Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-aiosmtpd for openSUSE:Factory
checked in at 2024-05-21 18:35:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-aiosmtpd (Old)
and /work/SRC/openSUSE:Factory/.python-aiosmtpd.new.1880 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-aiosmtpd"
Tue May 21 18:35:15 2024 rev:15 rq:1175330 version:1.4.6
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-aiosmtpd/python-aiosmtpd.changes
2024-04-02 16:45:10.267062559 +0200
+++
/work/SRC/openSUSE:Factory/.python-aiosmtpd.new.1880/python-aiosmtpd.changes
2024-05-21 18:35:39.652669472 +0200
@@ -1,0 +2,6 @@
+Mon May 20 11:20:49 UTC 2024 - Daniel Garcia <daniel.gar...@suse.com>
+
+- Update to 1.4.6 (bsc#1224467, CVE-2024-34083):
+ * STARTTLS is now fully enforced if used.
+
+-------------------------------------------------------------------
Old:
----
aiosmtpd-1.4.5.tar.gz
New:
----
aiosmtpd-1.4.6.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-aiosmtpd.spec ++++++
--- /var/tmp/diff_new_pack.f64VzP/_old 2024-05-21 18:35:40.500700508 +0200
+++ /var/tmp/diff_new_pack.f64VzP/_new 2024-05-21 18:35:40.500700508 +0200
@@ -18,7 +18,7 @@
%{?sle15_python_module_pythons}
Name: python-aiosmtpd
-Version: 1.4.5
+Version: 1.4.6
Release: 0
Summary: SMTP server based on asyncio
License: Apache-2.0
++++++ aiosmtpd-1.4.5.tar.gz -> aiosmtpd-1.4.6.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aiosmtpd-1.4.5/.github/workflows/auto-merge.yml
new/aiosmtpd-1.4.6/.github/workflows/auto-merge.yml
--- old/aiosmtpd-1.4.5/.github/workflows/auto-merge.yml 2024-03-04
17:19:44.000000000 +0100
+++ new/aiosmtpd-1.4.6/.github/workflows/auto-merge.yml 2024-05-18
13:17:30.000000000 +0200
@@ -12,7 +12,7 @@
steps:
- name: Dependabot metadata
id: metadata
- uses: dependabot/fetch-metadata@v1.6.0
+ uses: dependabot/fetch-metadata@v2.1.0
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Enable auto-merge for Dependabot PRs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aiosmtpd-1.4.5/README.rst
new/aiosmtpd-1.4.6/README.rst
--- old/aiosmtpd-1.4.5/README.rst 2024-03-04 17:19:44.000000000 +0100
+++ new/aiosmtpd-1.4.6/README.rst 2024-05-18 13:17:30.000000000 +0200
@@ -317,6 +317,8 @@
+-------------------------+----------------+----------------------------------+
| ``E309 FD82 73BD 8465`` | Wayne Werner | waynejwerner at gmail period com |
+-------------------------+----------------+----------------------------------+
+| ``5FE9 28CD 9626 CE2B`` | Sam Bull | sam at sambull period org |
++-------------------------+----------------+----------------------------------+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aiosmtpd-1.4.5/aiosmtpd/__init__.py
new/aiosmtpd-1.4.6/aiosmtpd/__init__.py
--- old/aiosmtpd-1.4.5/aiosmtpd/__init__.py 2024-03-04 17:19:44.000000000
+0100
+++ new/aiosmtpd-1.4.6/aiosmtpd/__init__.py 2024-05-18 13:17:30.000000000
+0200
@@ -4,7 +4,7 @@
import warnings
-__version__ = "1.4.5"
+__version__ = "1.4.6"
def _get_or_new_eventloop() -> asyncio.AbstractEventLoop:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aiosmtpd-1.4.5/aiosmtpd/controller.py
new/aiosmtpd-1.4.6/aiosmtpd/controller.py
--- old/aiosmtpd-1.4.5/aiosmtpd/controller.py 2024-03-04 17:19:44.000000000
+0100
+++ new/aiosmtpd-1.4.6/aiosmtpd/controller.py 2024-05-18 13:17:30.000000000
+0200
@@ -253,7 +253,7 @@
self.loop.close()
self.server = None
- def start(self):
+ def start(self) -> None:
"""
Start a thread and run the asyncio event loop in that thread
"""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aiosmtpd-1.4.5/aiosmtpd/docs/NEWS.rst
new/aiosmtpd-1.4.6/aiosmtpd/docs/NEWS.rst
--- old/aiosmtpd-1.4.5/aiosmtpd/docs/NEWS.rst 2024-03-04 17:19:44.000000000
+0100
+++ new/aiosmtpd-1.4.6/aiosmtpd/docs/NEWS.rst 2024-05-18 13:17:30.000000000
+0200
@@ -4,6 +4,10 @@
.. towncrier release notes start
+1.4.6 (2024-05-18)
+==================
+
+* STARTTLS is now fully enforced if used.
1.4.5 (2024-03-02)
==================
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aiosmtpd-1.4.5/aiosmtpd/docs/_exts/autoprogramm.py
new/aiosmtpd-1.4.6/aiosmtpd/docs/_exts/autoprogramm.py
--- old/aiosmtpd-1.4.5/aiosmtpd/docs/_exts/autoprogramm.py 2024-03-04
17:19:44.000000000 +0100
+++ new/aiosmtpd-1.4.6/aiosmtpd/docs/_exts/autoprogramm.py 2024-05-18
13:17:30.000000000 +0200
@@ -304,7 +304,7 @@
usage_strip: bool,
usage_codeblock: bool,
epilog: Optional[str],
- options_title: str,
+ options_title: Optional[str],
options_adornment: str,
):
if usage_strip:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aiosmtpd-1.4.5/aiosmtpd/docs/requirements.txt
new/aiosmtpd-1.4.6/aiosmtpd/docs/requirements.txt
--- old/aiosmtpd-1.4.5/aiosmtpd/docs/requirements.txt 2024-03-04
17:19:44.000000000 +0100
+++ new/aiosmtpd-1.4.6/aiosmtpd/docs/requirements.txt 2024-05-18
13:17:30.000000000 +0200
@@ -1,6 +1,6 @@
-r ../../requirements.txt
### Sphinx deps
-sphinx==7.2.6
+sphinx==7.3.7
sphinx-autofixture==0.4.0
sphinx_rtd_theme==2.0.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aiosmtpd-1.4.5/aiosmtpd/smtp.py
new/aiosmtpd-1.4.6/aiosmtpd/smtp.py
--- old/aiosmtpd-1.4.5/aiosmtpd/smtp.py 2024-03-04 17:19:44.000000000 +0100
+++ new/aiosmtpd-1.4.6/aiosmtpd/smtp.py 2024-05-18 13:17:30.000000000 +0200
@@ -504,6 +504,9 @@
self._reader._transport = transport # type: ignore[attr-defined]
self._writer._transport = transport # type: ignore[attr-defined]
self.transport = transport
+ # Discard any leftover unencrypted data
+ # See https://tools.ietf.org/html/rfc3207#page-7
+ self._reader._buffer.clear() # type: ignore[attr-defined]
# Do SSL certificate checking as rfc3207 part 4.1 says. Why is
# _extra a protected attribute?
assert self._tls_protocol is not None
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aiosmtpd-1.4.5/requirements-dev.txt
new/aiosmtpd-1.4.6/requirements-dev.txt
--- old/aiosmtpd-1.4.5/requirements-dev.txt 2024-03-04 17:19:44.000000000
+0100
+++ new/aiosmtpd-1.4.6/requirements-dev.txt 2024-05-18 13:17:30.000000000
+0200
@@ -7,14 +7,14 @@
flake8-2020==1.8.1
flake8-annotations-complexity==0.0.8
flake8-bandit==4.1.1
-flake8-bugbear==24.2.6
-flake8-builtins==2.2.0
+flake8-bugbear==24.4.26
+flake8-builtins==2.5.0
flake8-comprehensions==3.14.0
flake8-copyright==0.2.4
flake8-import-order==0.18.2
-flake8-pytest-style==1.7.2
-flake8-requirements==2.1.0
+flake8-pytest-style==2.0.0
+flake8-requirements==2.2.0
flake8-simplify==0.21.0
-mypy==1.8.0
-types-colorama==0.4.15.20240205
-types-docutils==0.20.0.20240227
+mypy==1.10.0
+types-colorama==0.4.15.20240311
+types-docutils==0.21.0.20240423
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aiosmtpd-1.4.5/requirements.txt
new/aiosmtpd-1.4.6/requirements.txt
--- old/aiosmtpd-1.4.5/requirements.txt 2024-03-04 17:19:44.000000000 +0100
+++ new/aiosmtpd-1.4.6/requirements.txt 2024-05-18 13:17:30.000000000 +0200
@@ -1,7 +1,7 @@
-atpublic==4.0
+atpublic==4.1.0
attrs==23.2.0
-coverage==7.4.3
-pytest==8.0.2
-pytest-asyncio==0.23.5
-pytest-cov==4.1.0
-pytest-mock==3.12.0
+coverage==7.5.1
+pytest==8.2.0
+pytest-asyncio==0.23.6
+pytest-cov==5.0.0
+pytest-mock==3.14.0
