Revisions of saltbundlepy
- Update to 3.11.9: * Security * gh-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425, bsc#1219559) by adding five new methods: xml.etree.ElementTree.XMLParser.flush() xml.etree.ElementTree.XMLPullParser.flush() xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() xml.sax.expatreader.ExpatParser.flush() * gh-115399: Update bundled libexpat to 2.6.0 * gh-115243: Fix possible crashes in collections.deque.index() when the deque is concurrently modified. * gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads. * Core and Builtins * gh-116296: Fix possible refleak in object.__reduce__() internal error handling. * gh-116034: Fix location of the error on a failed assertion. * gh-115823: Properly calculate error ranges in the parser when raising SyntaxError exceptions caused by invalid byte sequences. Patch by Pablo Galindo * gh-112087: For an empty reverse iterator for list will be reduced to reversed(). Patch by Donghee Na. * gh-115011: Setters for members with an unsigned integer type now support the same range of valid values for objects that has a __index__() method as for int. * gh-96497: Fix incorrect resolution of mangled class variables used in assignment expressions in comprehensions.
- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with patched libexpat below 2.6.0 that doesn't update the version number (gh#python/cpython#117187) * CVE-2023-52425-libexpat-2.6.0-backport.patch
- Update 3.10.14: * gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0 to address CVE-2023-52425, and control of the new reparse deferral functionality was exposed with new APIs (bsc#1219559). * gh-109858: zipfile is now protected from the “quoted-overlap” zipbomb to address CVE-2024-0450. It now raises BadZipFile when attempting to read an entry that overlaps with another entry or central directory. (bsc#1221854) * gh-91133: tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when working around file system permission errors to address CVE-2023-6597 (bsc#1219666) * gh-115197: urllib.request no longer resolves the hostname before checking it against the system’s proxy bypass list on macOS and Windows * gh-81194: a crash in socket.if_indextoname() with a specific value (UINT_MAX) was fixed. Relatedly, an integer overflow in socket.if_indextoname() on 64-bit non-Windows platforms was fixed * gh-113659: .pth files with names starting with a dot or containing the hidden file attribute are now skipped * gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer read out of bounds * gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads - Add old-libexpat.patch making the test suite work with libexpat < 2.6.0 (gh#python/cpython#117187). - Refreshing the patches to adjust for newer version.
- Disable NIS for new products, it's deprecated and gets removed
- Explicitly add libexpat1 as dependency when building DEB package
CVE-2007-4559, bsc#1203750) (PEP 706). * subprocess-raise-timeout.patch
- Adjusted the patch removing strict requirement for OpenSSL 1.1.1 Required to revert the changes causing build fails with OpenSSL < 1.1.0 by https://github.com/python/cpython/pull/96932 - Modified: * no-strict-openssl111-dep.patch
osc copypac from project:systemsmanagement:saltstack:bundle:testing package:saltbundlepy revision:7
- Revert https://github.com/python/cpython/pull/96932 for OpenSSL < 1.1 - Modified: * no-strict-openssl111-dep.patch
osc copypac from project:systemsmanagement:saltstack:bundle:next package:saltbundlepy revision:11
- Include dependency on libffi for Debian 12
- Adjust custom patches after latest upgrade to fix building issues - Modified: * skip-test_pyobject_freed_is_freed.patch * call-startup-script-always.patch * no-strict-openssl111-dep.patch - Fix build on openEuler 22.03. - Add invalid-json.patch fixing invalid JSON in Doc/howto/logging-cookbook.rst (somehow similar to gh#python/cpython#102582). - Update to 3.10.10: Bug fixes and regressions handling, no change of behaviour and no security bugs fixed. - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters - Add provides for readline and sqlite3 to the main Python package. - Disable NIS for new products, it's deprecated and gets removed - Update to 3.10.9: - python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server lo This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before
- Add missing file reference related to the changelog entry: improve import_failed hook to do the right thing when invoking missing modules with "python3 -m modulename" (boo#942751) - Add missing file reference for rpmlintrc with the rule preventing fail on changing the subpackage which is not following naming rule as we need to avoid conflicts with the existing package - Added: * import_failed.py * saltbundlepy-rpmlintrc
- Update to 3.10.5: - Core and Builtins - gh-93418: Fixed an assert where an f-string has an equal sign ‘=’ following an expression, but there’s no trailing brace. For example, f”{i=”. - gh-91924: Fix __ltrace__ debug feature if the stdout encoding is not UTF-8. Patch by Victor Stinner. - gh-93061: Backward jumps after async for loops are no longer given dubious line numbers. - gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees. - The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details. - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex. - bpo-47212: Raise IndentationError instead of SyntaxError for a bare except with no following indent. Improve SyntaxError locations for an un-parenthesized generator used as arguments. Patch by Matthieu Dartiailh.
osc copypac from project:systemsmanagement:saltstack:bundle:next package:saltbundlepy revision:5
osc copypac from project:systemsmanagement:saltstack:bundle package:saltbundlepy revision:16
Displaying all 17 revisions