commit python310 for openSUSE:Factory

Source-Sync Sat, 02 Nov 2024 23:17:15 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python310 for openSUSE:Factory 
checked in at 2024-11-03 07:16:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python310 (Old)
 and      /work/SRC/openSUSE:Factory/.python310.new.2020 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "python310"

Sun Nov  3 07:16:58 2024 rev:51 rq:1220124 version:3.10.15

Changes:
--------
--- /work/SRC/openSUSE:Factory/python310/python310.changes      2024-10-25 
19:19:45.506916344 +0200
+++ /work/SRC/openSUSE:Factory/.python310.new.2020/python310.changes    
2024-11-03 07:16:59.874415304 +0100
@@ -1,0 +2,6 @@
+Fri Nov  1 21:38:45 UTC 2024 - Matej Cepl <mc...@cepl.eu>
+
+- Update CVE-2024-9287-venv_path_unquoted.patch according to the
+  upstream PR gh#python/cpython!126301.
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ CVE-2024-9287-venv_path_unquoted.patch ++++++
--- /var/tmp/diff_new_pack.NHBX1v/_old  2024-11-03 07:17:01.218470843 +0100
+++ /var/tmp/diff_new_pack.NHBX1v/_new  2024-11-03 07:17:01.222471007 +0100
@@ -1,32 +1,31 @@
-From b6a3bbd155c558cdcda482629073e492437db3d0 Mon Sep 17 00:00:00 2001
-From: y5c4l3 <y5c...@proton.me>
-Date: Sat, 28 Sep 2024 02:09:07 +0800
-Subject: [PATCH] Quote template strings in `venv` activation scripts
+From 21139b45039a72e8346bdc32d498345ef174ba92 Mon Sep 17 00:00:00 2001
+From: Victor Stinner <vstin...@python.org>
+Date: Fri, 1 Nov 2024 14:11:47 +0100
+Subject: [PATCH] [3.11] gh-124651: Quote template strings in `venv` activation
+ scripts (GH-124712) (GH-126185) (#126269)
 
-This patch properly quotes template strings in `venv` activation
-scripts. This mitigates potential command injection.
-
-Signed-off-by: y5c4l3 <y5c...@proton.me>
+(cherry picked from commit ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97)
 ---
  Lib/test/test_venv.py                                                   |   
81 ++++++++++
  Lib/venv/__init__.py                                                    |   
42 ++++-
- Lib/venv/scripts/common/activate                                        |    
6 
+ Lib/venv/scripts/common/activate                                        |    
8 
  Lib/venv/scripts/nt/activate.bat                                        |    
6 
- Lib/venv/scripts/posix/activate.csh                                     |    
6 
+ Lib/venv/scripts/posix/activate.csh                                     |    
8 
+ Lib/venv/scripts/posix/activate.fish                                    |    
8 
  Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst |    
1 
- 6 files changed, 128 insertions(+), 14 deletions(-)
+ 7 files changed, 134 insertions(+), 20 deletions(-)
  create mode 100644 
Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst
 
 --- a/Lib/test/test_venv.py
 +++ b/Lib/test/test_venv.py
-@@ -10,6 +10,7 @@ import ensurepip
- import os
- import os.path
- import re
-+import shlex
- import shutil
- import struct
+@@ -15,6 +15,7 @@ import struct
  import subprocess
+ import sys
+ import tempfile
++import shlex
+ from test.support import (captured_stdout, captured_stderr, requires_zlib,
+                           skip_if_broken_multiprocessing_synchronize)
+ from test.support.os_helper import (can_symlink, EnvironmentVarGuard, rmtree)
 @@ -85,6 +86,10 @@ class BaseTest(unittest.TestCase):
              result = f.read()
          return result
@@ -178,14 +177,14 @@
          return text
  
      def install_scripts(self, context, path):
-@@ -409,6 +440,7 @@ class EnvBuilder:
+@@ -408,6 +439,7 @@ class EnvBuilder:
+                 with open(srcfile, 'rb') as f:
                      data = f.read()
                  if not srcfile.endswith(('.exe', '.pdb')):
++                    context.script_path = srcfile
                      try:
-+                        context.script_path = srcfile
                          data = data.decode('utf-8')
                          data = self.replace_variables(data, context)
-                         data = data.encode('utf-8')
 --- a/Lib/venv/scripts/common/activate
 +++ b/Lib/venv/scripts/common/activate
 @@ -38,11 +38,11 @@ deactivate () {
@@ -202,15 +201,18 @@
  export PATH
  
  # unset PYTHONHOME if set
-@@ -55,7 +55,7 @@ fi
+@@ -55,9 +55,9 @@ fi
  
  if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then
      _OLD_VIRTUAL_PS1="${PS1:-}"
 -    PS1="__VENV_PROMPT__${PS1:-}"
 +    PS1=__VENV_PROMPT__"${PS1:-}"
      export PS1
-     VIRTUAL_ENV_PROMPT="__VENV_PROMPT__"
+-    VIRTUAL_ENV_PROMPT="__VENV_PROMPT__"
++    VIRTUAL_ENV_PROMPT=__VENV_PROMPT__
      export VIRTUAL_ENV_PROMPT
+ fi
+ 
 --- a/Lib/venv/scripts/nt/activate.bat
 +++ b/Lib/venv/scripts/nt/activate.bat
 @@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE (
@@ -222,27 +224,20 @@
  
  if not defined PROMPT set PROMPT=$P$G
  
-@@ -16,7 +16,7 @@ if defined _OLD_VIRTUAL_PROMPT set PROMP
- if defined _OLD_VIRTUAL_PYTHONHOME set PYTHONHOME=%_OLD_VIRTUAL_PYTHONHOME%
- 
- set _OLD_VIRTUAL_PROMPT=%PROMPT%
--set PROMPT=__VENV_PROMPT__%PROMPT%
-+set "PROMPT=__VENV_PROMPT__%PROMPT%"
- 
- if defined PYTHONHOME set _OLD_VIRTUAL_PYTHONHOME=%PYTHONHOME%
- set PYTHONHOME=
-@@ -24,7 +24,7 @@ set PYTHONHOME=
+@@ -24,8 +24,8 @@ set PYTHONHOME=
  if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH%
  if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH%
  
 -set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%
+-set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__
 +set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%"
- set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__
++set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__"
  
  :END
+ if defined _OLD_CODEPAGE (
 --- a/Lib/venv/scripts/posix/activate.csh
 +++ b/Lib/venv/scripts/posix/activate.csh
-@@ -8,16 +8,16 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA
+@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA
  # Unset irrelevant variables.
  deactivate nondestructive
  
@@ -258,10 +253,43 @@
  
  if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then
 -    set prompt = "__VENV_PROMPT__$prompt"
+-    setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__"
 +    set prompt = __VENV_PROMPT__"$prompt"
-     setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__"
++    setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__
  endif
  
+ alias pydoc python -m pydoc
+--- a/Lib/venv/scripts/posix/activate.fish
++++ b/Lib/venv/scripts/posix/activate.fish
+@@ -33,10 +33,10 @@ end
+ # Unset irrelevant variables.
+ deactivate nondestructive
+ 
+-set -gx VIRTUAL_ENV "__VENV_DIR__"
++set -gx VIRTUAL_ENV __VENV_DIR__
+ 
+ set -gx _OLD_VIRTUAL_PATH $PATH
+-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH
++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH
+ 
+ # Unset PYTHONHOME if set.
+ if set -q PYTHONHOME
+@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT"
+         set -l old_status $status
+ 
+         # Output the venv prompt; color taken from the blue of the Python 
logo.
+-        printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color 
normal)
++        printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal)
+ 
+         # Restore the return status of the previous command.
+         echo "exit $old_status" | .
+@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT"
+     end
+ 
+     set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV"
+-    set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__"
++    set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__
+ end
 --- /dev/null
 +++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst
 @@ -0,0 +1 @@

commit python310 for openSUSE:Factory

Reply via email to