Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python310 for openSUSE:Factory checked in at 2024-09-18 15:26:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python310 (Old) and /work/SRC/openSUSE:Factory/.python310.new.29891 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python310" Wed Sep 18 15:26:05 2024 rev:49 rq:1199711 version:3.10.15 Changes: -------- --- /work/SRC/openSUSE:Factory/python310/python310.changes 2024-08-30 13:29:31.311242043 +0200 +++ /work/SRC/openSUSE:Factory/.python310.new.29891/python310.changes 2024-09-18 15:26:22.447569875 +0200 @@ -1,0 +2,89 @@ +Mon Sep 9 13:41:07 UTC 2024 - Matej Cepl <[email protected]> + +- Update to 3.10.15: + - Tests + - gh-112769: The tests now correctly compare zlib version + when :const:`zlib.ZLIB_RUNTIME_VERSION` contains + non-integer suffixes. For example zlib-ng defines the + version as ``1.3.0.zlib-ng``. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-100454: Fix SSL tests CI for OpenSSL 3.1+ + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith <[email protected]> and Seth Larson + <[email protected]>. Reported by Ellie <[email protected]> + - gh-121285: Remove backtracking from tarfile header + parsing for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123693: Use platform-agnostic behavior when computing + ``zipfile.Path.name``. + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + gh-121650.; CVE-2024-6923, bsc#1228780). + - gh-113171: Fixed various false positives and false negatives in + * :attr:`ipaddress.IPv4Address.is_private` (see these docs for details) + * :attr:`ipaddress.IPv4Address.is_global` + * :attr:`ipaddress.IPv6Address.is_private` + * :attr:`ipaddress.IPv6Address.is_global` + Also in the corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` 2-tuples in more + situations where invalid email addresses are encountered instead of + potentially inaccurate values. Add optional *strict* parameter to these + two functions: use ``strict=False`` to get the old behavior, accept + malformed inputs. ``getattr(email.utils, 'supports_strict_parsing', + False)`` can be use to check if the *strict* paramater is available. Patch + by Thomas Dwyer and Victor Stinner to improve the + CVE-2023-27043 fix (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting with multiple + slashes and no authority. Based on patch by Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. +- Remove upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch +- Add sphinx-802.patch to overcome working both with the most + recent and older Sphinx versions. + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl <[email protected]> + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- Old: ---- CVE-2023-27043-email-parsing-errors.patch CVE-2024-4032-private-IP-addrs.patch CVE-2024-6923-email-hdr-inject.patch CVE-2024-8088-inf-loop-zipfile_Path.patch Python-3.10.14.tar.xz Python-3.10.14.tar.xz.asc New: ---- Python-3.10.15.tar.xz Python-3.10.15.tar.xz.asc gh120226-fix-sendfile-test-kernel-610.patch sphinx-802.patch BETA DEBUG BEGIN: Old:- Remove upstreamed patches: - CVE-2023-27043-email-parsing-errors.patch - CVE-2024-4032-private-IP-addrs.patch Old: - CVE-2023-27043-email-parsing-errors.patch - CVE-2024-4032-private-IP-addrs.patch - CVE-2024-6923-email-hdr-inject.patch Old: - CVE-2024-4032-private-IP-addrs.patch - CVE-2024-6923-email-hdr-inject.patch - CVE-2024-8088-inf-loop-zipfile_Path.patch Old: - CVE-2024-6923-email-hdr-inject.patch - CVE-2024-8088-inf-loop-zipfile_Path.patch - Add sphinx-802.patch to overcome working both with the most BETA DEBUG END: BETA DEBUG BEGIN: New: - Add gh120226-fix-sendfile-test-kernel-610.patch to avoid failing test_sendfile_close_peer_in_the_middle_of_receiving New: - CVE-2024-8088-inf-loop-zipfile_Path.patch - Add sphinx-802.patch to overcome working both with the most recent and older Sphinx versions. BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python310.spec ++++++ --- /var/tmp/diff_new_pack.iqO0cw/_old 2024-09-18 15:26:26.503738747 +0200 +++ /var/tmp/diff_new_pack.iqO0cw/_new 2024-09-18 15:26:26.511739080 +0200 @@ -108,7 +108,7 @@ # _md5.cpython-38m-x86_64-linux-gnu.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so Name: %{python_pkg_name}%{psuffix} -Version: 3.10.14 +Version: 3.10.15 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -178,11 +178,6 @@ # PATCH-FIX-UPSTREAM gh-78214-marshal_stabilize_FLAG_REF.patch bsc#1213463 [email protected] # marshal: Stabilize FLAG_REF usage Patch19: gh-78214-marshal_stabilize_FLAG_REF.patch -# PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638 [email protected] -# Detect email address parsing errors and return empty tuple to -# indicate the parsing error (old API), from gh#python/cpython!105127 -# Patch carries a REGRESSION (gh#python/cpython#106669), so it has been also partially REVERTED -Patch20: CVE-2023-27043-email-parsing-errors.patch # PATCH-FIX-UPSTREAM fix-sphinx-72.patch gh#python/cpython#97950 # This is a patch with a lot of PR combined to make the doc work with # sphinx 7.2 @@ -200,18 +195,15 @@ # PATCH-FIX-UPSTREAM CVE-2023-52425-libexpat-2.6.0-backport.patch gh#python/cpython#117187 [email protected] # Make the test suite work with libexpat < 2.6.0 Patch22: CVE-2023-52425-libexpat-2.6.0-backport.patch -# PATCH-FIX-UPSTREAM CVE-2024-4032-private-IP-addrs.patch bsc#1226448 [email protected] -# rearrange definition of private v global IP addresses -Patch23: CVE-2024-4032-private-IP-addrs.patch # PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 [email protected] # reproducibility patches Patch24: bso1227999-reproducible-builds.patch -# PATCH-FIX-UPSTREAM CVE-2024-6923-email-hdr-inject.patch bsc#1228780 [email protected] -# prevent email header injection, patch from gh#python/cpython!122608 -Patch25: CVE-2024-6923-email-hdr-inject.patch -# PATCH-FIX-UPSTREAM CVE-2024-8088-inf-loop-zipfile_Path.patch bsc#1229704 [email protected] -# avoid denial of service in zipfile -Patch26: CVE-2024-8088-inf-loop-zipfile_Path.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 [email protected] +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch27: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM sphinx-802.patch [email protected] +# status_iterator method moved between the Sphinx versions +Patch28: sphinx-802.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -486,13 +478,11 @@ %patch -p1 -P 17 %patch -p1 -P 18 %patch -p1 -P 19 -%patch -p1 -P 20 %patch -p1 -P 21 %patch -p1 -P 22 -%patch -p1 -P 23 %patch -p1 -P 24 -%patch -p1 -P 25 -%patch -p1 -P 26 +%patch -p1 -P 27 +%patch -p1 -P 28 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac ++++++ CVE-2023-52425-libexpat-2.6.0-backport.patch ++++++ --- /var/tmp/diff_new_pack.iqO0cw/_old 2024-09-18 15:26:26.651744909 +0200 +++ /var/tmp/diff_new_pack.iqO0cw/_new 2024-09-18 15:26:26.655745075 +0200 @@ -45,7 +45,7 @@ def test_simple_xml_chunk_5(self): self.test_simple_xml(chunk_size=5, flush=True) -@@ -1648,6 +1652,9 @@ class XMLPullParserTest(unittest.TestCas +@@ -1647,6 +1651,9 @@ class XMLPullParserTest(unittest.TestCas self.assert_event_tags(parser, [('end', 'doc')]) ++++++ Python-3.10.14.tar.xz -> Python-3.10.15.tar.xz ++++++ /work/SRC/openSUSE:Factory/python310/Python-3.10.14.tar.xz /work/SRC/openSUSE:Factory/.python310.new.29891/Python-3.10.15.tar.xz differ: char 27, line 1 ++++++ fix-sphinx-72.patch ++++++ --- /var/tmp/diff_new_pack.iqO0cw/_old 2024-09-18 15:26:26.763749572 +0200 +++ /var/tmp/diff_new_pack.iqO0cw/_new 2024-09-18 15:26:26.767749739 +0200 @@ -915,7 +915,7 @@ Open a new pseudo-terminal pair. Return a pair of file descriptors ``(master, slave)`` for the pty and the tty, respectively. The new file -@@ -2637,7 +2637,7 @@ features: +@@ -2644,7 +2644,7 @@ features: possible and call :func:`lstat` on the result. This does not apply to dangling symlinks or junction points, which will raise the usual exceptions. ++++++ fix_configure_rst.patch ++++++ --- /var/tmp/diff_new_pack.iqO0cw/_old 2024-09-18 15:26:26.779750238 +0200 +++ /var/tmp/diff_new_pack.iqO0cw/_new 2024-09-18 15:26:26.779750238 +0200 @@ -29,7 +29,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -3731,7 +3731,7 @@ C API +@@ -3810,7 +3810,7 @@ C API ----- - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name ++++++ gh120226-fix-sendfile-test-kernel-610.patch ++++++ >From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 From: Xi Ruoyao <[email protected]> Date: Fri, 7 Jun 2024 23:51:32 +0800 Subject: [PATCH] gh-120226: Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) The worst case is that the kernel buffers 17 pages with a page size of 64k. (cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) Co-authored-by: Xi Ruoyao <[email protected]> --- Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) --- a/Lib/test/test_asyncio/test_sendfile.py +++ b/Lib/test/test_asyncio/test_sendfile.py @@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): class SendfileBase: - # 256 KiB plus small unaligned to buffer chunk - # Newer versions of Windows seems to have increased its internal - # buffer and tries to send as much of the data as it can as it - # has some form of buffering for this which is less than 256KiB - # on newer server versions and Windows 11. - # So DATA should be larger than 256 KiB to make this test reliable. - DATA = b"x" * (1024 * 256 + 1) + # Linux >= 6.10 seems buffering up to 17 pages of data. + # So DATA should be large enough to make this test reliable even with a + # 64 KiB page configuration. + DATA = b"x" * (1024 * 17 * 64 + 1) # Reduce socket buffer size to test on relative small data sets. BUF_SIZE = 4 * 1024 # 4 KiB ++++++ sphinx-802.patch ++++++ --- Doc/tools/extensions/pyspecific.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/Doc/tools/extensions/pyspecific.py +++ b/Doc/tools/extensions/pyspecific.py @@ -27,7 +27,13 @@ try: except ImportError: from sphinx.environment import NoUri from sphinx.locale import _ as sphinx_gettext -from sphinx.util import status_iterator, logging +try: + from sphinx.util.display import status_iterator +except ImportError: + # This method was moved into sphinx.util.display in Sphinx 6.1.0. Before + # that it resided in sphinx.util. + from sphinx.util import status_iterator +from sphinx.util import logging from sphinx.util.nodes import split_explicit_title from sphinx.writers.text import TextWriter, TextTranslator from sphinx.writers.latex import LaTeXTranslator
