Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python36 for openSUSE:Factory checked in at 2021-03-02 14:43:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python36 (Old) and /work/SRC/openSUSE:Factory/.python36.new.2378 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python36" Tue Mar 2 14:43:10 2021 rev:13 rq:874684 version:3.6.13 Changes: -------- --- /work/SRC/openSUSE:Factory/python36/python36.changes 2021-02-04 20:21:40.182606610 +0100 +++ /work/SRC/openSUSE:Factory/.python36.new.2378/python36.changes 2021-03-02 15:30:32.313976426 +0100 @@ -1,0 +2,42 @@ +Fri Feb 19 17:34:35 UTC 2021 - Matej Cepl <[email protected]> + +Update to 3.6.13, final release of 3.6 branch: + * Security + - bpo#42967 (bsc#1182379, CVE-2021-23336): Fix web cache + poisoning vulnerability by defaulting the query args + separator to &, and allowing the user to choose a custom + separator. + - bpo#42938 (bsc#1181126, CVE-2021-3177): Avoid static + buffers when computing the repr of ctypes.c_double and + ctypes.c_longdouble values. + - bpo#42103: Prevented potential DoS attack via CPU and RAM + exhaustion when processing malformed Apple Property List + files in binary format. + - bpo#42051: The plistlib module no longer accepts entity + declarations in XML plist files to avoid XML + vulnerabilities. This should not affect users as entity + declarations are not used in regular plist files. + - bpo#40791: Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + * Core and Builtins + - bpo#35560: Fix an assertion error in format() in debug + build for floating point formatting with ???n??? format, zero + padding and small width. Release build is not impacted. + Patch by Karthikeyan Singaravelan. + * Library + - bpo#42103: InvalidFileException and RecursionError are now + the only errors caused by loading malformed binary Plist + file (previously ValueError and TypeError could be raised + in some specific cases). + * Tests + - bpo#42794: Update test_nntplib to use offical group name of + news.aioe.org for testing. Patch by Dong-hee Na. + - bpo#41944: Tests for CJK codecs no longer call eval() on + content received via HTTP. +- Patches removed, because they were included in the upstream + tarball: + - CVE-2020-27619-no-eval-http-content.patch + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + +------------------------------------------------------------------- Old: ---- CVE-2020-27619-no-eval-http-content.patch CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch Python-3.6.12.tar.xz Python-3.6.12.tar.xz.asc New: ---- Python-3.6.13.tar.xz Python-3.6.13.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python36.spec ++++++ --- /var/tmp/diff_new_pack.WY0UOK/_old 2021-03-02 15:30:33.193977000 +0100 +++ /var/tmp/diff_new_pack.WY0UOK/_new 2021-03-02 15:30:33.197977003 +0100 @@ -87,7 +87,7 @@ %bcond_with profileopt %endif Name: %{python_pkg_name}%{psuffix} -Version: 3.6.12 +Version: 3.6.13 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -99,15 +99,12 @@ Source7: macros.python3 Source8: import_failed.py Source9: import_failed.map -Source10: pre_checkin.sh Source11: skipped_tests.py Source12: idle3.desktop Source13: idle3.appdata.xml - # Fixed bundled wheels Source20: setuptools-44.1.1-py2.py3-none-any.whl Source21: pip-20.2.3-py2.py3-none-any.whl - # The following files are not used in the build. # They are listed here to work around missing functionality in rpmbuild, # which would otherwise exclude them from distributed src.rpm files. @@ -171,13 +168,6 @@ Patch39: ignore_pip_deprec_warn.patch # PATCH-FIX-UPSTREAM stop calling removed Sphinx function gh#python/cpython#13236 Patch40: sphinx-update-removed-function.patch -# PATCH-FIX-UPSTREAM CVE-2020-27619-no-eval-http-content.patch bsc#1178009 [email protected] -# No longer call eval() on content received via HTTP in the CJK codec tests -Patch41: CVE-2020-27619-no-eval-http-content.patch -# PATCH-FIX-UPSTREAM CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch bsc#1181126 [email protected] -# buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution -Patch42: CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch - BuildRequires: automake BuildRequires: fdupes BuildRequires: gmp-devel @@ -442,8 +432,6 @@ %patch38 -p1 %patch39 -p1 %patch40 -p1 -%patch41 -p1 -%patch42 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac @@ -480,7 +468,7 @@ cd Doc sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py -make %{?_smp_mflags} -j1 html +%make_build -j1 html # Build also devhelp files sphinx-build -a -b devhelp . build/devhelp @@ -517,14 +505,14 @@ --enable-loadable-sqlite-extensions # prevent make from trying to rebuild PYTHON_FOR_GEN stuff -make -t Python/Python-ast.c \ +%make_build -t Python/Python-ast.c \ Include/Python-ast.h \ Objects/typeslots.inc \ Python/opcode_targets.h \ Include/opcode.h %if %{with general} -make %{?_smp_mflags} +%make_build %endif %if %{with base} %if %{with profileopt} @@ -533,7 +521,7 @@ target=all %endif LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ - make %{?_smp_mflags} $target + %make_build $target %endif %endif @@ -577,7 +565,7 @@ # Use timeout, like make target buildbottest # We cannot run tests parallel, because osc build environment doesn???t # have /dev/shm -make %{?_smp_mflags} -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=3000" +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=3000" # use network, be verbose: #make test TESTOPTS="-l -u network -v" %endif ++++++ Python-3.6.12.tar.xz -> Python-3.6.13.tar.xz ++++++ /work/SRC/openSUSE:Factory/python36/Python-3.6.12.tar.xz /work/SRC/openSUSE:Factory/.python36.new.2378/Python-3.6.13.tar.xz differ: char 27, line 1
