Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python36 for openSUSE:Factory
checked in at 2021-09-20 23:32:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python36 (Old)
and /work/SRC/openSUSE:Factory/.python36.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python36"
Mon Sep 20 23:32:03 2021 rev:20 rq:919164 version:3.6.15
Changes:
--------
--- /work/SRC/openSUSE:Factory/python36/python36.changes 2021-09-11
22:24:13.055368102 +0200
+++ /work/SRC/openSUSE:Factory/.python36.new.1899/python36.changes
2021-09-20 23:32:27.443122001 +0200
@@ -1,0 +2,17 @@
+Wed Sep 15 11:30:35 UTC 2021 - Matej Cepl <mc...@suse.com>
+
+- Update to 3.6.15:
+ - bpo-43124: Made the internal putcmd function in smtplib
+ sanitize input for presence of \r and \n characters to avoid
+ (unlikely) command injection. Library
+ - bpo-45001: Made email date parsing more robust against
+ malformed input, namely a whitespace-only Date: header. Patch
+ by Wouter Bolsterlee. Tests
+ - bpo-38965: Fix test_faulthandler on GCC 10. Use the
+ ???volatile??? keyword in faulthandler._stack_overflow() to
+ prevent tail call optimization on any compiler, rather than
+ relying on compiler specific pragma.
+- Remove upstreamed patches:
+ - faulthandler_stack_overflow_on_GCC10.patch
+
+-------------------------------------------------------------------
@@ -12,3 +29,3 @@
- - bpo-44022 (boo#1189241): mod:http.client now avoids
- infinitely reading potential HTTP headers after a 100
- Continue status response from the server.
+ - bpo-44022 (bsc#1189241, CVE-2021-3737): mod:http.client now
+ avoids infinitely reading potential HTTP headers after
+ a 100 Continue status response from the server.
@@ -20,3 +37,3 @@
- - bpo-42988: CVE-2021-3426: Remove the getfile feature of the
- pydoc module which could be abused to read arbitrary files on
- the disk (directory traversal vulnerability). Moreover, even
+ - bpo-42988 (CVE-2021-3426, bsc#1183374): Remove the getfile feature
+ of the pydoc module which could be abused to read arbitrary files
+ on the disk (directory traversal vulnerability). Moreover, even
@@ -33,6 +50,7 @@
- - bpo-43075: Fix Regular Expression Denial of Service (ReDoS)
- vulnerability in urllib.request.AbstractBasicAuthHandler. The
- ReDoS-vulnerable regex has quadratic worst-case complexity
- and it allows cause a denial of service when identifying
- crafted invalid RFCs. This ReDoS issue is on the client side
- and needs remote attackers to control the HTTP server.
+ - bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular Expression
+ Denial of Service (ReDoS) vulnerability in
+ urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable
+ regex has quadratic worst-case complexity and it allows cause
+ a denial of service when identifying crafted invalid RFCs. This
+ ReDoS issue is on the client side and needs remote attackers to
+ control the HTTP server.
Old:
----
Python-3.6.14.tar.xz
Python-3.6.14.tar.xz.asc
faulthandler_stack_overflow_on_GCC10.patch
New:
----
Python-3.6.15.tar.xz
Python-3.6.15.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python36.spec ++++++
--- /var/tmp/diff_new_pack.hDKBQO/_old 2021-09-20 23:32:29.031123963 +0200
+++ /var/tmp/diff_new_pack.hDKBQO/_new 2021-09-20 23:32:29.035123968 +0200
@@ -87,7 +87,7 @@
%bcond_with profileopt
%endif
Name: %{python_pkg_name}%{psuffix}
-Version: 3.6.14
+Version: 3.6.15
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@@ -108,7 +108,8 @@
# The following files are not used in the build.
# They are listed here to work around missing functionality in rpmbuild,
# which would otherwise exclude them from distributed src.rpm files.
-Source99: https://www.python.org/static/files/pubkeys.txt#/python.keyring
+# Originally from
https://www.python.org/static/files/pubkeys.txt#/python.keyring
+Source99: python.keyring
Source100: PACKAGING-NOTES
# implement "--record-rpm" option for distutils installations
Patch01: Python-3.0b1-record-rpm.patch
@@ -160,9 +161,6 @@
Patch36: riscv64-support.patch
# PATCH-FIX-UPSTREAM riscv64-ctypes.patch bpo-35847: RISC-V needs
CTYPES_PASS_BY_REF_HACK (GH-11694)
Patch37: riscv64-ctypes.patch
-# PATCH-FIX-UPSTREAM faulthandler._stack_overflow_on_GCC10.patch bpo#38965
mc...@suse.com
-# Fix faulthandler._stack_overflow() on GCC 10
-Patch38: faulthandler_stack_overflow_on_GCC10.patch
# PATCH-FIX-UPSTREAM ignore_pip_deprec_warn.patch mc...@suse.com
# Ignore deprecation warning for old version of pip
Patch39: ignore_pip_deprec_warn.patch
@@ -430,7 +428,6 @@
%patch35 -p1
%patch36 -p1
%patch37 -p1
-%patch38 -p1
%patch39 -p1
%patch40 -p1
%patch41 -p1
++++++ Python-3.6.14.tar.xz -> Python-3.6.15.tar.xz ++++++
/work/SRC/openSUSE:Factory/python36/Python-3.6.14.tar.xz
/work/SRC/openSUSE:Factory/.python36.new.1899/Python-3.6.15.tar.xz differ: char
25, line 1
