Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python310 for openSUSE:Factory
checked in at 2024-12-06 14:24:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python310 (Old)
and /work/SRC/openSUSE:Factory/.python310.new.28523 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python310"
Fri Dec 6 14:24:57 2024 rev:55 rq:1228381 version:3.10.16
Changes:
--------
--- /work/SRC/openSUSE:Factory/python310/python310.changes 2024-11-30
13:27:29.100803683 +0100
+++ /work/SRC/openSUSE:Factory/.python310.new.28523/python310.changes
2024-12-06 14:24:58.324926425 +0100
@@ -1,0 +2,30 @@
+Wed Dec 4 21:23:20 UTC 2024 - Matej Cepl <mc...@cepl.eu>
+
+- Update to 3.10.16:
+ - Tests
+ - gh-125041: Re-enable skipped tests for zlib on the
+ s390x architecture: only skip checks of the compressed
+ bytes, which can be different between zlibâs software
+ implementation and the hardware-accelerated implementation.
+ - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS
+ mode. Use a longer key: FIPS mode requires at least of at
+ least 112 bits. The previous key was only 32 bits. Patch by
+ Victor Stinner.
+ - Security
+ - gh-126623: Upgrade libexpat to 2.6.4
+ - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to
+ consistently use the mapped IPv4 address value for deciding
+ properties. Properties which have their behavior fixed are
+ is_multicast, is_reserved, is_link_local, is_global, and
+ is_unspecified (bsc#1233307, CVE-2024-11168).
+ - Library
+ - gh-124651: Properly quote template strings in venv
+ activation scripts (bsc#1232241, CVE-2024-9287).
+ - gh-103848: Add checks to ensure that [ bracketed ] hosts
+ found by urllib.parse.urlsplit() are of IPv6 or IPvFuture
+ format.
+- Removed upstreamed patches:
+ - CVE-2024-9287-venv_path_unquoted.patch
+ - CVE-2024-11168-validation-IPv6-addrs.patch
+
+-------------------------------------------------------------------
Old:
----
CVE-2024-11168-validation-IPv6-addrs.patch
CVE-2024-9287-venv_path_unquoted.patch
Python-3.10.15.tar.xz
Python-3.10.15.tar.xz.asc
New:
----
Python-3.10.16.tar.xz
Python-3.10.16.tar.xz.sigstore
BETA DEBUG BEGIN:
Old: - CVE-2024-9287-venv_path_unquoted.patch
- CVE-2024-11168-validation-IPv6-addrs.patch
Old:- Removed upstreamed patches:
- CVE-2024-9287-venv_path_unquoted.patch
- CVE-2024-11168-validation-IPv6-addrs.patch
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python310.spec ++++++
--- /var/tmp/diff_new_pack.Gtxxwe/_old 2024-12-06 14:24:59.472974639 +0100
+++ /var/tmp/diff_new_pack.Gtxxwe/_new 2024-12-06 14:24:59.472974639 +0100
@@ -108,13 +108,13 @@
# _md5.cpython-38m-x86_64-linux-gnu.so
%define dynlib()
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
Name: %{python_pkg_name}%{psuffix}
-Version: 3.10.15
+Version: 3.10.16
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
URL: https://www.python.org/
Source0:
https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz
-Source1:
https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc
+Source1:
https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore
Source2: baselibs.conf
Source3: README.SUSE
Source7: macros.python3
@@ -204,12 +204,6 @@
# PATCH-FIX-UPSTREAM sphinx-802.patch mc...@suse.com
# status_iterator method moved between the Sphinx versions
Patch28: sphinx-802.patch
-# PATCH-FIX-UPSTREAM CVE-2024-9287-venv_path_unquoted.patch
gh#python/cpython#124651 mc...@suse.com
-# venv should properly quote path names provided when creating a venv
-Patch29: CVE-2024-9287-venv_path_unquoted.patch
-# PATCH-FIX-UPSTREAM CVE-2024-11168-validation-IPv6-addrs.patch bsc#1233307
mc...@suse.com
-# improve validation of IPv6 and IPvFuture addresses in urlparse and urlsplit
-Patch30: CVE-2024-11168-validation-IPv6-addrs.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -493,8 +487,6 @@
%patch -p1 -P 24
%patch -p1 -P 27
%patch -p1 -P 28
-%patch -p1 -P 29
-%patch -p1 -P 30
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++++++ Python-3.10.15.tar.xz -> Python-3.10.16.tar.xz ++++++
/work/SRC/openSUSE:Factory/python310/Python-3.10.15.tar.xz
/work/SRC/openSUSE:Factory/.python310.new.28523/Python-3.10.16.tar.xz differ:
char 27, line 1
++++++ Python-3.10.16.tar.xz.sigstore ++++++
{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json",
"verificationMaterial": {"certificate": {"rawBytes":
"MIICzDCCAlKgAwIBAgIUH4wr+RBSLHxmoLeVWQFWtLrOickwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgzMzQ0WhcNMjQxMjAzMTg0MzQ0WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDu7neWfjmWCoWs4toOwMe5ZS5m/Qod/IAYGdai04Qjx+fJ2JKIML8OXa376wmCRg+1mE5N75M5g55sjeH6AW5KOCAXEwggFtMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUVxcoODLOP6ce+ffWUlBZ8dQpAtAwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjcy6WQAABAMARjBEAiAWKkpOltF6fngTPFPiPrjo6Mnx7DvjTjhy+I9C8a1E8AIgDFHJXkaNO/cRHZCEycDJfdcJrMlDEI+iTAc9GbhJreMwCgYIKoZIzj0EAwMDaAAwZQIwRlcLZ+KTrMXkSOqoeZkRtIMzrMhiRvjoMfcYt7d3zX+t+fDtaywsY
Iu0WSWNtwLuAjEAk1LM0s1c13zn/l9B9I8YMDJxCiUY2ed5AK523TIy75cmH+IYO7XODOD86YSkytvS"},
"tlogEntries": [{"logIndex": "153123526", "logId": {"keyId":
"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind":
"hashedrekord", "version": "0.0.1"}, "integratedTime": "1733250825",
"inclusionPromise": {"signedEntryTimestamp":
"MEUCIBb+3OGEfIJgweBH+795X/kmenmW5L6lzTaW5mU9DN++AiEAni2MKnETeAsGhc8u0W/Y5AuhYKd14TdRvoUw/bWhzjs="},
"inclusionProof": {"logIndex": "31219264", "rootHash":
"EEDRbQekcBvIu2A3f37wAtzpj3Tu+lPYLi9AUyS4FBY=", "treeSize": "31219265",
"hashes": ["jy1RZw1zMvGOhV5pYK21mUnw/3hfyXoogDNhzfMT8uA=",
"t7CZ1TCAQBidKeIL1f3M7Y3VwBYB2DQeG1Sp8X8Mepc=",
"LIvgEWJ5UP1rLp6WPJ2TzjrHAa5MpLpXOdj/yoZvLcM=",
"XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=",
"go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=",
"AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=",
"u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=",
"3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=",
"1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh
0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=",
"4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=",
"gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope":
"rekor.sigstore.dev -
1193050959916656506\n31219265\nEEDRbQekcBvIu2A3f37wAtzpj3Tu+lPYLi9AUyS4FBY=\n\n\u2014
rekor.sigstore.dev
wNI9ajBFAiAnUUia2onArhzOpQclqAm9wBFu32/qoYagpd3PkWeELgIhAPUWvc2y6UP8V2I/ABP9HtsQi208X3nuSI8xunycnmZl\n"}},
"canonicalizedBody":
"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJiZmIyNDk2MDk5OTAyMjA0OTFhMWI5Mjg1MGEwNzEzNWVkMDgzMWU0MTczOGNmNjgxZDYzY2YwMWIyYThmYmQxIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUUQyYW4xbTUvSWl4clZsYVlpcUMxQmpuamc3eG55MTBxVWw5WHhIM2hJSkNRSWhBS1l4YzRNeTNYTndscEdEU25QTTBjU1gxM3ljMGNnN3BTVVZCS2RrOHZMaiIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4TFowRjNTVUpCWjBsVlNEUjNjaXRTUWxOTVNIaHRiMHhsVmxkUlJsZDBUSEpQYVdOcmQwTm5XVWxMYjFw
SmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDZUWHBSTUZkb1kwNU5hbEY0VFdwQmVrMVVaekJOZWxFd1YycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZFZFRkdVpWZG1hbTFYUTI5WGN6UjBiMDkzVFdVMVdsTTFiUzlSYjJRdlNVRlpSMlFLWVdrd05GRnFlQ3RtU2pKS1MwbE5URGhQV0dFek56WjNiVU5TWnlzeGJVVTFUamMxVFRWbk5UVnphbVZJTmtGWE5VdFBRMEZZUlhkblowWjBUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZXZUdOdkNrOUVURTlRTm1ObEsyWm1WMVZzUWxvNFpGRndRWFJCZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qb
HVZa2RWZFZreU9YUk5TVWRLUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJYzBVS1pWRkNNMEZJVlVFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZM2syVjFGQlFRcENRVTFCVW1wQ1JVRnBRVmRMYTNCUGJIUkdObVp1WjFSUVJsQnBVSEpxYnpaTmJuZzNSSFpxVkdwb2VTdEpPVU00WVRGRk9FRkpaMFJHU0VwWWEyRk9Dazh2WTFKSVdrTkZlV05FU21aa1kwcHlUV3hFUlVrcmFWUkJZemxIWW1oS2NtVk5kME5uV1VsTGIxcEplbW93UlVGM1RVUmhRVUYzV2xGSmQxSnNZMHdLV2l0TFZISk5XR3RUVDNGdlpWcHJVblJKVFhweVRXaHBVblpxYjAxbVkxbDBOMlF6ZWxncmRDdG1SSFJoZVhkeldVbDFNRmRUVjA1MGQweDFRV3BGUVFwck1VeE5NSE14WXpFemVtNHZiRGxDT1VrNFdVMUVTbmhEYVZWWk1tVmtOVUZMTlRJelZFbDVOelZqYlVnclNWbFBOMWhQUkU5RU9EWlpVMnQ1ZEhaVENpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]},
"messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest":
"v7JJYJmQIgSRobkoUKBxNe0IMeQXOM9oHWPPAbKo+9E="}, "signature":
"MEYCIQD2an1m5/IixrVlaYiqC1Bjnjg7xny10qUl9XxH3hIJCQIhAKYxc4My3XNwlpGDSnPM0cSX13yc0cg7pSUVBKdk8vLj"}}
