- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
  patched libexpat below 2.6.0 that doesn't update the version number
  (gh#python/cpython#117187)
  * CVE-2023-52425-libexpat-2.6.0-backport.patch

• Files Changed
• Browse Source

- Update to 3.11.9:
  * Security
  * gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
    (CVE-2023-52425,  bsc#1219559) by adding five new methods:
    xml.etree.ElementTree.XMLParser.flush()
    xml.etree.ElementTree.XMLPullParser.flush()
    xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
    xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
    xml.sax.expatreader.ExpatParser.flush()
  * gh-115399: Update bundled libexpat to 2.6.0
  * gh-115243: Fix possible crashes in collections.deque.index()
    when the deque is concurrently modified.
  * gh-114572: ssl.SSLContext.cert_store_stats() and
    ssl.SSLContext.get_ca_certs() now correctly lock access to the
    certificate store, when the ssl.SSLContext is shared across
    multiple threads.
  * Core and Builtins
  * gh-116296: Fix possible refleak in object.__reduce__() internal
    error handling.
  * gh-116034: Fix location of the error on a failed assertion.
  * gh-115823: Properly calculate error ranges in the parser when
    raising SyntaxError exceptions caused by invalid byte sequences.
    Patch by Pablo Galindo
  * gh-112087: For an empty reverse iterator for list will be
    reduced to reversed(). Patch by Donghee Na.
  * gh-115011: Setters for members with an unsigned integer type now
    support the same range of valid values for objects that has a
    __index__() method as for int.
  * gh-96497: Fix incorrect resolution of mangled class variables
    used in assignment expressions in comprehensions.

• Files Changed
• Browse Source

- Use saltbundlepy-libffi instead of libffi provided by distro
  to make the Salt Bundle less dependant on packages of client.

• Files Changed
• Browse Source

Drop unnecessary externally_managed.in

• Files Changed
• Browse Source

- Align changelog
- Remove extra full stops from latest changelog entry

• Files Changed
• Browse Source

- Disable NIS for new products, it's deprecated and gets removed

• Files Changed
• Browse Source

• Files Changed
• Browse Source

osc copypac from project:systemsmanagement:saltstack:bundle:next package:saltbundlepy revision:13

• Files Changed
• Browse Source

- Update to 3.11.5 (bsc#1214692):
  * Security
  * gh-108310: Fixed an issue where instances of ssl.SSLSocket were
    vulnerable to a bypass of the TLS handshake and included
    protections (like certificate verification) and treating sent
    unencrypted data as if it were post-handshake TLS encrypted data.
    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
    Gregory P. Smith.
  * Core and Builtins
  * gh-104432: Fix potential unaligned memory access on C APIs
    involving returned sequences of char * pointers within the grp
    and socket modules. These were revealed using a
    -fsaniziter=alignment build on ARM macOS. Patch by Christopher
    Chavez.
  * gh-77377: Ensure that multiprocessing synchronization objects
    created in a fork context are not sent to a different process
    created in a spawn context. This changes a segfault into an
    actionable RuntimeError in the parent process.
  * gh-106092: Fix a segmentation fault caused by a use-after-free
    bug in frame_dealloc when the trashcan delays the deallocation
    of a PyFrameObject.
  * gh-106719: No longer suppress arbitrary errors in the
    __annotations__ getter and setter in the type and module types.
  * gh-106723: Propagate frozen_modules to multiprocessing spawned
    process interpreters.
  * gh-105979: Fix crash in _imp.get_frozen_object() due to improper
    exception handling.
  * gh-105840: Fix possible crashes when specializing function calls
    with too many __defaults__.
  * gh-105588: Fix an issue that could result in crashes when

• Files Changed
• Browse Source

    CVE-2007-4559, bsc#1203750) (PEP 706).
  * subprocess-raise-timeout.patch

• Files Changed
• Browse Source

osc copypac from project:systemsmanagement:saltstack:bundle:testing package:saltbundlepy revision:10

• Files Changed
• Browse Source

- Add fix-sphinx-72.patch to make it work with latest sphinx version
  gh#python/cpython#97950
- Update to 3.10.13 (bsc#1214692):
  - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
    vulnerable to a bypass of the TLS handshake and included
    protections (like certificate verification) and treating sent
    unencrypted data as if it were post-handshake TLS encrypted data.
    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
    Gregory P. Smith.
  - gh-107845: tarfile.data_filter() now takes the location of
    symlinks into account when determining their target, so it will no
    longer reject some valid tarballs with
    LinkOutsideDestinationError.
  - gh-107565: Update multissltests and GitHub CI workflows to use
    OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
  - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
    *consumed was not set.
- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
  partially reverting CVE-2023-27043-email-parsing-errors.patch,
  because of the regression in gh#python/cpython#106669.
- Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for
  stabilizing FLAG_REF usage (required for reproduceability;
  bsc#1213463).
- (bsc#1210638, CVE-2023-27043) Add
  CVE-2023-27043-email-parsing-errors.patch, which detects email
  address parsing errors and returns empty tuple to indicate the
  parsing error (old API).
- Update to 3.10.12:
  - gh-103142: The version of OpenSSL used in Windows and
    Mac installers has been upgraded to 1.1.1u to address

• Files Changed
• Browse Source

- Change the order of adding test files in the spec
  to prevent different build results with debbuild.

• Files Changed
• Browse Source

- Include dependency on libffi for Debian 12

• Files Changed
• Browse Source

Realign changelog according to bundle:testing

• Files Changed
• Browse Source

- Adjust custom patches after latest upgrade to fix building issues
- Modified:
  * skip-test_pyobject_freed_is_freed.patch
  * call-startup-script-always.patch
  * no-strict-openssl111-dep.patch

- Fix build on openEuler 22.03. 

- Add invalid-json.patch fixing invalid JSON in
  Doc/howto/logging-cookbook.rst (somehow similar to
  gh#python/cpython#102582).

- Update to 3.10.10:
  Bug fixes and regressions handling, no change of behaviour and
  no security bugs fixed.
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters

- Add provides for readline and sqlite3 to the main Python
  package.

- Disable NIS for new products, it's deprecated and gets removed

- Update to 3.10.9:
  - python -m http.server no longer allows terminal
    control characters sent within a garbage request to be
    printed to the stderr server lo This is done by changing
    the http.server BaseHTTPRequestHandler .log_message method
    to replace control characters with a \xHH hex escape before

• Files Changed
• Browse Source

osc copypac from project:systemsmanagement:saltstack:bundle:testing package:saltbundlepy revision:3

• Files Changed
• Browse Source

- Fix the regression caused by the patch removing strict requirement for
  OpenSSL 1.1.1 leading to read/write issues with ssl module for
  SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556)
- Updated:
  * no-strict-openssl111-dep-read-write-fix.patch

• Files Changed
• Browse Source

- Turn off LTO and GPO for Debian 11 ppc64le and s390x
  to prevent fails on building

• Files Changed
• Browse Source

- Revert strict requirement for OpenSSL 1.1.1 for SLE 15 also

• Files Changed
• Browse Source