Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-nltk for openSUSE:Factory checked in at 2026-03-07 20:09:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-nltk (Old) and /work/SRC/openSUSE:Factory/.python-nltk.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-nltk" Sat Mar 7 20:09:54 2026 rev:21 rq:1337382 version:3.9.3 Changes: -------- --- /work/SRC/openSUSE:Factory/python-nltk/python-nltk.changes 2026-02-19 14:25:26.159841038 +0100 +++ /work/SRC/openSUSE:Factory/.python-nltk.new.8177/python-nltk.changes 2026-03-07 20:14:43.767779065 +0100 @@ -1,0 +2,24 @@ +Thu Mar 5 10:59:50 UTC 2026 - Markéta Machová <[email protected]> + +- Update to 3.9.3 (CVE-2026-0847, bsc#1259232) + * Update download checksums to use SHA256 in built index + * Fix percentage escape in new-style string formatting + * replace shortened URLs using goo.gl + * Make Wordnet interoperable with various taggers and tagged corpora + * Fix saving PerceptronTagger + * Document how to reproduce old Wordnet studies + * properly initialize Portuguese corpus reader + * support for mixed rules conversion into Chomsky Normal Form + * only import tkinter if a GUI is needed + * issue #2112 with Corenlp + * new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL + * Lesk defaults to most frequent sense in case of ties + * Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader + * Block path traversal/arbitrary reads in nltk.data for protocol-less refs + * Block path traversal/abs paths in corpus readers and FS pointers + * Validate external StanfordSegmenter JARs using SHA256 + * Add optional sandbox enforcement for filestring() + * Maintenance: downloader/zipped models, CI/tooling updates +- Drop merged CVE-2025-14009.patch + +------------------------------------------------------------------- Old: ---- CVE-2025-14009.patch nltk-3.9.1.obscpio New: ---- nltk-3.9.3.obscpio ----------(Old B)---------- Old: * Maintenance: downloader/zipped models, CI/tooling updates - Drop merged CVE-2025-14009.patch ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-nltk.spec ++++++ --- /var/tmp/diff_new_pack.HEAHGY/_old 2026-03-07 20:14:44.675816628 +0100 +++ /var/tmp/diff_new_pack.HEAHGY/_new 2026-03-07 20:14:44.679816793 +0100 @@ -19,7 +19,7 @@ %define modname nltk %{?sle15_python_module_pythons} Name: python-nltk -Version: 3.9.1 +Version: 3.9.3 Release: 0 Summary: Natural Language Toolkit License: Apache-2.0 @@ -65,8 +65,6 @@ ############################ # Source1: nltk_data.tar.xz Source99: python-nltk.rpmlintrc -# PATCH-FIX-UPSTREAM CVE-2025-14009.patch gh#nltk/nltk#3468 -Patch0: CVE-2025-14009.patch BuildRequires: %{python_module base >= 3.7} BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools} ++++++ _service ++++++ --- /var/tmp/diff_new_pack.HEAHGY/_old 2026-03-07 20:14:44.727818779 +0100 +++ /var/tmp/diff_new_pack.HEAHGY/_new 2026-03-07 20:14:44.731818944 +0100 @@ -3,8 +3,8 @@ <param name="url">https://github.com/nltk/nltk</param> <param name="scm">git</param> <param name="exclude">web/*</param> - <param name="version">3.9.1</param> - <param name="revision">3.9.1</param> + <param name="version">3.9.3</param> + <param name="revision">3.9.3</param> </service> <service mode="manual" name="set_version" /> <service mode="buildtime" name="tar" /> ++++++ nltk-3.9.1.obscpio -> nltk-3.9.3.obscpio ++++++ ++++ 10413 lines of diff (skipped) ++++++ nltk.obsinfo ++++++ --- /var/tmp/diff_new_pack.HEAHGY/_old 2026-03-07 20:14:45.559853198 +0100 +++ /var/tmp/diff_new_pack.HEAHGY/_new 2026-03-07 20:14:45.567853529 +0100 @@ -1,5 +1,5 @@ name: nltk -version: 3.9.1 -mtime: 1724010420 -commit: aca78cb2add4084f76b9eac921d8a73927d7a086 +version: 3.9.3 +mtime: 1771933726 +commit: 4154eb85e832f266660a09286c7e37e308292284
