Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python311 for openSUSE:Factory
checked in at 2024-12-06 14:24:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python311 (Old)
and /work/SRC/openSUSE:Factory/.python311.new.28523 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python311"
Fri Dec 6 14:24:50 2024 rev:45 rq:1228380 version:3.11.11
Changes:
--------
--- /work/SRC/openSUSE:Factory/python311/python311.changes 2024-12-04
15:26:24.567429496 +0100
+++ /work/SRC/openSUSE:Factory/.python311.new.28523/python311.changes
2024-12-06 14:24:53.184710548 +0100
@@ -1,0 +2,25 @@
+Wed Dec 4 21:40:41 UTC 2024 - Matej Cepl <mc...@cepl.eu>
+
+- Update to 3.11.11:
+ - Tools/Demos
+ - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15
+ and multissltests to use 3.0.15, 3.1.7, and 3.2.3.
+ - Tests
+ - gh-125041: Re-enable skipped tests for zlib on the
+ s390x architecture: only skip checks of the compressed
+ bytes, which can be different between zlibâs software
+ implementation and the hardware-accelerated implementation.
+ - Security
+ - gh-126623: Upgrade libexpat to 2.6.4
+ - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to
+ consistently use the mapped IPv4 address value for deciding
+ properties. Properties which have their behavior fixed are
+ is_multicast, is_reserved, is_link_local, is_global, and
+ is_unspecified.
+ - Library
+ - gh-124651: Properly quote template strings in venv
+ activation scripts (bsc#1232241, CVE-2024-9287).
+- Removed upstreamed patches:
+ - CVE-2024-9287-venv_path_unquoted.patch
+
+-------------------------------------------------------------------
Old:
----
CVE-2024-9287-venv_path_unquoted.patch
Python-3.11.10.tar.xz
Python-3.11.10.tar.xz.asc
New:
----
Python-3.11.11.tar.xz
Python-3.11.11.tar.xz.sigstore
BETA DEBUG BEGIN:
Old:- Removed upstreamed patches:
- CVE-2024-9287-venv_path_unquoted.patch
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python311.spec ++++++
--- /var/tmp/diff_new_pack.02xoSh/_old 2024-12-06 14:24:54.504765987 +0100
+++ /var/tmp/diff_new_pack.02xoSh/_new 2024-12-06 14:24:54.508766155 +0100
@@ -100,13 +100,13 @@
%define dynlib()
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
-Version: 3.11.10
+Version: 3.11.11
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
URL: https://www.python.org/
Source0:
https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz
-Source1:
https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc
+Source1:
https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore
Source2: baselibs.conf
Source3: README.SUSE
Source4: externally_managed.in
@@ -179,9 +179,6 @@
# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch
gh#python/cpython#120226 mc...@suse.com
# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10
(GH-120227)
Patch22: gh120226-fix-sendfile-test-kernel-610.patch
-# PATCH-FIX-UPSTREAM CVE-2024-9287-venv_path_unquoted.patch
gh#python/cpython#124651 mc...@suse.com
-# venv should properly quote path names provided when creating a venv
-Patch23: CVE-2024-9287-venv_path_unquoted.patch
# PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch
gh#python/cpython#30939 glaub...@suse.com
Patch24: add-loongarch64-support.patch
BuildRequires: autoconf-archive
@@ -446,7 +443,6 @@
%patch -p1 -P 17
%patch -p1 -P 19
%patch -p1 -P 22
-%patch -p1 -P 23
%patch -p1 -P 24
# drop Autoconf version requirement
++++++ Python-3.11.10.tar.xz -> Python-3.11.11.tar.xz ++++++
/work/SRC/openSUSE:Factory/python311/Python-3.11.10.tar.xz
/work/SRC/openSUSE:Factory/.python311.new.28523/Python-3.11.11.tar.xz differ:
char 27, line 1
++++++ Python-3.11.11.tar.xz.sigstore ++++++
{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json",
"verificationMaterial": {"certificate": {"rawBytes":
"MIICzDCCAlOgAwIBAgIUWcRolJPsPmtJKA6VkjHSj7PtjY8wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgxOTA1WhcNMjQxMjAzMTgyOTA1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEN+fBJCRZIAZiWPBdjyQVD+x5vgmjuuVct1HkPHIBMuEe7wI4mBG2BhJ3fHkpr97efIH6ELMmPV99edyAIZFXR6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkutZdHfCCSvGI87mjnBRwZB8ihYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjb9QlwAABAMARzBFAiEA4ddSINhYM+p0+DGzRqnA8rVtJF9YgI+9znXiq9fqQNkCIEErcSnQmN8jjErhwWWtcTM5GgH4ka/uk5kdHTycwxj3MAoGCCqGSM49BAMDA2cAMGQCMFmkCEH2pCBpFeFiUi2uA4opcJP6vh/zqb+D0tbxqd+jwbBkuDxDq
A9/Ao3UWop+twIwO9o71KAlYWPSPYMeZERM4R8zWlp9mVJPiK3tgOJJi40MNmxwtfsQeQtncqiQLBAH"},
"tlogEntries": [{"logIndex": "153122039", "logId": {"keyId":
"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind":
"hashedrekord", "version": "0.0.1"}, "integratedTime": "1733249946",
"inclusionPromise": {"signedEntryTimestamp":
"MEUCIBL9zpVJtljIuZtAe8uptLfDmakmbAjy5ELp2q8WJTQ7AiEAv6lIpyJZycHwTS+JHYJFzMVv0SmA8yQ0eMneBivMhPY="},
"inclusionProof": {"logIndex": "31217777", "rootHash":
"BMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=", "treeSize": "31217778",
"hashes": ["lrr8dxmtgD09fnZTo1tMTY00HNKc2ZIpbZa1djDeTes=",
"yFxGSg1RDbtZ/eNftnMdBJGNEZmmLyx2ZRDFtAIMHAk=",
"GeqsQGnvgc+gcuaIC+vQ5b0RdTyBxBnYTpbeW2AeD+Q=",
"dMTPeN/a9xCQQP+Hz7sddW0pPj8n54sfkhcf3XhjrMM=",
"XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=",
"go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=",
"AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=",
"u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=",
"3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV
8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=",
"oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=",
"4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=",
"gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope":
"rekor.sigstore.dev -
1193050959916656506\n31217778\nBMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=\n\n\u2014
rekor.sigstore.dev
wNI9ajBEAiA7ed0HqugBwVpmxDAR1VN35J91/+DeRdj09y5lFY+bRwIgYe07JnZlJvp3MfAMXX3i4XBsZoDRZoXtwfBaRj/8x8s=\n"}},
"canonicalizedBody":
"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYTk5MjBjN2EwY2QyMzZkZTMzNjQ0ZWQ5ODBhMTNjYmJjMjEwNThiZmRjNTI4ZmViYjYwODE1NzVlZDczYmUzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRU5KSGllaWs5WkVibW83a0p4ZUhWY2FvVDVYOUxyWG1zRTVxc1I5R1JpSEFpRUFtcHZyV21vUHF5YzRpQ09VYXVmY3dKTllMK1lPTWU0b0NOaWRLVGduT1FBPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlYyTlNiMnhLVUhO
UWJYUktTMEUyVm10cVNGTnFOMUIwYWxrNGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDRUMVJCTVZkb1kwNU5hbEY0VFdwQmVrMVVaM2xQVkVFeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZPSzJaQ1NrTlNXa2xCV21sWFVFSmthbmxSVmtRcmVEVjJaMjFxZFhWV1kzUXhTR3NLVUVoSlFrMTFSV1UzZDBrMGJVSkhNa0pvU2pObVNHdHdjamszWldaSlNEWkZURTF0VUZZNU9XVmtlVUZKV2taWVVqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyZFhSYUNtUklaa05EVTNaSFNUZzNiV3B1UWxKM1drSTRhV2haZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQyS
mhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZamxSYkhkQlFRcENRVTFCVW5wQ1JrRnBSVUUwWkdSVFNVNW9XVTByY0RBclJFZDZVbkZ1UVRoeVZuUktSamxaWjBrck9YcHVXR2x4T1daeFVVNXJRMGxGUlhKalUyNVJDbTFPT0dwcVJYSm9kMWRYZEdOVVRUVkhaMGcwYTJFdmRXczFhMlJJVkhsamQzaHFNMDFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUdiV3NLUTBWSU1uQkRRbkJHWlVacFZXa3lkVUUwYjNCalNsQTJkbWd2ZW5GaUswUXdkR0o0Y1dRcmFuZGlRbXQxUkhoRWNVRTVMMEZ2TTFWWGIzQXJkSGRKZHdwUE9XODNNVXRCYkZsWFVGTlFXVTFsV2tWU1RUUlNPSHBYYkhBNWJWWktVR2xMTTNSblQwcEthVFF3VFU1dGVIZDBabk5SWlZGMGJtTnhhVkZNUWtGSUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]},
"messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest":
"Kpkgx6DNI23jNkTtmAoTy7whBYv9xSj+u2CBV17XO+M="}, "signature":
"MEUCIENJHieik9ZEbmo7kJxeHVcaoT5X9LrXmsE5qsR9GRiHAiEAmpvrWmoPqyc4iCOUaufcwJNYL+YOMe4oCNidKTgnOQA="}}
