Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python310 for openSUSE:Factory
checked in at 2023-07-24 18:12:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python310 (Old)
and /work/SRC/openSUSE:Factory/.python310.new.1467 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python310"
Mon Jul 24 18:12:32 2023 rev:34 rq:1099501 version:3.10.12
Changes:
--------
--- /work/SRC/openSUSE:Factory/python310/python310.changes 2023-06-30
19:58:40.461572851 +0200
+++ /work/SRC/openSUSE:Factory/.python310.new.1467/python310.changes
2023-07-24 18:13:10.589638655 +0200
@@ -1,0 +2,15 @@
+Wed Jul 19 11:15:39 UTC 2023 - Matej Cepl <mc...@suse.com>
+
+- Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for
+ stabilizing FLAG_REF usage (required for reproduceability;
+ bsc#1213463).
+
+-------------------------------------------------------------------
+Tue Jul 11 07:35:18 UTC 2023 - Matej Cepl <mc...@suse.com>
+
+- (bsc#1210638, CVE-2023-27043) Add
+ CVE-2023-27043-email-parsing-errors.patch, which detects email
+ address parsing errors and returns empty tuple to indicate the
+ parsing error (old API).
+
+-------------------------------------------------------------------
New:
----
gh-78214-marshal_stabilize_FLAG_REF.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python310.spec ++++++
--- /var/tmp/diff_new_pack.rsiOFp/_old 2023-07-24 18:13:11.589644540 +0200
+++ /var/tmp/diff_new_pack.rsiOFp/_new 2023-07-24 18:13:11.597644588 +0200
@@ -168,7 +168,14 @@
Patch36: support-expat-CVE-2022-25236-patched.patch
# PATCH-FIX-UPSTREAM bpo-37596-make-set-marshalling.patch bsc#1211765
mc...@suse.com
# Make `set` and `frozenset` marshalling deterministic
-Patch39: bpo-37596-make-set-marshalling.patch
+Patch38: bpo-37596-make-set-marshalling.patch
+# PATCH-FIX-UPSTREAM gh-78214-marshal_stabilize_FLAG_REF.patch bsc#1213463
mc...@suse.com
+# marshal: Stabilize FLAG_REF usage
+Patch39: gh-78214-marshal_stabilize_FLAG_REF.patch
+# # PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638
mc...@suse.com
+# # Detect email address parsing errors and return empty tuple to
+# # indicate the parsing error (old API)
+# Patch40: CVE-2023-27043-email-parsing-errors.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -440,6 +447,7 @@
%endif
%patch35 -p1
%patch36 -p1
+%patch38 -p1
%patch39 -p1
# drop Autoconf version requirement
++++++ gh-78214-marshal_stabilize_FLAG_REF.patch ++++++
>From 6c8ea7c1dacd42f3ba00440231ec0e6b1a38300d Mon Sep 17 00:00:00 2001
From: Inada Naoki <songofaca...@gmail.com>
Date: Sat, 14 Jul 2018 00:46:11 +0900
Subject: [PATCH] Use FLAG_REF always for interned strings
---
Python/marshal.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/Python/marshal.c
+++ b/Python/marshal.c
@@ -298,9 +298,14 @@ w_ref(PyObject *v, char *flag, WFILE *p)
if (p->version < 3 || p->hashtable == NULL)
return 0; /* not writing object references */
- /* if it has only one reference, it definitely isn't shared */
- if (Py_REFCNT(v) == 1)
+ /* If it has only one reference, it definitely isn't shared.
+ * But we use TYPE_REF always for interned string, to PYC file stable
+ * as possible.
+ */
+ if (Py_REFCNT(v) == 1 &&
+ !(PyUnicode_CheckExact(v) && PyUnicode_CHECK_INTERNED(v))) {
return 0;
+ }
entry = _Py_hashtable_get_entry(p->hashtable, v);
if (entry != NULL) {
