Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python38 for openSUSE:Factory
checked in at 2021-03-02 14:41:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python38 (Old)
and /work/SRC/openSUSE:Factory/.python38.new.2378 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python38"
Tue Mar 2 14:41:29 2021 rev:10 rq:874121 version:3.8.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/python38/python38.changes 2021-02-15
23:10:22.810865279 +0100
+++ /work/SRC/openSUSE:Factory/.python38.new.2378/python38.changes
2021-03-02 15:30:37.393979742 +0100
@@ -1,0 +2,15 @@
+Fri Feb 19 16:40:59 UTC 2021 - Matej Cepl <mc...@suse.com>
+
+- Update to 3.8.8:
+ - bpo#42938 (bsc#1181126): Avoid static buffers when computing
+ the repr of ctypes.c_double and ctypes.c_longdouble
+ values. This issue was assigned CVE-2021-3177.
+ - bpo#42967 (bso#1182379): Fix web cache poisoning
+ vulnerability by defaulting the query args separator to &,
+ and allowing the user to choose a custom separator. This
+ issue was assigned CVE-2021-23336.
+- Remove bsc1167501-invalid-alignment.patch and
+ CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch, which were included
+ into the upstream tarball.
+
+-------------------------------------------------------------------
Old:
----
CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
Python-3.8.7.tar.xz
Python-3.8.7.tar.xz.asc
bsc1167501-invalid-alignment.patch
New:
----
Python-3.8.8.tar.xz
Python-3.8.8.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python38.spec ++++++
--- /var/tmp/diff_new_pack.iFXMEi/_old 2021-03-02 15:30:38.193980264 +0100
+++ /var/tmp/diff_new_pack.iFXMEi/_new 2021-03-02 15:30:38.197980266 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package python38
+# spec file for package python38-core
#
# Copyright (c) 2021 SUSE LLC
#
@@ -87,7 +87,7 @@
%bcond_without profileopt
%endif
Name: %{python_pkg_name}%{psuffix}
-Version: 3.8.7
+Version: 3.8.8
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@@ -149,14 +149,8 @@
# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046
mc...@suse.com
# ensurepip should honour the value of $(prefix)
Patch29: bpo-31046_ensurepip_honours_prefix.patch
-# PATCH-FIX-UPSTREAM bsc1167501-invalid-alignment.patch
gh#python/cpython#19133 mc...@suse.com
-# Fix wrong misalignment of pointer to vectorcallfunc
-Patch31: bsc1167501-invalid-alignment.patch
# PATCH-FIX-UPSTREAM stop calling removed Sphinx function
gh#python/cpython#13236
Patch32: sphinx-update-removed-function.patch
-# PATCH-FIX-UPSTREAM CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch bsc#1181126
mc...@suse.com
-# buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to
remote code execution
-Patch33: CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
BuildRequires: automake
BuildRequires: fdupes
BuildRequires: gmp-devel
@@ -402,7 +396,6 @@
%patch07 -p1
%patch08 -p1
%patch09 -p1
-# %%patch12 -p1
%patch15 -p1
%ifarch ppc ppc64 ppc64le
%patch23 -p1
@@ -412,9 +405,7 @@
%patch27 -p1
%patch28 -p1
%patch29 -p1
-%patch31 -p1
%patch32 -p1
-%patch33 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++++++ Python-3.8.7.tar.xz -> Python-3.8.8.tar.xz ++++++
/work/SRC/openSUSE:Factory/python38/Python-3.8.7.tar.xz
/work/SRC/openSUSE:Factory/.python38.new.2378/Python-3.8.8.tar.xz differ: char
27, line 1
++++++ subprocess-raise-timeout.patch ++++++
--- /var/tmp/diff_new_pack.iFXMEi/_old 2021-03-02 15:30:38.457980436 +0100
+++ /var/tmp/diff_new_pack.iFXMEi/_new 2021-03-02 15:30:38.461980438 +0100
@@ -1,6 +1,6 @@
--- a/Lib/test/test_subprocess.py
+++ b/Lib/test/test_subprocess.py
-@@ -1125,7 +1125,8 @@ class ProcessTestCase(BaseTestCase):
+@@ -1147,7 +1147,8 @@ class ProcessTestCase(BaseTestCase):
self.assertIn("0.0001", str(c.exception)) # For coverage of __str__.
# Some heavily loaded buildbots (sparc Debian 3.x) require this much
# time to start.
