Revisions of saltbundlepy

Yeray Gutiérrez Cedrés's avatar Yeray Gutiérrez Cedrés (ygutierrez) accepted request 1205692 from Victor Zhestkov's avatar Victor Zhestkov (vizhestkov) (revision 19)
- Disabe nis module for all targets
Alexander Graul's avatar Alexander Graul (agraul) accepted request 1198554 from Pablo Suárez Hernández's avatar Pablo Suárez Hernández (PSuarezHernandez) (revision 18)
- Add CVE-2024-7592-Fix-quadratic-complexity-in-parsing-quoted.patch:
  * Fix quadratic complexity in parsing -quoted cookie values with
    backslashes (bsc#1229873, bsc#1230059, CVE-2024-7592)
- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid
  failing test_sendfile_close_peer_in_the_middle_of_receiving
  tests on Linux >= 6.10 (GH-120227).
- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent
  malformed payload to cause infinite loops in zipfile.Path
  (bsc#1229704, bsc#1230058, CVE-2024-8088).
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
  header injection due to unquoted newlines (bsc#1228780,
  CVE-2024-6923).
  
- %{profileopt} variable is set according to the variable
  %{do_profiling} (bsc#1227999)
- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999
  adding reproducibility patches from gh#python/cpython!121872
  and gh#python/cpython!121883.
- Stop using %%defattr, it seems to be breaking proper executable
  attributes on /usr/bin/ scripts (bsc#1227378). 
- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448
  (CVE-2024-4032) rearranging definition of private v global IP
  addresses.

    multiple threads (bsc#1226447, CVE-2024-0397).
Pablo Suárez Hernández's avatar Pablo Suárez Hernández (PSuarezHernandez) accepted request 1174634 from Victor Zhestkov's avatar Victor Zhestkov (vizhestkov) (revision 17)
- Update to 3.11.9:
  * Security
  * gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
    (CVE-2023-52425,  bsc#1219559) by adding five new methods:
    xml.etree.ElementTree.XMLParser.flush()
    xml.etree.ElementTree.XMLPullParser.flush()
    xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
    xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
    xml.sax.expatreader.ExpatParser.flush()
  * gh-115399: Update bundled libexpat to 2.6.0
  * gh-115243: Fix possible crashes in collections.deque.index()
    when the deque is concurrently modified.
  * gh-114572: ssl.SSLContext.cert_store_stats() and
    ssl.SSLContext.get_ca_certs() now correctly lock access to the
    certificate store, when the ssl.SSLContext is shared across
    multiple threads.
  * Core and Builtins
  * gh-116296: Fix possible refleak in object.__reduce__() internal
    error handling.
  * gh-116034: Fix location of the error on a failed assertion.
  * gh-115823: Properly calculate error ranges in the parser when
    raising SyntaxError exceptions caused by invalid byte sequences.
    Patch by Pablo Galindo
  * gh-112087: For an empty reverse iterator for list will be
    reduced to reversed(). Patch by Donghee Na.
  * gh-115011: Setters for members with an unsigned integer type now
    support the same range of valid values for objects that has a
    __index__() method as for int.
  * gh-96497: Fix incorrect resolution of mangled class variables
    used in assignment expressions in comprehensions.
Victor Zhestkov's avatar Victor Zhestkov (vizhestkov) committed (revision 16)
- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
  patched libexpat below 2.6.0 that doesn't update the version number
  (gh#python/cpython#117187)
  * CVE-2023-52425-libexpat-2.6.0-backport.patch
Victor Zhestkov's avatar Victor Zhestkov (vizhestkov) committed (revision 15)
  * python.keyring
Pablo Suárez Hernández's avatar Pablo Suárez Hernández (PSuarezHernandez) accepted request 1166458 from Victor Zhestkov's avatar Victor Zhestkov (vizhestkov) (revision 14)
- Update 3.10.14:
  * gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0
    to address CVE-2023-52425, and control of the new reparse
    deferral functionality was exposed with new APIs
    (bsc#1219559).
  * gh-109858: zipfile is now protected from the “quoted-overlap”
    zipbomb to address CVE-2024-0450. It now raises BadZipFile
    when attempting to read an entry that overlaps with another
    entry or central directory. (bsc#1221854)
  * gh-91133: tempfile.TemporaryDirectory cleanup no longer
    dereferences symlinks when working around file system
    permission errors to address CVE-2023-6597 (bsc#1219666)
  * gh-115197: urllib.request no longer resolves the hostname
    before checking it against the system’s proxy bypass list on
    macOS and Windows
  * gh-81194: a crash in socket.if_indextoname() with a specific
    value (UINT_MAX) was fixed. Relatedly, an integer overflow in
    socket.if_indextoname() on 64-bit non-Windows platforms was
    fixed
  * gh-113659: .pth files with names starting with a dot or
    containing the hidden file attribute are now skipped
  * gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer
    read out of bounds
  * gh-114572: ssl.SSLContext.cert_store_stats() and
    ssl.SSLContext.get_ca_certs() now correctly lock access to
    the certificate store, when the ssl.SSLContext is shared
    across multiple threads
- Add old-libexpat.patch making the test suite work with
  libexpat < 2.6.0 (gh#python/cpython#117187).
- Refreshing the patches to adjust for newer version.
Marek Czernek's avatar Marek Czernek (mczernek) accepted request 1159900 from Pablo Suárez Hernández's avatar Pablo Suárez Hernández (PSuarezHernandez) (revision 13)
- Disable NIS for new products, it's deprecated and gets removed
Victor Zhestkov's avatar Victor Zhestkov (vizhestkov) accepted request 1134166 from Pablo Suárez Hernández's avatar Pablo Suárez Hernández (PSuarezHernandez) (revision 12)
- Explicitly add libexpat1 as dependency when building DEB package
Alexander Graul's avatar Alexander Graul (agraul) accepted request 1117962 from Pablo Suárez Hernández's avatar Pablo Suárez Hernández (PSuarezHernandez) (revision 11)
    CVE-2007-4559, bsc#1203750) (PEP 706).
  * subprocess-raise-timeout.patch
Alexander Graul's avatar Alexander Graul (agraul) accepted request 1117614 from Victor Zhestkov's avatar Victor Zhestkov (vizhestkov) (revision 10)
- Adjusted the patch removing strict requirement for OpenSSL 1.1.1
  Required to revert the changes causing build fails with
  OpenSSL < 1.1.0 by https://github.com/python/cpython/pull/96932
- Modified:
  * no-strict-openssl111-dep.patch
Alexander Graul's avatar Alexander Graul (agraul) committed (revision 9)
osc copypac from project:systemsmanagement:saltstack:bundle:testing package:saltbundlepy revision:7
Alexander Graul's avatar Alexander Graul (agraul) accepted request 1117455 from Alexander Graul's avatar Alexander Graul (agraul) (revision 8)
- Revert https://github.com/python/cpython/pull/96932 for OpenSSL < 1.1 
- Modified:
  * no-strict-openssl111-dep.patch
Pablo Suárez Hernández's avatar Pablo Suárez Hernández (PSuarezHernandez) committed (revision 7)
osc copypac from project:systemsmanagement:saltstack:bundle:next package:saltbundlepy revision:11
Victor Zhestkov's avatar Victor Zhestkov (vizhestkov) accepted request 1103280 from Yeray Gutiérrez Cedrés's avatar Yeray Gutiérrez Cedrés (ygutierrez) (revision 6)
- Include dependency on libffi for Debian 12
Alexander Graul's avatar Alexander Graul (agraul) accepted request 1081257 from Pablo Suárez Hernández's avatar Pablo Suárez Hernández (PSuarezHernandez) (revision 5)
- Adjust custom patches after latest upgrade to fix building issues
- Modified:
  * skip-test_pyobject_freed_is_freed.patch
  * call-startup-script-always.patch
  * no-strict-openssl111-dep.patch

- Fix build on openEuler 22.03. 

- Add invalid-json.patch fixing invalid JSON in
  Doc/howto/logging-cookbook.rst (somehow similar to
  gh#python/cpython#102582).

- Update to 3.10.10:
  Bug fixes and regressions handling, no change of behaviour and
  no security bugs fixed.
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters

- Add provides for readline and sqlite3 to the main Python
  package.

- Disable NIS for new products, it's deprecated and gets removed

- Update to 3.10.9:
  - python -m http.server no longer allows terminal
    control characters sent within a garbage request to be
    printed to the stderr server lo This is done by changing
    the http.server BaseHTTPRequestHandler .log_message method
    to replace control characters with a \xHH hex escape before
Alexander Graul's avatar Alexander Graul (agraul) accepted request 1008236 from Victor Zhestkov's avatar Victor Zhestkov (vzhestkov) (revision 4)
- Add missing file reference related to the changelog entry:
  improve import_failed hook to do the right thing when invoking
  missing modules with "python3 -m modulename" (boo#942751)
- Add missing file reference for rpmlintrc with the rule preventing
  fail on changing the subpackage which is not following naming rule
  as we need to avoid conflicts with the existing package
- Added:
  * import_failed.py
  * saltbundlepy-rpmlintrc
Pablo Suárez Hernández's avatar Pablo Suárez Hernández (PSuarezHernandez) accepted request 991243 from Victor Zhestkov's avatar Victor Zhestkov (vzhestkov) (revision 3)
- Update to 3.10.5:
  - Core and Builtins
    - gh-93418: Fixed an assert where an f-string has an equal
      sign ‘=’ following an expression, but there’s no trailing
      brace. For example, f”{i=”.
    - gh-91924: Fix __ltrace__ debug feature if the stdout
      encoding is not UTF-8. Patch by Victor Stinner.
    - gh-93061: Backward jumps after async for loops are no
      longer given dubious line numbers.
    - gh-93065: Fix contextvars HAMT implementation to handle
      iteration over deep trees.
    - The bug was discovered and fixed by Eli Libman. See
      MagicStack/immutables#84 for more details.
    - gh-92311: Fixed a bug where setting frame.f_lineno to jump
      over a list comprehension could misbehave or crash.
    - gh-92112: Fix crash triggered by an evil custom mro() on
      a metaclass.
    - gh-92036: Fix a crash in subinterpreters related to the
      garbage collector. When a subinterpreter is deleted,
      untrack all objects tracked by its GC. To prevent a crash
      in deallocator functions expecting objects to be tracked by
      the GC, leak a strong reference to these objects on
      purpose, so they are never deleted and their deallocator
      functions are not called. Patch by Victor Stinner.
    - gh-91421: Fix a potential integer overflow in
      _Py_DecodeUTF8Ex.
    - bpo-47212: Raise IndentationError instead of SyntaxError
      for a bare except with no following indent. Improve
      SyntaxError locations for an un-parenthesized generator
      used as arguments. Patch by Matthieu Dartiailh.
Alexander Graul's avatar Alexander Graul (agraul) committed (revision 2)
osc copypac from project:systemsmanagement:saltstack:bundle:next package:saltbundlepy revision:5
Pablo Suárez Hernández's avatar Pablo Suárez Hernández (PSuarezHernandez) committed (revision 1)
osc copypac from project:systemsmanagement:saltstack:bundle package:saltbundlepy revision:16
Displaying all 19 revisions
openSUSE Build Service is sponsored by