Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python313 for openSUSE:Factory checked in at 2026-06-19 16:29:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python313 (Old) and /work/SRC/openSUSE:Factory/.python313.new.1956 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python313" Fri Jun 19 16:29:36 2026 rev:42 rq:1360031 version:3.13.13 Changes: -------- --- /work/SRC/openSUSE:Factory/python313/python313.changes 2026-04-30 20:25:39.719186005 +0200 +++ /work/SRC/openSUSE:Factory/.python313.new.1956/python313.changes 2026-06-19 17:22:10.395719459 +0200 @@ -1,0 +2,14 @@ +Thu Jun 4 16:21:39 UTC 2026 - Matej Cepl <[email protected]> + +- Add test_UDPLITE_support.patch (bsc#1263787, + gh#python/cpython!149081) improving testing for the support of + IPPROTO_UDPLITE, which could be not present although header + files are. + +------------------------------------------------------------------- +Thu Jun 4 16:19:38 UTC 2026 - Matej Cepl <[email protected]> + +- Add missing BR `crypto-policies-scripts` (need for the fix of + bsc#1211301). + +------------------------------------------------------------------- @@ -4,3 +18,4 @@ -- Add CVE-2026-6019-Morsel-js_output.patch protects against HTML - injection by Base64-encoding cookie values embedded in JS - (bsc#1262654, CVE-2026-6019, gh#python/cpython#90309). +- CVE-2026-6019: protect against HTML injection by + Base64-encoding cookie values embedded in JS (bsc#1262654, + gh#python/cpython#90309) + CVE-2026-6019-Morsel-js_output.patch @@ -11,3 +26,3 @@ -- Add CVE-2026-1502-reject-CRLF-HTTP-tunnel.patch which rejects - CR/LF in HTTP tunnel request headers (bsc#1261969, - CVE-2026-1502, gh#python/cpython#146211). +- CVE-2026-1502: reject CR/LF in HTTP tunnel request headers + (bsc#1261969, gh#python/cpython#146211) + CVE-2026-1502-reject-CRLF-HTTP-tunnel.patch @@ -18,3 +33,3 @@ -- Add CVE-2026-4786-webbrowser-open-action.patch, which fixes - webbrowser %action substitution bypass of dash-prefix check - (bsc#1262319, CVE-2026-4786, gh#python/cpython#148169). +- CVE-2026-4786: fix webbrowser %action substitution bypass of + dash-prefix check (bsc#1262319, gh#python/cpython#148169) + CVE-2026-4786-webbrowser-open-action.patch @@ -25,3 +40,3 @@ -- Add CVE-2026-6100-use-after-free-decompression.patch preventing - dangling pointer which can end in the use-after-free error - (CVE-2026-6100, bsc#1262098, gh#python/cpython#148395). +- CVE-2026-6100: prevent dangling pointer, which can end in the + use-after-free error (bsc#1262098, gh#python/cpython#148395) + CVE-2026-6100-use-after-free-decompression.patch New: ---- test_UDPLITE_support.patch ----------(New B)---------- New: - Add test_UDPLITE_support.patch (bsc#1263787, gh#python/cpython!149081) improving testing for the support of ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python313.spec ++++++ --- /var/tmp/diff_new_pack.aUBIhg/_old 2026-06-19 17:22:12.179780814 +0200 +++ /var/tmp/diff_new_pack.aUBIhg/_new 2026-06-19 17:22:12.183780952 +0200 @@ -248,9 +248,13 @@ # PATCH-FIX-UPSTREAM CVE-2026-6019-Morsel-js_output.patch bsc#1262654 [email protected] # Base64-encode cookie values embedded in JS Patch52: CVE-2026-6019-Morsel-js_output.patch +# PATCH-FIX-OPENSUSE test_UDPLITE_support.patch gh#python/cpython#149078 [email protected] +# improve testing of the presence of IPPROTO_UDPLITE support +Patch53: test_UDPLITE_support.patch #### END OF PATCHES BuildRequires: autoconf-archive BuildRequires: automake +BuildRequires: crypto-policies-scripts BuildRequires: fdupes BuildRequires: gmp-devel BuildRequires: lzma-devel @@ -902,6 +906,19 @@ rm %{buildroot}%{_mandir}/man1/python%{python_version}.1* %endif +# Deal with python3 shebangs +echo Fix shebangs +for f in %{buildroot}%{sitedir}/turtledemo/*.py ; do + if [ -f "$f" -a -x "$f" -a -w "$f" ] + then + # in i586, sed fails when following symlinks to long paths, so + # changing to the target directory avoid this problem + cd "$(dirname "$f")" + sed -i --follow-symlinks "1s@#\\!.*python\\S*@#\\!%{_bindir}/python%{python_abi}@" "$(basename "$f")" + cd - + fi +done + %endif # For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.aUBIhg/_old 2026-06-19 17:22:12.287784529 +0200 +++ /var/tmp/diff_new_pack.aUBIhg/_new 2026-06-19 17:22:12.291784666 +0200 @@ -1,6 +1,6 @@ -mtime: 1777300647 -commit: bbc280a9ae987a9b2860fcf4498b7b3d76070801a5acb1b9f0f7f8180dcb6015 +mtime: 1781393469 +commit: eb6e39cdf99d0e2e3905f3ad6c5560ea993140e4e9a52c2ee9e440a54817261c url: https://src.opensuse.org/python-interpreters/python313 -revision: bbc280a9ae987a9b2860fcf4498b7b3d76070801a5acb1b9f0f7f8180dcb6015 +revision: eb6e39cdf99d0e2e3905f3ad6c5560ea993140e4e9a52c2ee9e440a54817261c projectscmsync: https://src.opensuse.org/python-interpreters/_ObsPrj ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-14 01:31:09.000000000 +0200 @@ -0,0 +1,6 @@ +.osc +*.obscpio +*.osc +_build.* +.pbuild +python313-*-build/ ++++++ pass-test_write_read_limited_history.patch ++++++ --- /var/tmp/diff_new_pack.aUBIhg/_old 2026-06-19 17:22:12.571794296 +0200 +++ /var/tmp/diff_new_pack.aUBIhg/_new 2026-06-19 17:22:12.575794434 +0200 @@ -2,10 +2,10 @@ Modules/readline.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) -Index: Python-3.13.9/Modules/readline.c +Index: Python-3.13.13/Modules/readline.c =================================================================== ---- Python-3.13.9.orig/Modules/readline.c 2025-10-14 15:52:31.000000000 +0200 -+++ Python-3.13.9/Modules/readline.c 2025-11-20 00:46:45.594286346 +0100 +--- Python-3.13.13.orig/Modules/readline.c 2026-04-07 20:19:01.000000000 +0200 ++++ Python-3.13.13/Modules/readline.c 2026-04-16 20:41:51.671384000 +0200 @@ -175,6 +175,8 @@ return PyUnicode_DecodeLocale(s, "surrogateescape"); } ++++++ python313-rpmlintrc ++++++ --- /var/tmp/diff_new_pack.aUBIhg/_old 2026-06-19 17:22:12.627796222 +0200 +++ /var/tmp/diff_new_pack.aUBIhg/_new 2026-06-19 17:22:12.631796360 +0200 @@ -1,5 +1,6 @@ -addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") -addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") -addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.c") -addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") +addFilter("pem-certificate.*/usr/lib.*/python.*/test/.*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/.*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/.*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/.*.cpp") +addFilter("python-bytecode-inconsistent-mtime /usr/lib.*/__pycache__/.*\.pyc") ++++++ test_UDPLITE_support.patch ++++++ --- Lib/test/test_socket.py | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) Index: Python-3.14.4/Lib/test/test_socket.py =================================================================== --- Python-3.14.4.orig/Lib/test/test_socket.py 2026-04-27 22:32:58.390808080 +0200 +++ Python-3.14.4/Lib/test/test_socket.py 2026-04-27 22:51:31.284375485 +0200 @@ -168,6 +168,22 @@ return (cid is not None) +def _have_socket_udplite(): + """Check whether UDPLITE sockets are supported on this host.""" + if not hasattr(socket, "IPPROTO_UDPLITE"): + return False + # Older Android versions block UDPLITE with SELinux. + if support.is_android and platform.android_ver().api_level < 29: + return False + try: + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDPLITE) + except (AttributeError, OSError): + return False + else: + s.close() + return True + + def _have_socket_bluetooth(): """Check whether AF_BLUETOOTH sockets are supported on this host.""" try: @@ -245,10 +261,7 @@ HAVE_SOCKET_VSOCK = _have_socket_vsock() -# Older Android versions block UDPLITE with SELinux. -HAVE_SOCKET_UDPLITE = ( - hasattr(socket, "IPPROTO_UDPLITE") - and not (support.is_android and platform.android_ver().api_level < 29)) +HAVE_SOCKET_UDPLITE = _have_socket_udplite() HAVE_SOCKET_BLUETOOTH = _have_socket_bluetooth()
