Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package micropython for openSUSE:Factory checked in at 2025-10-23 16:35:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/micropython (Old) and /work/SRC/openSUSE:Factory/.micropython.new.1980 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "micropython" Thu Oct 23 16:35:50 2025 rev:23 rq:1313040 version:1.26.0 Changes: -------- --- /work/SRC/openSUSE:Factory/micropython/micropython.changes 2025-08-15 21:54:15.465602109 +0200 +++ /work/SRC/openSUSE:Factory/.micropython.new.1980/micropython.changes 2025-10-23 16:36:47.520742294 +0200 @@ -1,0 +2,5 @@ +Wed Oct 22 12:19:48 UTC 2025 - Dominik Heidler <[email protected]> + +- Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438 + +------------------------------------------------------------------- New: ---- mbedtls-3.6.5.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ micropython.spec ++++++ --- /var/tmp/diff_new_pack.qRwUpY/_old 2025-10-23 16:36:49.276816316 +0200 +++ /var/tmp/diff_new_pack.qRwUpY/_new 2025-10-23 16:36:49.284816653 +0200 @@ -27,6 +27,7 @@ URL: https://micropython.org/ Source0: %{name}-%{version}.tar.xz Source1: prepare.sh +Source2: https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-3.6.5/mbedtls-3.6.5.tar.bz2#/mbedtls-3.6.5.tar.bz2 BuildRequires: openssl BuildRequires: pkgconfig BuildRequires: python3 @@ -65,12 +66,15 @@ Also mpy-tool for inspecting .mpy files. %prep -%autosetup -p1 +%autosetup -p1 -a2 sed -i -e "s:/usr/lib/micropython:%{_prefix}/lib/micropython:g" "ports/unix/main.c" %define make_flags V=1 MICROPY_PY_BTREE=0 MICROPY_PY_USSL=0 +rm -rf lib/mbedtls +mv mbedtls-3.6.5 lib/mbedtls + %build # micropython export CFLAGS="%optflags -Wno-dangling-pointer"
