Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python38 for openSUSE:Factory 
checked in at 2022-12-09 13:16:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python38 (Old)
 and      /work/SRC/openSUSE:Factory/.python38.new.1835 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python38"

Fri Dec  9 13:16:47 2022 rev:31 rq:1041645 version:3.8.16

Changes:
--------
--- /work/SRC/openSUSE:Factory/python38/python38.changes        2022-11-12 
17:39:57.925738030 +0100
+++ /work/SRC/openSUSE:Factory/.python38.new.1835/python38.changes      
2022-12-09 13:16:55.074726590 +0100
@@ -1,0 +2,32 @@
+Thu Dec  8 10:32:15 UTC 2022 - Matej Cepl <mc...@suse.com>
+
+- Update to 3.8.16:
+  - python -m http.server no longer allows terminal
+    control characters sent within a garbage request to be
+    printed to the stderr server log.
+    This is done by changing the http.server
+    BaseHTTPRequestHandler .log_message method to replace control
+    characters with a \xHH hex escape before printing.
+  - Avoid publishing list of active per-interpreter
+    audit hooks via the gc module
+  - The IDNA codec decoder used on DNS hostnames by
+    socket or asyncio related name resolution functions no
+    longer involves a quadratic algorithm. This prevents a
+    potential CPU denial of service if an out-of-spec excessive
+    length hostname involving bidirectional characters were
+    decoded. Some protocols such as urllib http 3xx redirects
+    potentially allow for an attacker to supply such a
+    name (CVE-2022-45061).
+  - Update bundled libexpat to 2.5.0
+  - Port XKCP’s fix for the buffer overflows in SHA-3
+    (CVE-2022-37454).
+  - The deprecated mailcap module now refuses to inject
+    unsafe text (filenames, MIME types, parameters) into shell
+    commands. Instead of using such text, it will warn and act
+    as if a match was not found (or for test commands, as if the
+    test failed).
+- Removed upstream patches:
+  - CVE-2022-37454-sha3-buffer-overflow.patch
+  - CVE-2022-45061-DoS-by-IDNA-decode.patch
+
+-------------------------------------------------------------------

Old:
----
  CVE-2022-37454-sha3-buffer-overflow.patch
  CVE-2022-45061-DoS-by-IDNA-decode.patch
  Python-3.8.15.tar.xz
  Python-3.8.15.tar.xz.asc

New:
----
  Python-3.8.16.tar.xz
  Python-3.8.16.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python38.spec ++++++
--- /var/tmp/diff_new_pack.Gl7hqC/_old  2022-12-09 13:16:56.166732391 +0100
+++ /var/tmp/diff_new_pack.Gl7hqC/_new  2022-12-09 13:16:56.170732412 +0100
@@ -92,7 +92,7 @@
 %define dynlib() 
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 %bcond_without profileopt
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.8.15
+Version:        3.8.16
 Release:        0
 Summary:        Python 3 Interpreter
 License:        Python-2.0
@@ -176,13 +176,6 @@
 # PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch 
gh#python/cpython#98366 mc...@suse.com
 # this patch makes things totally awesome
 Patch38:        98437-sphinx.locale._-as-gettext-in-pyspecific.patch
-# PATCH-FIX-UPSTREAM CVE-2022-37454-sha3-buffer-overflow.patch bsc#1204577 
mc...@suse.com
-# Fix original buffer overflow
-# Originally from gh#python/cpython#98528
-Patch39:        CVE-2022-37454-sha3-buffer-overflow.patch
-# PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244 
mc...@suse.com
-# Avoid DoS by decoding IDNA for too long domain names
-Patch40:        CVE-2022-45061-DoS-by-IDNA-decode.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -451,8 +444,6 @@
 %patch36 -p1
 %patch37 -p1
 %patch38 -p1
-%patch39 -p1
-%patch40 -p1
 
 # drop Autoconf version requirement
 sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac

++++++ Python-3.8.15.tar.xz -> Python-3.8.16.tar.xz ++++++
/work/SRC/openSUSE:Factory/python38/Python-3.8.15.tar.xz 
/work/SRC/openSUSE:Factory/.python38.new.1835/Python-3.8.16.tar.xz differ: char 
27, line 1

++++++ platlibdir-in-sys.patch ++++++
--- /var/tmp/diff_new_pack.Gl7hqC/_old  2022-12-09 13:16:56.354733390 +0100
+++ /var/tmp/diff_new_pack.Gl7hqC/_new  2022-12-09 13:16:56.354733390 +0100
@@ -1,19 +1,13 @@
-Index: Python-3.8.15/Python/sysmodule.c
-===================================================================
---- Python-3.8.15.orig/Python/sysmodule.c
-+++ Python-3.8.15/Python/sysmodule.c
-@@ -2979,6 +2979,7 @@ _PySys_InitMain(_PyRuntimeState *runtime
-     SET_SYS_FROM_WSTR("base_prefix", config->base_prefix);
-     SET_SYS_FROM_WSTR("exec_prefix", config->exec_prefix);
-     SET_SYS_FROM_WSTR("base_exec_prefix", config->base_exec_prefix);
-+    SET_SYS_FROM_WSTR("platlibdir", config->platlibdir);
- 
-     if (config->pycache_prefix != NULL) {
-         SET_SYS_FROM_WSTR("pycache_prefix", config->pycache_prefix);
-Index: Python-3.8.15/Include/cpython/initconfig.h
-===================================================================
---- Python-3.8.15.orig/Include/cpython/initconfig.h
-+++ Python-3.8.15/Include/cpython/initconfig.h
+---
+ Include/cpython/initconfig.h |    1 +
+ Lib/test/test_embed.py       |    1 +
+ Makefile.pre.in              |    5 +++++
+ Python/initconfig.c          |   21 +++++++++++++++++++++
+ Python/sysmodule.c           |    1 +
+ 5 files changed, 29 insertions(+)
+
+--- a/Include/cpython/initconfig.h
++++ b/Include/cpython/initconfig.h
 @@ -381,6 +381,7 @@ typedef struct {
      wchar_t *base_prefix;       /* sys.base_prefix */
      wchar_t *exec_prefix;       /* sys.exec_prefix */
@@ -22,10 +16,32 @@
  
      /* --- Parameter only used by Py_Main() ---------- */
  
-Index: Python-3.8.15/Python/initconfig.c
-===================================================================
---- Python-3.8.15.orig/Python/initconfig.c
-+++ Python-3.8.15/Python/initconfig.c
+--- a/Lib/test/test_embed.py
++++ b/Lib/test/test_embed.py
+@@ -382,6 +382,7 @@ class InitConfigTests(EmbeddingTestsMixi
+         'exec_prefix': GET_DEFAULT_CONFIG,
+         'base_exec_prefix': GET_DEFAULT_CONFIG,
+         'module_search_paths': GET_DEFAULT_CONFIG,
++        'platlibdir': sys.platlibdir,
+ 
+         'site_import': 1,
+         'bytes_warning': 0,
+--- a/Makefile.pre.in
++++ b/Makefile.pre.in
+@@ -811,6 +811,11 @@ Python/sysmodule.o: $(srcdir)/Python/sys
+               $(MULTIARCH_CPPFLAGS) \
+               -o $@ $(srcdir)/Python/sysmodule.c
+ 
++Python/initconfig.o: $(srcdir)/Python/initconfig.c
++      $(CC) -c $(PY_CORE_CFLAGS) \
++              -DPLATLIBDIR='"$(platsubdir)"' \
++              -o $@ $(srcdir)/Python/initconfig.c
++
+ $(IO_OBJS): $(IO_H)
+ 
+ .PHONY: regen-grammar
+--- a/Python/initconfig.c
++++ b/Python/initconfig.c
 @@ -596,6 +596,7 @@ PyConfig_Clear(PyConfig *config)
      CLEAR(config->base_prefix);
      CLEAR(config->exec_prefix);
@@ -96,32 +112,14 @@
      DUMP_SYS(executable);
      DUMP_SYS(prefix);
      DUMP_SYS(exec_prefix);
-Index: Python-3.8.15/Makefile.pre.in
-===================================================================
---- Python-3.8.15.orig/Makefile.pre.in
-+++ Python-3.8.15/Makefile.pre.in
-@@ -811,6 +811,11 @@ Python/sysmodule.o: $(srcdir)/Python/sys
-               $(MULTIARCH_CPPFLAGS) \
-               -o $@ $(srcdir)/Python/sysmodule.c
- 
-+Python/initconfig.o: $(srcdir)/Python/initconfig.c
-+      $(CC) -c $(PY_CORE_CFLAGS) \
-+              -DPLATLIBDIR='"$(platsubdir)"' \
-+              -o $@ $(srcdir)/Python/initconfig.c
-+
- $(IO_OBJS): $(IO_H)
- 
- .PHONY: regen-grammar
-Index: Python-3.8.15/Lib/test/test_embed.py
-===================================================================
---- Python-3.8.15.orig/Lib/test/test_embed.py
-+++ Python-3.8.15/Lib/test/test_embed.py
-@@ -382,6 +382,7 @@ class InitConfigTests(EmbeddingTestsMixi
-         'exec_prefix': GET_DEFAULT_CONFIG,
-         'base_exec_prefix': GET_DEFAULT_CONFIG,
-         'module_search_paths': GET_DEFAULT_CONFIG,
-+        'platlibdir': sys.platlibdir,
+--- a/Python/sysmodule.c
++++ b/Python/sysmodule.c
+@@ -2981,6 +2981,7 @@ _PySys_InitMain(_PyRuntimeState *runtime
+     SET_SYS_FROM_WSTR("base_prefix", config->base_prefix);
+     SET_SYS_FROM_WSTR("exec_prefix", config->exec_prefix);
+     SET_SYS_FROM_WSTR("base_exec_prefix", config->base_exec_prefix);
++    SET_SYS_FROM_WSTR("platlibdir", config->platlibdir);
  
-         'site_import': 1,
-         'bytes_warning': 0,
+     if (config->pycache_prefix != NULL) {
+         SET_SYS_FROM_WSTR("pycache_prefix", config->pycache_prefix);
 

Reply via email to