirectory cleanup no longer
dereferences symlinks when working around file system
permission errors to address CVE-2023-6597 (bsc#1219666)
* gh-115197: urllib.request no longer resolves the hostname
before checking it against the system’s proxy bypass list on
macOS and Windows
* gh-81194: a crash in socket.if_indextoname() with a specific
value (UINT_MAX) was fixed. Relatedly, an integer overflow in
socket.if_indextoname() on 64-bit non-Windows platforms was
fixed
* gh-113659: .pth files with names starting with a dot or
containing the hidden file attribute are now skipped
* gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer
read out of bounds
* gh-114572: ssl.SSLContext.cert_store_stats() and
ssl.SSLContext.get_ca_certs() now correctly lock access to
the certificate store, when the ssl.SSLContext is shared
across multiple threads
- Add old-libexpat.patch making the test suite work with
libexpat < 2.6.0 (gh#python/cpython#117187).
- Refreshing the patches to adjust for newer version.
Marek Czernek (mczernek)
accepted
request 1159900
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 13)
- Disable NIS for new products, it's deprecated and gets removed
Victor Zhestkov (vizhestkov)
accepted
request 1134166
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 12)
- Explicitly add libexpat1 as dependency when building DEB package
Alexander Graul (agraul)
accepted
request 1117962
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 11)
CVE-2007-4559, bsc#1203750) (PEP 706). * subprocess-raise-timeout.patch
Alexander Graul (agraul)
accepted
request 1117614
from
Victor Zhestkov (vizhestkov)
(revision 10)
- Adjusted the patch removing strict requirement for OpenSSL 1.1.1 Required to revert the changes causing build fails with OpenSSL < 1.1.0 by https://github.com/python/cpython/pull/96932 - Modified: * no-strict-openssl111-dep.patch
Alexander Graul (agraul)
committed
(revision 9)
osc copypac from project:systemsmanagement:saltstack:bundle:testing package:saltbundlepy revision:7
Alexander Graul (agraul)
accepted
request 1117455
from
Alexander Graul (agraul)
(revision 8)
- Revert https://github.com/python/cpython/pull/96932 for OpenSSL < 1.1 - Modified: * no-strict-openssl111-dep.patch
Pablo Suárez Hernández (PSuarezHernandez)
committed
(revision 7)
osc copypac from project:systemsmanagement:saltstack:bundle:next package:saltbundlepy revision:11
Victor Zhestkov (vizhestkov)
accepted
request 1103280
from
Yeray Gutiérrez Cedrés (ygutierrez)
(revision 6)
- Include dependency on libffi for Debian 12
Alexander Graul (agraul)
accepted
request 1081257
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 5)
- Adjust custom patches after latest upgrade to fix building issues
- Modified:
* skip-test_pyobject_freed_is_freed.patch
* call-startup-script-always.patch
* no-strict-openssl111-dep.patch
- Fix build on openEuler 22.03.
- Add invalid-json.patch fixing invalid JSON in
Doc/howto/logging-cookbook.rst (somehow similar to
gh#python/cpython#102582).
- Update to 3.10.10:
Bug fixes and regressions handling, no change of behaviour and
no security bugs fixed.
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- Add provides for readline and sqlite3 to the main Python
package.
- Disable NIS for new products, it's deprecated and gets removed
- Update to 3.10.9:
- python -m http.server no longer allows terminal
control characters sent within a garbage request to be
printed to the stderr server lo This is done by changing
the http.server BaseHTTPRequestHandler .log_message method
to replace control characters with a \xHH hex escape before
Alexander Graul (agraul)
accepted
request 1008236
from
Victor Zhestkov (vzhestkov)
(revision 4)
- Add missing file reference related to the changelog entry: improve import_failed hook to do the right thing when invoking missing modules with "python3 -m modulename" (boo#942751) - Add missing file reference for rpmlintrc with the rule preventing fail on changing the subpackage which is not following naming rule as we need to avoid conflicts with the existing package - Added: * import_failed.py * saltbundlepy-rpmlintrc
Pablo Suárez Hernández (PSuarezHernandez)
accepted
request 991243
from
Victor Zhestkov (vzhestkov)
(revision 3)
- Update to 3.10.5:
- Core and Builtins
- gh-93418: Fixed an assert where an f-string has an equal
sign ‘=’ following an expression, but there’s no trailing
brace. For example, f”{i=”.
- gh-91924: Fix __ltrace__ debug feature if the stdout
encoding is not UTF-8. Patch by Victor Stinner.
- gh-93061: Backward jumps after async for loops are no
longer given dubious line numbers.
- gh-93065: Fix contextvars HAMT implementation to handle
iteration over deep trees.
- The bug was discovered and fixed by Eli Libman. See
MagicStack/immutables#84 for more details.
- gh-92311: Fixed a bug where setting frame.f_lineno to jump
over a list comprehension could misbehave or crash.
- gh-92112: Fix crash triggered by an evil custom mro() on
a metaclass.
- gh-92036: Fix a crash in subinterpreters related to the
garbage collector. When a subinterpreter is deleted,
untrack all objects tracked by its GC. To prevent a crash
in deallocator functions expecting objects to be tracked by
the GC, leak a strong reference to these objects on
purpose, so they are never deleted and their deallocator
functions are not called. Patch by Victor Stinner.
- gh-91421: Fix a potential integer overflow in
_Py_DecodeUTF8Ex.
- bpo-47212: Raise IndentationError instead of SyntaxError
for a bare except with no following indent. Improve
SyntaxError locations for an un-parenthesized generator
used as arguments. Patch by Matthieu Dartiailh.
Alexander Graul (agraul)
committed
(revision 2)
osc copypac from project:systemsmanagement:saltstack:bundle:next package:saltbundlepy revision:5
Pablo Suárez Hernández (PSuarezHernandez)
committed
(revision 1)
osc copypac from project:systemsmanagement:saltstack:bundle package:saltbundlepy revision:16
Displaying all 19 revisions
