Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python38 for openSUSE:Factory
checked in at 2022-12-09 13:16:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python38 (Old)
and /work/SRC/openSUSE:Factory/.python38.new.1835 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python38"
Fri Dec 9 13:16:47 2022 rev:31 rq:1041645 version:3.8.16
Changes:
--------
--- /work/SRC/openSUSE:Factory/python38/python38.changes 2022-11-12
17:39:57.925738030 +0100
+++ /work/SRC/openSUSE:Factory/.python38.new.1835/python38.changes
2022-12-09 13:16:55.074726590 +0100
@@ -1,0 +2,32 @@
+Thu Dec 8 10:32:15 UTC 2022 - Matej Cepl <mc...@suse.com>
+
+- Update to 3.8.16:
+ - python -m http.server no longer allows terminal
+ control characters sent within a garbage request to be
+ printed to the stderr server log.
+ This is done by changing the http.server
+ BaseHTTPRequestHandler .log_message method to replace control
+ characters with a \xHH hex escape before printing.
+ - Avoid publishing list of active per-interpreter
+ audit hooks via the gc module
+ - The IDNA codec decoder used on DNS hostnames by
+ socket or asyncio related name resolution functions no
+ longer involves a quadratic algorithm. This prevents a
+ potential CPU denial of service if an out-of-spec excessive
+ length hostname involving bidirectional characters were
+ decoded. Some protocols such as urllib http 3xx redirects
+ potentially allow for an attacker to supply such a
+ name (CVE-2022-45061).
+ - Update bundled libexpat to 2.5.0
+ - Port XKCPâs fix for the buffer overflows in SHA-3
+ (CVE-2022-37454).
+ - The deprecated mailcap module now refuses to inject
+ unsafe text (filenames, MIME types, parameters) into shell
+ commands. Instead of using such text, it will warn and act
+ as if a match was not found (or for test commands, as if the
+ test failed).
+- Removed upstream patches:
+ - CVE-2022-37454-sha3-buffer-overflow.patch
+ - CVE-2022-45061-DoS-by-IDNA-decode.patch
+
+-------------------------------------------------------------------
Old:
----
CVE-2022-37454-sha3-buffer-overflow.patch
CVE-2022-45061-DoS-by-IDNA-decode.patch
Python-3.8.15.tar.xz
Python-3.8.15.tar.xz.asc
New:
----
Python-3.8.16.tar.xz
Python-3.8.16.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python38.spec ++++++
--- /var/tmp/diff_new_pack.Gl7hqC/_old 2022-12-09 13:16:56.166732391 +0100
+++ /var/tmp/diff_new_pack.Gl7hqC/_new 2022-12-09 13:16:56.170732412 +0100
@@ -92,7 +92,7 @@
%define dynlib()
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
-Version: 3.8.15
+Version: 3.8.16
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@@ -176,13 +176,6 @@
# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
gh#python/cpython#98366 mc...@suse.com
# this patch makes things totally awesome
Patch38: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
-# PATCH-FIX-UPSTREAM CVE-2022-37454-sha3-buffer-overflow.patch bsc#1204577
mc...@suse.com
-# Fix original buffer overflow
-# Originally from gh#python/cpython#98528
-Patch39: CVE-2022-37454-sha3-buffer-overflow.patch
-# PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244
mc...@suse.com
-# Avoid DoS by decoding IDNA for too long domain names
-Patch40: CVE-2022-45061-DoS-by-IDNA-decode.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -451,8 +444,6 @@
%patch36 -p1
%patch37 -p1
%patch38 -p1
-%patch39 -p1
-%patch40 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++++++ Python-3.8.15.tar.xz -> Python-3.8.16.tar.xz ++++++
/work/SRC/openSUSE:Factory/python38/Python-3.8.15.tar.xz
/work/SRC/openSUSE:Factory/.python38.new.1835/Python-3.8.16.tar.xz differ: char
27, line 1
++++++ platlibdir-in-sys.patch ++++++
--- /var/tmp/diff_new_pack.Gl7hqC/_old 2022-12-09 13:16:56.354733390 +0100
+++ /var/tmp/diff_new_pack.Gl7hqC/_new 2022-12-09 13:16:56.354733390 +0100
@@ -1,19 +1,13 @@
-Index: Python-3.8.15/Python/sysmodule.c
-===================================================================
---- Python-3.8.15.orig/Python/sysmodule.c
-+++ Python-3.8.15/Python/sysmodule.c
-@@ -2979,6 +2979,7 @@ _PySys_InitMain(_PyRuntimeState *runtime
- SET_SYS_FROM_WSTR("base_prefix", config->base_prefix);
- SET_SYS_FROM_WSTR("exec_prefix", config->exec_prefix);
- SET_SYS_FROM_WSTR("base_exec_prefix", config->base_exec_prefix);
-+ SET_SYS_FROM_WSTR("platlibdir", config->platlibdir);
-
- if (config->pycache_prefix != NULL) {
- SET_SYS_FROM_WSTR("pycache_prefix", config->pycache_prefix);
-Index: Python-3.8.15/Include/cpython/initconfig.h
-===================================================================
---- Python-3.8.15.orig/Include/cpython/initconfig.h
-+++ Python-3.8.15/Include/cpython/initconfig.h
+---
+ Include/cpython/initconfig.h | 1 +
+ Lib/test/test_embed.py | 1 +
+ Makefile.pre.in | 5 +++++
+ Python/initconfig.c | 21 +++++++++++++++++++++
+ Python/sysmodule.c | 1 +
+ 5 files changed, 29 insertions(+)
+
+--- a/Include/cpython/initconfig.h
++++ b/Include/cpython/initconfig.h
@@ -381,6 +381,7 @@ typedef struct {
wchar_t *base_prefix; /* sys.base_prefix */
wchar_t *exec_prefix; /* sys.exec_prefix */
@@ -22,10 +16,32 @@
/* --- Parameter only used by Py_Main() ---------- */
-Index: Python-3.8.15/Python/initconfig.c
-===================================================================
---- Python-3.8.15.orig/Python/initconfig.c
-+++ Python-3.8.15/Python/initconfig.c
+--- a/Lib/test/test_embed.py
++++ b/Lib/test/test_embed.py
+@@ -382,6 +382,7 @@ class InitConfigTests(EmbeddingTestsMixi
+ 'exec_prefix': GET_DEFAULT_CONFIG,
+ 'base_exec_prefix': GET_DEFAULT_CONFIG,
+ 'module_search_paths': GET_DEFAULT_CONFIG,
++ 'platlibdir': sys.platlibdir,
+
+ 'site_import': 1,
+ 'bytes_warning': 0,
+--- a/Makefile.pre.in
++++ b/Makefile.pre.in
+@@ -811,6 +811,11 @@ Python/sysmodule.o: $(srcdir)/Python/sys
+ $(MULTIARCH_CPPFLAGS) \
+ -o $@ $(srcdir)/Python/sysmodule.c
+
++Python/initconfig.o: $(srcdir)/Python/initconfig.c
++ $(CC) -c $(PY_CORE_CFLAGS) \
++ -DPLATLIBDIR='"$(platsubdir)"' \
++ -o $@ $(srcdir)/Python/initconfig.c
++
+ $(IO_OBJS): $(IO_H)
+
+ .PHONY: regen-grammar
+--- a/Python/initconfig.c
++++ b/Python/initconfig.c
@@ -596,6 +596,7 @@ PyConfig_Clear(PyConfig *config)
CLEAR(config->base_prefix);
CLEAR(config->exec_prefix);
@@ -96,32 +112,14 @@
DUMP_SYS(executable);
DUMP_SYS(prefix);
DUMP_SYS(exec_prefix);
-Index: Python-3.8.15/Makefile.pre.in
-===================================================================
---- Python-3.8.15.orig/Makefile.pre.in
-+++ Python-3.8.15/Makefile.pre.in
-@@ -811,6 +811,11 @@ Python/sysmodule.o: $(srcdir)/Python/sys
- $(MULTIARCH_CPPFLAGS) \
- -o $@ $(srcdir)/Python/sysmodule.c
-
-+Python/initconfig.o: $(srcdir)/Python/initconfig.c
-+ $(CC) -c $(PY_CORE_CFLAGS) \
-+ -DPLATLIBDIR='"$(platsubdir)"' \
-+ -o $@ $(srcdir)/Python/initconfig.c
-+
- $(IO_OBJS): $(IO_H)
-
- .PHONY: regen-grammar
-Index: Python-3.8.15/Lib/test/test_embed.py
-===================================================================
---- Python-3.8.15.orig/Lib/test/test_embed.py
-+++ Python-3.8.15/Lib/test/test_embed.py
-@@ -382,6 +382,7 @@ class InitConfigTests(EmbeddingTestsMixi
- 'exec_prefix': GET_DEFAULT_CONFIG,
- 'base_exec_prefix': GET_DEFAULT_CONFIG,
- 'module_search_paths': GET_DEFAULT_CONFIG,
-+ 'platlibdir': sys.platlibdir,
+--- a/Python/sysmodule.c
++++ b/Python/sysmodule.c
+@@ -2981,6 +2981,7 @@ _PySys_InitMain(_PyRuntimeState *runtime
+ SET_SYS_FROM_WSTR("base_prefix", config->base_prefix);
+ SET_SYS_FROM_WSTR("exec_prefix", config->exec_prefix);
+ SET_SYS_FROM_WSTR("base_exec_prefix", config->base_exec_prefix);
++ SET_SYS_FROM_WSTR("platlibdir", config->platlibdir);
- 'site_import': 1,
- 'bytes_warning': 0,
+ if (config->pycache_prefix != NULL) {
+ SET_SYS_FROM_WSTR("pycache_prefix", config->pycache_prefix);
