Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python310 for openSUSE:Factory
checked in at 2023-08-06 16:29:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python310 (Old)
and /work/SRC/openSUSE:Factory/.python310.new.22712 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python310"
Sun Aug 6 16:29:12 2023 rev:35 rq:1102193 version:3.10.12
Changes:
--------
--- /work/SRC/openSUSE:Factory/python310/python310.changes 2023-07-24
18:13:10.589638655 +0200
+++ /work/SRC/openSUSE:Factory/.python310.new.22712/python310.changes
2023-08-06 16:29:13.831570412 +0200
@@ -1,0 +2,7 @@
+Thu Aug 3 14:13:30 UTC 2023 - Matej Cepl <mc...@suse.com>
+
+- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
+ partially reverting CVE-2023-27043-email-parsing-errors.patch,
+ because of the regression in gh#python/cpython#106669.
+
+-------------------------------------------------------------------
New:
----
CVE-2023-27043-email-parsing-errors.patch
Revert-gh105127-left-tests.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python310.spec ++++++
--- /var/tmp/diff_new_pack.5JFBm2/_old 2023-08-06 16:29:15.767582812 +0200
+++ /var/tmp/diff_new_pack.5JFBm2/_new 2023-08-06 16:29:15.775582863 +0200
@@ -172,10 +172,14 @@
# PATCH-FIX-UPSTREAM gh-78214-marshal_stabilize_FLAG_REF.patch bsc#1213463
mc...@suse.com
# marshal: Stabilize FLAG_REF usage
Patch39: gh-78214-marshal_stabilize_FLAG_REF.patch
-# # PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638
mc...@suse.com
-# # Detect email address parsing errors and return empty tuple to
-# # indicate the parsing error (old API)
-# Patch40: CVE-2023-27043-email-parsing-errors.patch
+# PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638
mc...@suse.com
+# Detect email address parsing errors and return empty tuple to
+# indicate the parsing error (old API), from gh#python/cpython!105127
+# Patch carries a REGRESSION (gh#python/cpython#106669), so it has been also
partially REVERTED
+Patch40: CVE-2023-27043-email-parsing-errors.patch
+# PATCH-FIX-UPSTREAM Revert-gh105127-left-tests.patch bsc#1210638
mc...@suse.com
+# Partially revert previous patch
+Patch41: Revert-gh105127-left-tests.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -449,6 +453,8 @@
%patch36 -p1
%patch38 -p1
%patch39 -p1
+%patch40 -p1
+%patch41 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
++++++ CVE-2023-27043-email-parsing-errors.patch ++++++
---
Doc/library/email.utils.rst |
26 +++
Lib/email/utils.py |
63 +++++++
Lib/test/test_email/test_email.py |
81 +++++++++-
Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst |
4
4 files changed, 164 insertions(+), 10 deletions(-)
Index: Python-3.10.12/Doc/library/email.utils.rst
===================================================================
--- Python-3.10.12.orig/Doc/library/email.utils.rst
+++ Python-3.10.12/Doc/library/email.utils.rst
@@ -67,6 +67,11 @@ of the new API.
*email address* parts. Returns a tuple of that information, unless the
parse
fails, in which case a 2-tuple of ``('', '')`` is returned.
+ .. versionchanged:: 3.12
+ For security reasons, addresses that were ambiguous and could parse into
+ multiple different addresses now cause ``('', '')`` to be returned
+ instead of only one of the *potential* addresses.
+
.. function:: formataddr(pair, charset='utf-8')
@@ -89,7 +94,7 @@ of the new API.
This method returns a list of 2-tuples of the form returned by
``parseaddr()``.
*fieldvalues* is a sequence of header field values as might be returned by
:meth:`Message.get_all <email.message.Message.get_all>`. Here's a simple
- example that gets all the recipients of a message::
+ example that gets all the recipients of a message:
from email.utils import getaddresses
@@ -99,6 +104,25 @@ of the new API.
resent_ccs = msg.get_all('resent-cc', [])
all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs)
+ When parsing fails for a single fieldvalue, a 2-tuple of ``('', '')``
+ is returned in its place. Other errors in parsing the list of
+ addresses such as a fieldvalue seemingly parsing into multiple
+ addresses may result in a list containing a single empty 2-tuple
+ ``[('', '')]`` being returned rather than returning potentially
+ invalid output.
+
+ Example malformed input parsing:
+
+ .. doctest::
+
+ >>> from email.utils import getaddresses
+ >>> getaddresses(['al...@example.com <b...@example.com>',
'm...@example.com'])
+ [('', '')]
+
+ .. versionchanged:: 3.12
+ The 2-tuple of ``('', '')`` in the returned values when parsing
+ fails were added as to address a security issue.
+
.. function:: parsedate(date)
Index: Python-3.10.12/Lib/email/utils.py
===================================================================
--- Python-3.10.12.orig/Lib/email/utils.py
+++ Python-3.10.12/Lib/email/utils.py
@@ -106,12 +106,54 @@ def formataddr(pair, charset='utf-8'):
return address
+def _pre_parse_validation(email_header_fields):
+ accepted_values = []
+ for v in email_header_fields:
+ s = v.replace('\\(', '').replace('\\)', '')
+ if s.count('(') != s.count(')'):
+ v = "('', '')"
+ accepted_values.append(v)
+
+ return accepted_values
+
+
+def _post_parse_validation(parsed_email_header_tuples):
+ accepted_values = []
+ # The parser would have parsed a correctly formatted domain-literal
+ # The existence of an [ after parsing indicates a parsing failure
+ for v in parsed_email_header_tuples:
+ if '[' in v[1]:
+ v = ('', '')
+ accepted_values.append(v)
+
+ return accepted_values
+
def getaddresses(fieldvalues):
- """Return a list of (REALNAME, EMAIL) for each fieldvalue."""
- all = COMMASPACE.join(str(v) for v in fieldvalues)
+ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue.
+
+ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in
+ its place.
+
+ If the resulting list of parsed address is not the same as the number of
+ fieldvalues in the input list a parsing error has occurred. A list
+ containing a single empty 2-tuple [('', '')] is returned in its place.
+ This is done to avoid invalid output.
+ """
+ fieldvalues = [str(v) for v in fieldvalues]
+ fieldvalues = _pre_parse_validation(fieldvalues)
+ all = COMMASPACE.join(v for v in fieldvalues)
a = _AddressList(all)
- return a.addresslist
+ result = _post_parse_validation(a.addresslist)
+
+ n = 0
+ for v in fieldvalues:
+ n += v.count(',') + 1
+
+ if len(result) != n:
+ return [('', '')]
+
+ return result
def _format_timetuple_and_zone(timetuple, zone):
@@ -212,9 +254,18 @@ def parseaddr(addr):
Return a tuple of realname and email address, unless the parse fails, in
which case return a 2-tuple of ('', '').
"""
- addrs = _AddressList(addr).addresslist
- if not addrs:
- return '', ''
+ if isinstance(addr, list):
+ addr = addr[0]
+
+ if not isinstance(addr, str):
+ return ('', '')
+
+ addr = _pre_parse_validation([addr])[0]
+ addrs = _post_parse_validation(_AddressList(addr).addresslist)
+
+ if not addrs or len(addrs) > 1:
+ return ('', '')
+
return addrs[0]
Index: Python-3.10.12/Lib/test/test_email/test_email.py
===================================================================
--- Python-3.10.12.orig/Lib/test/test_email/test_email.py
+++ Python-3.10.12/Lib/test/test_email/test_email.py
@@ -3288,15 +3288,90 @@ Foo
[('Al Person', 'aper...@dom.ain'),
('Bud Person', 'bper...@dom.ain')])
+ def test_getaddresses_parsing_errors(self):
+ """Test for parsing errors from CVE-2023-27043"""
+ eq = self.assertEqual
+ eq(utils.getaddresses(['al...@example.org(<b...@example.com>']),
+ [('', '')])
+ eq(utils.getaddresses(['al...@example.org)<b...@example.com>']),
+ [('', '')])
+ eq(utils.getaddresses(['al...@example.org<<b...@example.com>']),
+ [('', '')])
+ eq(utils.getaddresses(['al...@example.org><b...@example.com>']),
+ [('', '')])
+ eq(utils.getaddresses(['al...@example.org@<b...@example.com>']),
+ [('', '')])
+ eq(utils.getaddresses(['al...@example.org,<b...@example.com>']),
+ [('', 'al...@example.org'), ('', 'b...@example.com')])
+ eq(utils.getaddresses(['al...@example.org;<b...@example.com>']),
+ [('', '')])
+ eq(utils.getaddresses(['al...@example.org:<b...@example.com>']),
+ [('', '')])
+ eq(utils.getaddresses(['al...@example.org.<b...@example.com>']),
+ [('', '')])
+ eq(utils.getaddresses(['al...@example.org"<b...@example.com>']),
+ [('', '')])
+ eq(utils.getaddresses(['al...@example.org[<b...@example.com>']),
+ [('', '')])
+ eq(utils.getaddresses(['al...@example.org]<b...@example.com>']),
+ [('', '')])
+
+ def test_parseaddr_parsing_errors(self):
+ """Test for parsing errors from CVE-2023-27043"""
+ eq = self.assertEqual
+ eq(utils.parseaddr(['al...@example.org(<b...@example.com>']),
+ ('', ''))
+ eq(utils.parseaddr(['al...@example.org)<b...@example.com>']),
+ ('', ''))
+ eq(utils.parseaddr(['al...@example.org<<b...@example.com>']),
+ ('', ''))
+ eq(utils.parseaddr(['al...@example.org><b...@example.com>']),
+ ('', ''))
+ eq(utils.parseaddr(['al...@example.org@<b...@example.com>']),
+ ('', ''))
+ eq(utils.parseaddr(['al...@example.org,<b...@example.com>']),
+ ('', ''))
+ eq(utils.parseaddr(['al...@example.org;<b...@example.com>']),
+ ('', ''))
+ eq(utils.parseaddr(['al...@example.org:<b...@example.com>']),
+ ('', ''))
+ eq(utils.parseaddr(['al...@example.org.<b...@example.com>']),
+ ('', ''))
+ eq(utils.parseaddr(['al...@example.org"<b...@example.com>']),
+ ('', ''))
+ eq(utils.parseaddr(['al...@example.org[<b...@example.com>']),
+ ('', ''))
+ eq(utils.parseaddr(['al...@example.org]<b...@example.com>']),
+ ('', ''))
+
def test_getaddresses_nasty(self):
eq = self.assertEqual
eq(utils.getaddresses(['foo: ;']), [('', '')])
- eq(utils.getaddresses(
- ['[]*-- =~$']),
- [('', ''), ('', ''), ('', '*--')])
+ eq(utils.getaddresses(['[]*-- =~$']), [('', '')])
eq(utils.getaddresses(
['foo: ;', '"Jason R. Mastaler" <ja...@dom.ain>']),
[('', ''), ('Jason R. Mastaler', 'ja...@dom.ain')])
+ eq(utils.getaddresses(
+ [r'Pete(A nice \) chap) <pete(his account)@silly.test(his host)>']),
+ [('Pete (A nice ) chap his account his host)', 'p...@silly.test')])
+ eq(utils.getaddresses(
+ ['(Empty list)(start)Undisclosed recipients :(nobody(I know))']),
+ [('', '')])
+ eq(utils.getaddresses(
+ ['Mary <@machine.tld:m...@example.net>, , jdoe@test . example']),
+ [('Mary', 'm...@example.net'), ('', ''), ('', 'jdoe@test.example')])
+ eq(utils.getaddresses(
+ ['John Doe <jdoe@machine(comment). example>']),
+ [('John Doe (comment)', 'jdoe@machine.example')])
+ eq(utils.getaddresses(
+ ['"Mary Smith: Personal Account" <smith@home.example>']),
+ [('Mary Smith: Personal Account', 'smith@home.example')])
+ eq(utils.getaddresses(
+ ['Undisclosed recipients:;']),
+ [('', '')])
+ eq(utils.getaddresses(
+ [r'<b...@nil.test>, "Giant; \"Big\" Box" <b...@example.net>']),
+ [('', 'b...@nil.test'), ('Giant; "Big" Box', 'b...@example.net')])
def test_getaddresses_embedded_comment(self):
"""Test proper handling of a nested comment"""
Index:
Python-3.10.12/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
===================================================================
--- /dev/null
+++
Python-3.10.12/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
@@ -0,0 +1,4 @@
+CVE-2023-27043: Prevent :func:`email.utils.parseaddr`
+and :func:`email.utils.getaddresses` from returning the realname portion of an
+invalid RFC2822 email header in the email address portion of the 2-tuple
+returned after being parsed by :class:`email._parseaddr.AddressList`.
++++++ Revert-gh105127-left-tests.patch ++++++
>From 4288c623d62cf90d8e4444facb3379fb06d01140 Mon Sep 17 00:00:00 2001
From: "Gregory P. Smith" <g...@krypto.org>
Date: Thu, 20 Jul 2023 20:30:52 -0700
Subject: [PATCH] [3.12] gh-106669: Revert "gh-102988: Detect email address
parsing errors ... (GH-105127)" (GH-106733)
This reverts commit 18dfbd035775c15533d13a98e56b1d2bf5c65f00.
Adds a regression test from the issue.
See https://github.com/python/cpython/issues/106669..
(cherry picked from commit a31dea1feb61793e48fa9aa5014f358352205c1d)
Co-authored-by: Gregory P. Smith <g...@krypto.org>
---
Doc/library/email.utils.rst |
26 --
Lib/email/utils.py |
63 ------
Lib/test/test_email/test_email.py |
96 +---------
Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst |
5
4 files changed, 31 insertions(+), 159 deletions(-)
create mode 100644
Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
Index: Python-3.10.12/Doc/library/email.utils.rst
===================================================================
--- Python-3.10.12.orig/Doc/library/email.utils.rst
+++ Python-3.10.12/Doc/library/email.utils.rst
@@ -67,11 +67,6 @@ of the new API.
*email address* parts. Returns a tuple of that information, unless the
parse
fails, in which case a 2-tuple of ``('', '')`` is returned.
- .. versionchanged:: 3.12
- For security reasons, addresses that were ambiguous and could parse into
- multiple different addresses now cause ``('', '')`` to be returned
- instead of only one of the *potential* addresses.
-
.. function:: formataddr(pair, charset='utf-8')
@@ -94,7 +89,7 @@ of the new API.
This method returns a list of 2-tuples of the form returned by
``parseaddr()``.
*fieldvalues* is a sequence of header field values as might be returned by
:meth:`Message.get_all <email.message.Message.get_all>`. Here's a simple
- example that gets all the recipients of a message:
+ example that gets all the recipients of a message::
from email.utils import getaddresses
@@ -104,25 +99,6 @@ of the new API.
resent_ccs = msg.get_all('resent-cc', [])
all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs)
- When parsing fails for a single fieldvalue, a 2-tuple of ``('', '')``
- is returned in its place. Other errors in parsing the list of
- addresses such as a fieldvalue seemingly parsing into multiple
- addresses may result in a list containing a single empty 2-tuple
- ``[('', '')]`` being returned rather than returning potentially
- invalid output.
-
- Example malformed input parsing:
-
- .. doctest::
-
- >>> from email.utils import getaddresses
- >>> getaddresses(['al...@example.com <b...@example.com>',
'm...@example.com'])
- [('', '')]
-
- .. versionchanged:: 3.12
- The 2-tuple of ``('', '')`` in the returned values when parsing
- fails were added as to address a security issue.
-
.. function:: parsedate(date)
Index: Python-3.10.12/Lib/email/utils.py
===================================================================
--- Python-3.10.12.orig/Lib/email/utils.py
+++ Python-3.10.12/Lib/email/utils.py
@@ -106,54 +106,12 @@ def formataddr(pair, charset='utf-8'):
return address
-def _pre_parse_validation(email_header_fields):
- accepted_values = []
- for v in email_header_fields:
- s = v.replace('\\(', '').replace('\\)', '')
- if s.count('(') != s.count(')'):
- v = "('', '')"
- accepted_values.append(v)
-
- return accepted_values
-
-
-def _post_parse_validation(parsed_email_header_tuples):
- accepted_values = []
- # The parser would have parsed a correctly formatted domain-literal
- # The existence of an [ after parsing indicates a parsing failure
- for v in parsed_email_header_tuples:
- if '[' in v[1]:
- v = ('', '')
- accepted_values.append(v)
-
- return accepted_values
-
def getaddresses(fieldvalues):
- """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue.
-
- When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in
- its place.
-
- If the resulting list of parsed address is not the same as the number of
- fieldvalues in the input list a parsing error has occurred. A list
- containing a single empty 2-tuple [('', '')] is returned in its place.
- This is done to avoid invalid output.
- """
- fieldvalues = [str(v) for v in fieldvalues]
- fieldvalues = _pre_parse_validation(fieldvalues)
- all = COMMASPACE.join(v for v in fieldvalues)
+ """Return a list of (REALNAME, EMAIL) for each fieldvalue."""
+ all = COMMASPACE.join(str(v) for v in fieldvalues)
a = _AddressList(all)
- result = _post_parse_validation(a.addresslist)
-
- n = 0
- for v in fieldvalues:
- n += v.count(',') + 1
-
- if len(result) != n:
- return [('', '')]
-
- return result
+ return a.addresslist
def _format_timetuple_and_zone(timetuple, zone):
@@ -254,18 +212,9 @@ def parseaddr(addr):
Return a tuple of realname and email address, unless the parse fails, in
which case return a 2-tuple of ('', '').
"""
- if isinstance(addr, list):
- addr = addr[0]
-
- if not isinstance(addr, str):
- return ('', '')
-
- addr = _pre_parse_validation([addr])[0]
- addrs = _post_parse_validation(_AddressList(addr).addresslist)
-
- if not addrs or len(addrs) > 1:
- return ('', '')
-
+ addrs = _AddressList(addr).addresslist
+ if not addrs:
+ return '', ''
return addrs[0]
Index: Python-3.10.12/Lib/test/test_email/test_email.py
===================================================================
--- Python-3.10.12.orig/Lib/test/test_email/test_email.py
+++ Python-3.10.12/Lib/test/test_email/test_email.py
@@ -3288,90 +3288,32 @@ Foo
[('Al Person', 'aper...@dom.ain'),
('Bud Person', 'bper...@dom.ain')])
- def test_getaddresses_parsing_errors(self):
- """Test for parsing errors from CVE-2023-27043"""
- eq = self.assertEqual
- eq(utils.getaddresses(['al...@example.org(<b...@example.com>']),
- [('', '')])
- eq(utils.getaddresses(['al...@example.org)<b...@example.com>']),
- [('', '')])
- eq(utils.getaddresses(['al...@example.org<<b...@example.com>']),
- [('', '')])
- eq(utils.getaddresses(['al...@example.org><b...@example.com>']),
- [('', '')])
- eq(utils.getaddresses(['al...@example.org@<b...@example.com>']),
- [('', '')])
- eq(utils.getaddresses(['al...@example.org,<b...@example.com>']),
- [('', 'al...@example.org'), ('', 'b...@example.com')])
- eq(utils.getaddresses(['al...@example.org;<b...@example.com>']),
- [('', '')])
- eq(utils.getaddresses(['al...@example.org:<b...@example.com>']),
- [('', '')])
- eq(utils.getaddresses(['al...@example.org.<b...@example.com>']),
- [('', '')])
- eq(utils.getaddresses(['al...@example.org"<b...@example.com>']),
- [('', '')])
- eq(utils.getaddresses(['al...@example.org[<b...@example.com>']),
- [('', '')])
- eq(utils.getaddresses(['al...@example.org]<b...@example.com>']),
- [('', '')])
-
- def test_parseaddr_parsing_errors(self):
- """Test for parsing errors from CVE-2023-27043"""
- eq = self.assertEqual
- eq(utils.parseaddr(['al...@example.org(<b...@example.com>']),
- ('', ''))
- eq(utils.parseaddr(['al...@example.org)<b...@example.com>']),
- ('', ''))
- eq(utils.parseaddr(['al...@example.org<<b...@example.com>']),
- ('', ''))
- eq(utils.parseaddr(['al...@example.org><b...@example.com>']),
- ('', ''))
- eq(utils.parseaddr(['al...@example.org@<b...@example.com>']),
- ('', ''))
- eq(utils.parseaddr(['al...@example.org,<b...@example.com>']),
- ('', ''))
- eq(utils.parseaddr(['al...@example.org;<b...@example.com>']),
- ('', ''))
- eq(utils.parseaddr(['al...@example.org:<b...@example.com>']),
- ('', ''))
- eq(utils.parseaddr(['al...@example.org.<b...@example.com>']),
- ('', ''))
- eq(utils.parseaddr(['al...@example.org"<b...@example.com>']),
- ('', ''))
- eq(utils.parseaddr(['al...@example.org[<b...@example.com>']),
- ('', ''))
- eq(utils.parseaddr(['al...@example.org]<b...@example.com>']),
- ('', ''))
+ def test_getaddresses_comma_in_name(self):
+ """GH-106669 regression test."""
+ self.assertEqual(
+ utils.getaddresses(
+ [
+ '"Bud, Person" <bper...@dom.ain>',
+ 'aper...@dom.ain (Al Person)',
+ '"Mariusz Felisiak" <t...@example.com>',
+ ]
+ ),
+ [
+ ('Bud, Person', 'bper...@dom.ain'),
+ ('Al Person', 'aper...@dom.ain'),
+ ('Mariusz Felisiak', 't...@example.com'),
+ ],
+ )
def test_getaddresses_nasty(self):
eq = self.assertEqual
eq(utils.getaddresses(['foo: ;']), [('', '')])
- eq(utils.getaddresses(['[]*-- =~$']), [('', '')])
+ eq(utils.getaddresses(
+ ['[]*-- =~$']),
+ [('', ''), ('', ''), ('', '*--')])
eq(utils.getaddresses(
['foo: ;', '"Jason R. Mastaler" <ja...@dom.ain>']),
[('', ''), ('Jason R. Mastaler', 'ja...@dom.ain')])
- eq(utils.getaddresses(
- [r'Pete(A nice \) chap) <pete(his account)@silly.test(his host)>']),
- [('Pete (A nice ) chap his account his host)', 'p...@silly.test')])
- eq(utils.getaddresses(
- ['(Empty list)(start)Undisclosed recipients :(nobody(I know))']),
- [('', '')])
- eq(utils.getaddresses(
- ['Mary <@machine.tld:m...@example.net>, , jdoe@test . example']),
- [('Mary', 'm...@example.net'), ('', ''), ('', 'jdoe@test.example')])
- eq(utils.getaddresses(
- ['John Doe <jdoe@machine(comment). example>']),
- [('John Doe (comment)', 'jdoe@machine.example')])
- eq(utils.getaddresses(
- ['"Mary Smith: Personal Account" <smith@home.example>']),
- [('Mary Smith: Personal Account', 'smith@home.example')])
- eq(utils.getaddresses(
- ['Undisclosed recipients:;']),
- [('', '')])
- eq(utils.getaddresses(
- [r'<b...@nil.test>, "Giant; \"Big\" Box" <b...@example.net>']),
- [('', 'b...@nil.test'), ('Giant; "Big" Box', 'b...@example.net')])
def test_getaddresses_embedded_comment(self):
"""Test proper handling of a nested comment"""
Index:
Python-3.10.12/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
===================================================================
---
Python-3.10.12.orig/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
+++
Python-3.10.12/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst
@@ -1,3 +1,8 @@
+Reverted the :mod:`email.utils` security improvement change released in
+3.12beta4 that unintentionally caused :mod:`email.utils.getaddresses` to fail
+to parse email addresses with a comma in the quoted name field.
+See :gh:`106669`.
+
CVE-2023-27043: Prevent :func:`email.utils.parseaddr`
and :func:`email.utils.getaddresses` from returning the realname portion of an
invalid RFC2822 email header in the email address portion of the 2-tuple
++++++ fix_configure_rst.patch ++++++
--- /var/tmp/diff_new_pack.5JFBm2/_old 2023-08-06 16:29:15.899583657 +0200
+++ /var/tmp/diff_new_pack.5JFBm2/_new 2023-08-06 16:29:15.903583683 +0200
@@ -3,8 +3,10 @@
Misc/NEWS | 2 +-
2 files changed, 1 insertion(+), 4 deletions(-)
---- a/Doc/using/configure.rst
-+++ b/Doc/using/configure.rst
+Index: Python-3.10.12/Doc/using/configure.rst
+===================================================================
+--- Python-3.10.12.orig/Doc/using/configure.rst
++++ Python-3.10.12/Doc/using/configure.rst
@@ -42,7 +42,6 @@ General Options
See :data:`sys.int_info.bits_per_digit <sys.int_info>`.
@@ -13,7 +15,7 @@
.. cmdoption:: --with-cxx-main=COMPILER
Compile the Python ``main()`` function and link Python executable with C++
-@@ -457,13 +456,11 @@ macOS Options
+@@ -473,13 +472,11 @@ macOS Options
See ``Mac/README.rst``.
@@ -27,9 +29,11 @@
.. cmdoption:: --enable-framework=INSTALLDIR
Create a Python.framework rather than a traditional Unix install. Optional
---- a/Misc/NEWS
-+++ b/Misc/NEWS
-@@ -3422,7 +3422,7 @@ C API
+Index: Python-3.10.12/Misc/NEWS
+===================================================================
+--- Python-3.10.12.orig/Misc/NEWS
++++ Python-3.10.12/Misc/NEWS
+@@ -3618,7 +3618,7 @@ C API
-----
- bpo-43795: The list in :ref:`stable-abi-list` now shows the public name
++++++ gh-78214-marshal_stabilize_FLAG_REF.patch ++++++
--- /var/tmp/diff_new_pack.5JFBm2/_old 2023-08-06 16:29:15.915583760 +0200
+++ /var/tmp/diff_new_pack.5JFBm2/_new 2023-08-06 16:29:15.919583785 +0200
@@ -7,8 +7,10 @@
Python/marshal.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
---- a/Python/marshal.c
-+++ b/Python/marshal.c
+Index: Python-3.10.12/Python/marshal.c
+===================================================================
+--- Python-3.10.12.orig/Python/marshal.c
++++ Python-3.10.12/Python/marshal.c
@@ -298,9 +298,14 @@ w_ref(PyObject *v, char *flag, WFILE *p)
if (p->version < 3 || p->hashtable == NULL)
return 0; /* not writing object references */
++++++ subprocess-raise-timeout.patch ++++++
--- /var/tmp/diff_new_pack.5JFBm2/_old 2023-08-06 16:29:16.011584374 +0200
+++ /var/tmp/diff_new_pack.5JFBm2/_new 2023-08-06 16:29:16.015584400 +0200
@@ -2,9 +2,11 @@
Lib/test/test_subprocess.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
---- a/Lib/test/test_subprocess.py
-+++ b/Lib/test/test_subprocess.py
-@@ -267,7 +267,8 @@ class ProcessTestCase(BaseTestCase):
+Index: Python-3.10.12/Lib/test/test_subprocess.py
+===================================================================
+--- Python-3.10.12.orig/Lib/test/test_subprocess.py
++++ Python-3.10.12/Lib/test/test_subprocess.py
+@@ -268,7 +268,8 @@ class ProcessTestCase(BaseTestCase):
"time.sleep(3600)"],
# Some heavily loaded buildbots (sparc Debian 3.x) require
# this much time to start and print.
