Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-idna for openSUSE:Factory checked in at 2026-05-20 16:47:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-idna (Old) and /work/SRC/openSUSE:Factory/.python-idna.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-idna" Wed May 20 16:47:58 2026 rev:22 rq:1353725 version:3.15 Changes: -------- --- /work/SRC/openSUSE:Factory/python-idna/python-idna.changes 2026-04-28 11:53:16.257791483 +0200 +++ /work/SRC/openSUSE:Factory/.python-idna.new.1966/python-idna.changes 2026-05-20 16:48:27.766027658 +0200 @@ -1,0 +2,23 @@ +Sun May 17 21:35:56 UTC 2026 - Dirk Müller <[email protected]> + +- update to 3.15 (bsc#1265413, CVE-2026-45409): + * Enforce DNS-length cap on individual labels early in + `check_label`, short-circuiting contextual-rule processing for + oversized input while staying compatible with UTS 46 usage. + * Tidy core helpers: hoist bidi category sets to module-level + * frozensets (avoiding per-codepoint list construction), + simplify length checks, and reuse the shared `_unicode_dots_re` + from `idna.core` in the codec module. + * Use `raise ... from err` for proper exception chaining and + switch internal string formatting to f-strings. + * Allow `flit_core` 4.x in the build backend. + * Expand the ruff lint set (flake8-bugbear, flake8-simplify, + * pyupgrade, perflint) and apply the surfaced fixes; pin lint + to Python 3.14. + * Reference CVE-2026-45409 for the 3.14 advisory in place of + the initial GHSA identifier. + * Removed opportunity to process long inputs into quadratic + * time by rejecting oversize inputs up-front. Closes a bypass + * of the CVE-2024-3651 mitigation. [CVE-2026-45409] + +------------------------------------------------------------------- Old: ---- idna-3.13.tar.gz New: ---- idna-3.15.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-idna.spec ++++++ --- /var/tmp/diff_new_pack.1zmHnH/_old 2026-05-20 16:48:28.586061538 +0200 +++ /var/tmp/diff_new_pack.1zmHnH/_new 2026-05-20 16:48:28.594061868 +0200 @@ -18,7 +18,7 @@ %{?sle15_python_module_pythons} Name: python-idna -Version: 3.13 +Version: 3.15 Release: 0 Summary: Internationalized Domain Names in Applications (IDNA) License: BSD-3-Clause @@ -27,8 +27,6 @@ Source0: https://files.pythonhosted.org/packages/source/i/idna/idna-%{version}.tar.gz BuildRequires: %{python_module flit-core >= 3.11} BuildRequires: %{python_module pip} -BuildRequires: %{python_module setuptools} -BuildRequires: %{python_module wheel} BuildRequires: fdupes BuildRequires: python-rpm-macros >= 20220106.80d3756 BuildArch: noarch @@ -60,7 +58,7 @@ %files %{python_files} %license LICENSE.md -%doc README.rst HISTORY.rst +%doc README.md HISTORY.md %{python_sitelib}/idna %{python_sitelib}/idna-%{version}*-info ++++++ idna-3.13.tar.gz -> idna-3.15.tar.gz ++++++ ++++ 2190 lines of diff (skipped)
