Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python38 for openSUSE:Factory
checked in at 2021-02-02 14:24:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python38 (Old)
and /work/SRC/openSUSE:Factory/.python38.new.28504 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python38"
Tue Feb 2 14:24:27 2021 rev:8 rq:868033 version:3.8.7
Changes:
--------
--- /work/SRC/openSUSE:Factory/python38/python38.changes 2020-11-29
12:18:43.289413116 +0100
+++ /work/SRC/openSUSE:Factory/.python38.new.28504/python38.changes
2021-02-02 14:24:35.591291174 +0100
@@ -1,0 +2,51 @@
+Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl <mc...@suse.com>
+
+- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
+ bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
+ _ctypes/callproc.c, which may lead to remote code execution.
+
+-------------------------------------------------------------------
+Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl <mc...@suse.com>
+
+- (bsc#1180125) We really don't Require python-rpm-macros package.
+ Unnecessary dependency.
+
+-------------------------------------------------------------------
+Tue Dec 22 08:27:08 UTC 2020 - Matej Cepl <mc...@suse.com>
+
+- Update to 3.8.7:
+ - bugfix release
+ - multiple patches realigned:
+ - F00102-lib64.patch
+ - SUSE-FEDORA-multilib.patch
+ - bpo-31046_ensurepip_honours_prefix.patch
+ - skip_random_failing_tests.patch
+
+-------------------------------------------------------------------
+Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner <c...@bnavigator.de>
+
+- Last try before this results in an editwar:
+ * remove importlib_resources and importlib-metadata
+ provides/obsoletes
+ * import importlib_resources is not the same as
+ import importlib.resources, same for metadata
+ * The backport packages from PyPI needed for older flavors are
+ specified as such for setuptools or in pyproject.toml. If a
+ package requires them they typically add them with a python
+ version qualifier and the packages have their own version
+ numbers.
+
+-------------------------------------------------------------------
+Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl <mc...@suse.com>
+
+- Add patch sphinx-update-removed-function.patch to no longer call
+ a now removed function and to make documentation build independent of
+ the Sphinx version (bsc#1179630, gh#python/cpython#13236).
+
+-------------------------------------------------------------------
+Wed Dec 2 10:57:45 UTC 2020 - Matej Cepl <mc...@suse.com>
+
+- Add importlib_resources provide/obsolete as it is integral
+ part of the lang since 3.7 release
+
+-------------------------------------------------------------------
Old:
----
Python-3.8.6.tar.xz
Python-3.8.6.tar.xz.asc
New:
----
CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
Python-3.8.7.tar.xz
Python-3.8.7.tar.xz.asc
sphinx-update-removed-function.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python38.spec ++++++
--- /var/tmp/diff_new_pack.NOMg7G/_old 2021-02-02 14:24:36.567292693 +0100
+++ /var/tmp/diff_new_pack.NOMg7G/_new 2021-02-02 14:24:36.571292699 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package python38
+# spec file for package python38-core
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -87,7 +87,7 @@
%bcond_without profileopt
%endif
Name: %{python_pkg_name}%{psuffix}
-Version: 3.8.6
+Version: 3.8.7
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@@ -152,6 +152,11 @@
# PATCH-FIX-UPSTREAM bsc1167501-invalid-alignment.patch
gh#python/cpython#19133 mc...@suse.com
# Fix wrong misalignment of pointer to vectorcallfunc
Patch31: bsc1167501-invalid-alignment.patch
+# PATCH-FIX-UPSTREAM stop calling removed Sphinx function
gh#python/cpython#13236
+Patch32: sphinx-update-removed-function.patch
+# PATCH-FIX-UPSTREAM CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch bsc#1181126
mc...@suse.com
+# buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to
remote code execution
+Patch33: CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
BuildRequires: automake
BuildRequires: fdupes
BuildRequires: gmp-devel
@@ -174,9 +179,11 @@
# Here we just run sphinx and we can use generic one, we don't need
# the flavor variant
BuildRequires: python3-Sphinx < 3.0
+%if 0%{?suse_version} > 1500
BuildRequires: python3-python-docs-theme
BuildRequires: python3-sphinxcontrib-qthelp >= 1.0.2
%endif
+%endif
%if %{with general}
# required for idle3 (.desktop and .appdata.xml files)
BuildRequires: appstream-glib
@@ -286,7 +293,6 @@
%package -n %{python_pkg_name}-base
Summary: Python 3 Interpreter and Stdlib Core
Requires: libpython%{so_version} = %{version}
-Requires: python-rpm-macros
Recommends: %{python_pkg_name} = %{version}
#Recommends: python3-ensurepip
# python 3.1 didn't have a separate python-base, so it is wrongly
@@ -406,6 +412,8 @@
%patch28 -p1
%patch29 -p1
%patch31 -p1
+%patch32 -p1
+%patch33 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++++++ CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch ++++++
>From 34df10a9a16b38d54421eeeaf73ec89828563be7 Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benja...@python.org>
Date: Mon, 18 Jan 2021 15:11:46 -0600
Subject: [PATCH] [3.6] closes bpo-42938: Replace snprintf with Python unicode
formatting in ctypes param reprs. (GH-24250)
(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
Co-authored-by: Benjamin Peterson <benja...@python.org>
---
Lib/ctypes/test/test_parameters.py | 43 +++++++++++++++
.../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
Modules/_ctypes/callproc.c | 55 +++++++------------
3 files changed, 66 insertions(+), 34 deletions(-)
create mode 100644
Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
--- a/Lib/ctypes/test/test_parameters.py
+++ b/Lib/ctypes/test/test_parameters.py
@@ -201,6 +201,49 @@ class SimpleTypesTestCase(unittest.TestC
with self.assertRaises(ZeroDivisionError):
WorseStruct().__setstate__({}, b'foo')
+ def test_parameter_repr(self):
+ from ctypes import (
+ c_bool,
+ c_char,
+ c_wchar,
+ c_byte,
+ c_ubyte,
+ c_short,
+ c_ushort,
+ c_int,
+ c_uint,
+ c_long,
+ c_ulong,
+ c_longlong,
+ c_ulonglong,
+ c_float,
+ c_double,
+ c_longdouble,
+ c_char_p,
+ c_wchar_p,
+ c_void_p,
+ )
+ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' at
0x[A-Fa-f0-9]+>$")
+ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>")
+ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at
0x[A-Fa-f0-9]+>$")
+ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
+ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>")
+ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>")
+ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>")
+ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]'
\(20000\)>$")
+ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]'
\(20000\)>$")
+ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]'
\(20000\)>$")
+ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]'
\(20000\)>$")
+ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam
'[liq]' \(20000\)>$")
+ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam
'[LIQ]' \(20000\)>$")
+ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>")
+ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>")
+ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd'
(1e+300)>")
+ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d'
\(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
+ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z'
\(0x[A-Fa-f0-9]+\)>$")
+ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z'
\(0x[A-Fa-f0-9]+\)>$")
+ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P'
\(0x0*12\)>$")
+
################################################################
if __name__ == '__main__':
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
@@ -0,0 +1,2 @@
+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
+:class:`ctypes.c_longdouble` values.
--- a/Modules/_ctypes/callproc.c
+++ b/Modules/_ctypes/callproc.c
@@ -484,58 +484,47 @@ is_literal_char(unsigned char c)
static PyObject *
PyCArg_repr(PyCArgObject *self)
{
- char buffer[256];
switch(self->tag) {
case 'b':
case 'B':
- sprintf(buffer, "<cparam '%c' (%d)>",
+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
self->tag, self->value.b);
- break;
case 'h':
case 'H':
- sprintf(buffer, "<cparam '%c' (%d)>",
+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
self->tag, self->value.h);
- break;
case 'i':
case 'I':
- sprintf(buffer, "<cparam '%c' (%d)>",
+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
self->tag, self->value.i);
- break;
case 'l':
case 'L':
- sprintf(buffer, "<cparam '%c' (%ld)>",
+ return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
self->tag, self->value.l);
- break;
case 'q':
case 'Q':
- sprintf(buffer,
-#ifdef MS_WIN32
- "<cparam '%c' (%I64d)>",
-#else
- "<cparam '%c' (%lld)>",
-#endif
+ return PyUnicode_FromFormat("<cparam '%c' (%lld)>",
self->tag, self->value.q);
- break;
case 'd':
- sprintf(buffer, "<cparam '%c' (%f)>",
- self->tag, self->value.d);
- break;
- case 'f':
- sprintf(buffer, "<cparam '%c' (%f)>",
- self->tag, self->value.f);
- break;
-
+ case 'f': {
+ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f :
self->value.d);
+ if (f == NULL) {
+ return NULL;
+ }
+ PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>",
self->tag, f);
+ Py_DECREF(f);
+ return result;
+ }
case 'c':
if (is_literal_char((unsigned char)self->value.c)) {
- sprintf(buffer, "<cparam '%c' ('%c')>",
+ return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
self->tag, self->value.c);
}
else {
- sprintf(buffer, "<cparam '%c' ('\\x%02x')>",
+ return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>",
self->tag, (unsigned char)self->value.c);
}
- break;
/* Hm, are these 'z' and 'Z' codes useful at all?
Shouldn't they be replaced by the functionality of c_string
@@ -544,22 +533,19 @@ PyCArg_repr(PyCArgObject *self)
case 'z':
case 'Z':
case 'P':
- sprintf(buffer, "<cparam '%c' (%p)>",
+ return PyUnicode_FromFormat("<cparam '%c' (%p)>",
self->tag, self->value.p);
- break;
default:
if (is_literal_char((unsigned char)self->tag)) {
- sprintf(buffer, "<cparam '%c' at %p>",
+ return PyUnicode_FromFormat("<cparam '%c' at %p>",
(unsigned char)self->tag, (void *)self);
}
else {
- sprintf(buffer, "<cparam 0x%02x at %p>",
+ return PyUnicode_FromFormat("<cparam 0x%02x at %p>",
(unsigned char)self->tag, (void *)self);
}
- break;
}
- return PyUnicode_FromString(buffer);
}
static PyMemberDef PyCArgType_members[] = {
++++++ F00102-lib64.patch ++++++
--- /var/tmp/diff_new_pack.NOMg7G/_old 2021-02-02 14:24:36.607292755 +0100
+++ /var/tmp/diff_new_pack.NOMg7G/_new 2021-02-02 14:24:36.607292755 +0100
@@ -183,7 +183,7 @@
}
--- a/configure
+++ b/configure
-@@ -15214,9 +15214,9 @@ fi
+@@ -15233,9 +15233,9 @@ fi
if test x$PLATFORM_TRIPLET = x; then
@@ -197,7 +197,7 @@
--- a/configure.ac
+++ b/configure.ac
-@@ -4689,9 +4689,9 @@ fi
+@@ -4691,9 +4691,9 @@ fi
dnl define LIBPL after ABIFLAGS and LDVERSION is defined.
AC_SUBST(PY_ENABLE_SHARED)
if test x$PLATFORM_TRIPLET = x; then
++++++ Python-3.8.6.tar.xz -> Python-3.8.7.tar.xz ++++++
/work/SRC/openSUSE:Factory/python38/Python-3.8.6.tar.xz
/work/SRC/openSUSE:Factory/.python38.new.28504/Python-3.8.7.tar.xz differ: char
27, line 1
++++++ SUSE-FEDORA-multilib.patch ++++++
--- /var/tmp/diff_new_pack.NOMg7G/_old 2021-02-02 14:24:36.679292867 +0100
+++ /var/tmp/diff_new_pack.NOMg7G/_new 2021-02-02 14:24:36.683292873 +0100
@@ -1,6 +1,6 @@
--- a/configure.ac
+++ b/configure.ac
-@@ -4686,12 +4686,26 @@ else
+@@ -4688,12 +4688,26 @@ else
LIBPYTHON=''
fi
@@ -314,7 +314,7 @@
# just making sure _main() runs and returns things in the stdout
--- a/configure
+++ b/configure
-@@ -15214,9 +15214,9 @@ fi
+@@ -15233,9 +15233,9 @@ fi
if test x$PLATFORM_TRIPLET = x; then
++++++ bpo-31046_ensurepip_honours_prefix.patch ++++++
--- /var/tmp/diff_new_pack.NOMg7G/_old 2021-02-02 14:24:36.715292923 +0100
+++ /var/tmp/diff_new_pack.NOMg7G/_new 2021-02-02 14:24:36.719292929 +0100
@@ -55,7 +55,7 @@
.. note::
--- a/Lib/ensurepip/__init__.py
+++ b/Lib/ensurepip/__init__.py
-@@ -56,27 +56,27 @@ def _disable_pip_configuration_settings(
+@@ -53,27 +53,27 @@ def _disable_pip_configuration_settings(
os.environ['PIP_CONFIG_FILE'] = os.devnull
@@ -88,7 +88,7 @@
Note that calling this function will alter both sys.path and os.environ.
"""
-@@ -119,6 +119,8 @@ def _bootstrap(*, root=None, upgrade=Fal
+@@ -116,6 +116,8 @@ def _bootstrap(*, root=None, upgrade=Fal
args = ["install", "--no-cache-dir", "--no-index", "--find-links",
tmpdir]
if root:
args += ["--root", root]
@@ -97,7 +97,7 @@
if upgrade:
args += ["--upgrade"]
if user:
-@@ -191,6 +193,11 @@ def _main(argv=None):
+@@ -188,6 +190,11 @@ def _main(argv=None):
help="Install everything relative to this alternate root directory.",
)
parser.add_argument(
@@ -109,7 +109,7 @@
"--altinstall",
action="store_true",
default=False,
-@@ -209,6 +216,7 @@ def _main(argv=None):
+@@ -206,6 +213,7 @@ def _main(argv=None):
return _bootstrap(
root=args.root,
++++++ skip_random_failing_tests.patch ++++++
--- /var/tmp/diff_new_pack.NOMg7G/_old 2021-02-02 14:24:36.827293097 +0100
+++ /var/tmp/diff_new_pack.NOMg7G/_new 2021-02-02 14:24:36.827293097 +0100
@@ -82,7 +82,7 @@
--- a/Lib/test/_test_multiprocessing.py
+++ b/Lib/test/_test_multiprocessing.py
-@@ -1521,6 +1521,7 @@ class _TestCondition(BaseTestCase):
+@@ -1542,6 +1542,7 @@ class _TestCondition(BaseTestCase):
success.value = True
@unittest.skipUnless(HAS_SHAREDCTYPES, 'needs sharedctypes')
@@ -90,7 +90,7 @@
def test_waitfor_timeout(self):
# based on test in test/lock_tests.py
cond = self.Condition()
-@@ -2411,6 +2412,7 @@ class _TestPool(BaseTestCase):
+@@ -2432,6 +2433,7 @@ class _TestPool(BaseTestCase):
self.assertEqual(get(), 49)
self.assertTimingAlmostEqual(get.elapsed, TIMEOUT1)
@@ -98,7 +98,7 @@
def test_async_timeout(self):
res = self.pool.apply_async(sqr, (6, TIMEOUT2 + 1.0))
get = TimingWrapper(res.get)
-@@ -4564,6 +4566,7 @@ class TestWait(unittest.TestCase):
+@@ -4643,6 +4645,7 @@ class TestWait(unittest.TestCase):
sem.release()
time.sleep(period)
@@ -108,7 +108,7 @@
--- a/Lib/test/test_asyncio/test_events.py
+++ b/Lib/test/test_asyncio/test_events.py
-@@ -266,6 +266,7 @@ class EventLoopTestsMixin:
+@@ -268,11 +268,12 @@ class EventLoopTestsMixin:
# Note: because of the default Windows timing granularity of
# 15.6 msec, we use fairly long sleep times here (~100 msec).
@@ -116,16 +116,13 @@
def test_run_until_complete(self):
t0 = self.loop.time()
self.loop.run_until_complete(asyncio.sleep(0.1))
-@@ -293,7 +294,7 @@ class EventLoopTestsMixin:
- self.loop.run_forever()
- t1 = time.monotonic()
- self.assertEqual(results, ['hello world'])
+ t1 = self.loop.time()
- self.assertTrue(0.08 <= t1-t0 <= 0.8, t1-t0)
+ self.assertTrue(0.08 <= t1-t0 <= 5.0, t1-t0)
- def test_call_soon(self):
- results = []
-@@ -478,6 +479,7 @@ class EventLoopTestsMixin:
+ def test_run_until_complete_stopped(self):
+
+@@ -477,6 +478,7 @@ class EventLoopTestsMixin:
self.assertEqual(caught, 1)
@unittest.skipUnless(hasattr(signal, 'SIGALRM'), 'No SIGALRM')
@@ -135,7 +132,7 @@
caught = 0
--- a/Lib/test/test_buffer.py
+++ b/Lib/test/test_buffer.py
-@@ -2504,6 +2504,7 @@ class TestBufferProtocol(unittest.TestCa
+@@ -2506,6 +2506,7 @@ class TestBufferProtocol(unittest.TestCa
a = ndarray(items, shape=[2, 2, 2], format="b")
check(memoryview(a), vsize(base_struct + 3 * per_dim))
++++++ sphinx-update-removed-function.patch ++++++
>From 960bb883769e5c64a63b014590d75654db87ffb0 Mon Sep 17 00:00:00 2001
From: Pablo Galindo <pablog...@gmail.com>
Date: Fri, 10 May 2019 22:58:17 +0100
Subject: [PATCH] Fix sphinx deprecation warning about env.note_versionchange()
(GH-13236)
---
Doc/tools/extensions/pyspecific.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/Doc/tools/extensions/pyspecific.py
+++ b/Doc/tools/extensions/pyspecific.py
@@ -361,7 +361,12 @@ class DeprecatedRemoved(Directive):
translatable=False)
node.append(para)
env = self.state.document.settings.env
- env.get_domain('changeset').note_changeset(node)
+ # new method
+ if hasattr(env, 'get_domain'):
+ env.get_domain('changeset').note_changeset(node)
+ # deprecated pre-Sphinx-2 method
+ else:
+ env.note_versionchange('deprecated', version[0], node, self.lineno)
return [node] + messages
