commit python311 for openSUSE:Factory

Source-Sync Thu, 06 Jul 2023 14:02:49 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python311 for openSUSE:Factory 
checked in at 2023-07-06 18:27:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python311 (Old)
 and      /work/SRC/openSUSE:Factory/.python311.new.23466 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "python311"

Thu Jul  6 18:27:44 2023 rev:20 rq:1096536 version:3.11.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/python311/python311.changes      2023-06-28 
21:33:12.385805736 +0200
+++ /work/SRC/openSUSE:Factory/.python311.new.23466/python311.changes   
2023-07-06 18:27:45.814810800 +0200
@@ -1,0 +2,30 @@
+Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl <mc...@suse.com>
+
+- Update to Python 3.11.4:
+  - gh-103142: The version of OpenSSL used in Windows and
+    Mac installers has been upgraded to 1.1.1u to address
+    CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
+    as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
+    fixed previously in 1.1.1t (gh-101727).
+  - gh-102153: urllib.parse.urlsplit() now strips leading C0
+    control and space characters following the specification for
+    URLs defined by WHATWG in response to CVE-2023-24329
+    (bsc#1208471).
+  - gh-99889: Fixed a security in flaw in uu.decode() that could
+    allow for directory traversal based on the input if no
+    out_file was specified.
+  - gh-104049: Do not expose the local on-disk
+    location in directory indexes produced by
+    http.client.SimpleHTTPRequestHandler.
+  - gh-103935: trace.__main__ now uses io.open_code() for files
+    to be executed instead of raw open().
+  - gh-102953: The extraction methods in tarfile, and
+    shutil.unpack_archive(), have a new filter argument that
+    allows limiting tar features than may be surprising or
+    dangerous, such as creating files outside the destination
+    directory. See Extraction filters for details (fixing
+    CVE-2007-4559, bsc#1203750).
+- Remove upstreamed patches:
+  - CVE-2007-4559-filter-tarfile_extractall.patch
+
+-------------------------------------------------------------------

Old:
----
  CVE-2007-4559-filter-tarfile_extractall.patch
  Python-3.11.3.tar.xz
  Python-3.11.3.tar.xz.asc

New:
----
  Python-3.11.4.tar.xz
  Python-3.11.4.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python311.spec ++++++
--- /var/tmp/diff_new_pack.wk0EmX/_old  2023-07-06 18:27:47.422820673 +0200
+++ /var/tmp/diff_new_pack.wk0EmX/_new  2023-07-06 18:27:47.430820722 +0200
@@ -94,7 +94,7 @@
 %define dynlib() 
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 %bcond_without profileopt
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.11.3
+Version:        3.11.4
 Release:        0
 Summary:        Python 3 Interpreter
 License:        Python-2.0
@@ -157,9 +157,6 @@
 # PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 
mc...@suse.com
 # Makes Python resilient to changes of API of libexpat
 Patch36:        support-expat-CVE-2022-25236-patched.patch
-# PATCH-FIX-UPSTREAM CVE-2007-4559-filter-tarfile_extractall.patch bsc#1203750 
mc...@suse.com
-# PEP 706 â Filter for tarfile.extractall
-Patch37:        CVE-2007-4559-filter-tarfile_extractall.patch
 # PATCH-FIX-UPSTREAM 103213-fetch-CONFIG_ARGS.patch gh#python/cpython#103053 
mc...@suse.com
 # Fetch CONFIG_ARGS from original python instance
 Patch38:        103213-fetch-CONFIG_ARGS.patch
@@ -424,7 +421,6 @@
 %endif
 %patch35 -p1
 %patch36 -p1
-%patch37 -p1
 %patch38 -p1
 %patch39 -p1
 

++++++ Python-3.11.3.tar.xz -> Python-3.11.4.tar.xz ++++++
/work/SRC/openSUSE:Factory/python311/Python-3.11.3.tar.xz 
/work/SRC/openSUSE:Factory/.python311.new.23466/Python-3.11.4.tar.xz differ: 
char 27, line 1

++++++ fix_configure_rst.patch ++++++
--- /var/tmp/diff_new_pack.wk0EmX/_old  2023-07-06 18:27:47.534821360 +0200
+++ /var/tmp/diff_new_pack.wk0EmX/_new  2023-07-06 18:27:47.538821384 +0200
@@ -29,7 +29,7 @@
     Create a Python.framework rather than a traditional Unix install. Optional
 --- a/Misc/NEWS
 +++ b/Misc/NEWS
-@@ -7809,7 +7809,7 @@ C API
+@@ -8105,7 +8105,7 @@ C API
  - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
  
  - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name


++++++ subprocess-raise-timeout.patch ++++++
--- /var/tmp/diff_new_pack.wk0EmX/_old  2023-07-06 18:27:47.638821999 +0200
+++ /var/tmp/diff_new_pack.wk0EmX/_new  2023-07-06 18:27:47.642822023 +0200
@@ -4,7 +4,7 @@
 
 --- a/Lib/test/test_subprocess.py
 +++ b/Lib/test/test_subprocess.py
-@@ -278,7 +278,8 @@ class ProcessTestCase(BaseTestCase):
+@@ -279,7 +279,8 @@ class ProcessTestCase(BaseTestCase):
                       "time.sleep(3600)"],
                      # Some heavily loaded buildbots (sparc Debian 3.x) require
                      # this much time to start and print.

commit python311 for openSUSE:Factory

Reply via email to