Revisions of saltbundlepy
- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with patched libexpat below 2.6.0 that doesn't update the version number (gh#python/cpython#117187) * CVE-2023-52425-libexpat-2.6.0-backport.patch
- Update to 3.11.9: * Security * gh-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425, bsc#1219559) by adding five new methods: xml.etree.ElementTree.XMLParser.flush() xml.etree.ElementTree.XMLPullParser.flush() xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() xml.sax.expatreader.ExpatParser.flush() * gh-115399: Update bundled libexpat to 2.6.0 * gh-115243: Fix possible crashes in collections.deque.index() when the deque is concurrently modified. * gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads. * Core and Builtins * gh-116296: Fix possible refleak in object.__reduce__() internal error handling. * gh-116034: Fix location of the error on a failed assertion. * gh-115823: Properly calculate error ranges in the parser when raising SyntaxError exceptions caused by invalid byte sequences. Patch by Pablo Galindo * gh-112087: For an empty reverse iterator for list will be reduced to reversed(). Patch by Donghee Na. * gh-115011: Setters for members with an unsigned integer type now support the same range of valid values for objects that has a __index__() method as for int. * gh-96497: Fix incorrect resolution of mangled class variables used in assignment expressions in comprehensions.
- Use saltbundlepy-libffi instead of libffi provided by distro to make the Salt Bundle less dependant on packages of client.
Drop unnecessary externally_managed.in
- Align changelog - Remove extra full stops from latest changelog entry
- Disable NIS for new products, it's deprecated and gets removed
osc copypac from project:systemsmanagement:saltstack:bundle:next package:saltbundlepy revision:13
- Update to 3.11.5 (bsc#1214692): * Security * gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. * Core and Builtins * gh-104432: Fix potential unaligned memory access on C APIs involving returned sequences of char * pointers within the grp and socket modules. These were revealed using a -fsaniziter=alignment build on ARM macOS. Patch by Christopher Chavez. * gh-77377: Ensure that multiprocessing synchronization objects created in a fork context are not sent to a different process created in a spawn context. This changes a segfault into an actionable RuntimeError in the parent process. * gh-106092: Fix a segmentation fault caused by a use-after-free bug in frame_dealloc when the trashcan delays the deallocation of a PyFrameObject. * gh-106719: No longer suppress arbitrary errors in the __annotations__ getter and setter in the type and module types. * gh-106723: Propagate frozen_modules to multiprocessing spawned process interpreters. * gh-105979: Fix crash in _imp.get_frozen_object() due to improper exception handling. * gh-105840: Fix possible crashes when specializing function calls with too many __defaults__. * gh-105588: Fix an issue that could result in crashes when
CVE-2007-4559, bsc#1203750) (PEP 706). * subprocess-raise-timeout.patch
osc copypac from project:systemsmanagement:saltstack:bundle:testing package:saltbundlepy revision:10
- Add fix-sphinx-72.patch to make it work with latest sphinx version gh#python/cpython#97950 - Update to 3.10.13 (bsc#1214692): - gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. - gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with LinkOutsideDestinationError. - gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, 3.0.10, and 3.1.2. - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data: *consumed was not set. - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. - Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for stabilizing FLAG_REF usage (required for reproduceability; bsc#1213463). - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). - Update to 3.10.12: - gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address
- Change the order of adding test files in the spec to prevent different build results with debbuild.
- Include dependency on libffi for Debian 12
Realign changelog according to bundle:testing
- Adjust custom patches after latest upgrade to fix building issues - Modified: * skip-test_pyobject_freed_is_freed.patch * call-startup-script-always.patch * no-strict-openssl111-dep.patch - Fix build on openEuler 22.03. - Add invalid-json.patch fixing invalid JSON in Doc/howto/logging-cookbook.rst (somehow similar to gh#python/cpython#102582). - Update to 3.10.10: Bug fixes and regressions handling, no change of behaviour and no security bugs fixed. - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters - Add provides for readline and sqlite3 to the main Python package. - Disable NIS for new products, it's deprecated and gets removed - Update to 3.10.9: - python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server lo This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before
osc copypac from project:systemsmanagement:saltstack:bundle:testing package:saltbundlepy revision:3
- Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556) - Updated: * no-strict-openssl111-dep-read-write-fix.patch
- Turn off LTO and GPO for Debian 11 ppc64le and s390x to prevent fails on building
- Revert strict requirement for OpenSSL 1.1.1 for SLE 15 also
Displaying revisions 1 - 20 of 22