Hello community, here is the log from the commit of package python-reportlab for openSUSE:Leap:15.2 checked in at 2020-03-01 08:50:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/python-reportlab (Old) and /work/SRC/openSUSE:Leap:15.2/.python-reportlab.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-reportlab" Sun Mar 1 08:50:44 2020 rev:12 rq:769215 version:3.4.0 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/python-reportlab/python-reportlab.changes 2020-01-15 15:52:37.947570016 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.python-reportlab.new.26092/python-reportlab.changes 2020-03-01 08:50:45.469199720 +0100 @@ -1,0 +2,9 @@ +Wed Jan 22 17:10:15 CET 2020 - Matej Cepl <mc...@suse.com> + +- Add make_toColor_safe.patch fixing bsc#1154370 (CVE-2019-17626) + restrict reportlab.lib.color.toColor to protect against unsafe + input. +- Rebase other patches: drop-requirements.patch and + reportlab-missing-includes.patch + +------------------------------------------------------------------- New: ---- make_toColor_safe.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-reportlab.spec ++++++ --- /var/tmp/diff_new_pack.lkigA1/_old 2020-03-01 08:50:46.041200859 +0100 +++ /var/tmp/diff_new_pack.lkigA1/_new 2020-03-01 08:50:46.041200859 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-reportlab # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,26 +12,27 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # -%bcond_without tests - %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define oldpython python +%bcond_without tests Name: python-reportlab Version: 3.4.0 Release: 0 -Url: http://www.reportlab.com/ Summary: The Reportlab Toolkit License: BSD-3-Clause Group: Development/Languages/Python +URL: https://www.reportlab.com/ Source: https://files.pythonhosted.org/packages/source/r/reportlab/reportlab-%{version}.tar.gz Patch0: reportlab-missing-includes.patch # PATCH-FIX-UPSTREAM drop unneeded requirements https://bitbucket.org/rptlab/reportlab/issues/113 Patch1: drop-requirements.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build +# PATCH-FIX-UPSTREAM} make_toColor_safe.patch bsc#1154370 mc...@suse.com +# make toColor function safer, CVE-2019-17626 +Patch2: make_toColor_safe.patch BuildRequires: %{python_module Pillow} BuildRequires: %{python_module devel} BuildRequires: %{python_module setuptools} @@ -55,8 +56,8 @@ %prep %setup -q -n reportlab-%{version} -%patch0 -%patch1 -p1 +%autopatch -p1 + sed -i "1d" src/reportlab/lib/{formatters,fonts,corp,units,pagesizes,__init__,randomtext,logger,normalDate}.py sed -i "1d" src/reportlab/graphics/{widgets/table,barcode/test,testdrawings,testshapes}.py # Fix non-executable bits @@ -75,8 +76,7 @@ %endif %files %{python_files} -%defattr(-,root,root,-) -%doc LICENSE.txt +%license LICENSE.txt %doc CHANGES.md README.txt %{python_sitearch}/reportlab/ %{python_sitearch}/reportlab-%{version}-py*.egg-info ++++++ drop-requirements.patch ++++++ --- /var/tmp/diff_new_pack.lkigA1/_old 2020-03-01 08:50:46.057200890 +0100 +++ /var/tmp/diff_new_pack.lkigA1/_new 2020-03-01 08:50:46.061200898 +0100 @@ -1,7 +1,5 @@ -Index: reportlab-3.4.0/setup.py -=================================================================== ---- reportlab-3.4.0.orig/setup.py -+++ reportlab-3.4.0/setup.py +--- a/setup.py ++++ b/setup.py @@ -539,7 +539,7 @@ def main(): ], ++++++ make_toColor_safe.patch ++++++ ++++ 1841 lines (skipped) ++++++ reportlab-missing-includes.patch ++++++ --- /var/tmp/diff_new_pack.lkigA1/_old 2020-03-01 08:50:46.077200930 +0100 +++ /var/tmp/diff_new_pack.lkigA1/_new 2020-03-01 08:50:46.081200938 +0100 @@ -1,7 +1,5 @@ -Index: src/rl_addons/renderPM/gt1/gt1-namecontext.c -=================================================================== ---- src/rl_addons/renderPM/gt1/gt1-namecontext.c.orig -+++ src/rl_addons/renderPM/gt1/gt1-namecontext.c +--- a/src/rl_addons/renderPM/gt1/gt1-namecontext.c ++++ b/src/rl_addons/renderPM/gt1/gt1-namecontext.c @@ -1,6 +1,10 @@ /* A module for a simple "name context", i.e. lisp-style atoms */
