From 00983cacd3597038e10acc7634c5cd8daf6b43741e26ed60f9bd390234abcf76 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 23 Apr 2020 09:28:38 +0000 Subject: [PATCH] - Update to 2.7.18, final release of Python 2. Ever.: - Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch by Ben Caller. - Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host. - Fix problems identified by GCC's -Wstringop-truncation warning. - AddRefActCtx() was needlessly being checked for failure in PC/dl_nt.c. - Prevent failure of test_relative_path in test_py_compile on macOS Catalina. - Fixed possible leak in :c:func:`PyArg_Parse` and similar functions for format units "es#" and "et#" when the macro :c:macro:`PY_SSIZE_T_CLEAN` is not defined. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=281 --- Python-2.7.17.tar.xz | 3 --- Python-2.7.17.tar.xz.asc | 16 ------------- Python-2.7.18.tar.xz | 3 +++ Python-2.7.18.tar.xz.asc | 16 +++++++++++++ python-2.7.17-docs-pdf-a4.tar.bz2 | 3 --- python-2.7.17-docs-pdf-letter.tar.bz2 | 3 --- python-2.7.18-docs-pdf-a4.tar.bz2 | 3 +++ python-2.7.18-docs-pdf-letter.tar.bz2 | 3 +++ python-base.changes | 27 +++++++++++++++++++++ python-base.spec | 2 +- python-doc.changes | 34 +++++++++++++++++++++++++++ python-doc.spec | 2 +- python.changes | 34 +++++++++++++++++++++++++++ python.spec | 2 +- 14 files changed, 123 insertions(+), 28 deletions(-) delete mode 100644 Python-2.7.17.tar.xz delete mode 100644 Python-2.7.17.tar.xz.asc create mode 100644 Python-2.7.18.tar.xz create mode 100644 Python-2.7.18.tar.xz.asc delete mode 100644 python-2.7.17-docs-pdf-a4.tar.bz2 delete mode 100644 python-2.7.17-docs-pdf-letter.tar.bz2 create mode 100644 python-2.7.18-docs-pdf-a4.tar.bz2 create mode 100644 python-2.7.18-docs-pdf-letter.tar.bz2 diff --git a/Python-2.7.17.tar.xz b/Python-2.7.17.tar.xz deleted file mode 100644 index 94abb7e..0000000 --- a/Python-2.7.17.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4d43f033cdbd0aa7b7023c81b0e986fd11e653b5248dac9144d508f11812ba41 -size 12855568 diff --git a/Python-2.7.17.tar.xz.asc b/Python-2.7.17.tar.xz.asc deleted file mode 100644 index e92d432..0000000 --- a/Python-2.7.17.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEwB4crV6ixPC441cVBMNnwhit1P8FAl2rXRsACgkQBMNnwhit -1P/dJg//UrZRji4wnui1gfsp/qUtEIQe3Qb48LU7NAPjr5Y0B+ebG9peOw2pR4JX -yUXYewWFN7Cy4wxyQki5pbo9bNwSqJ0Xfix/R+mcoSQHGWb0FVH+gk2tGehtM99M -EUR1cdywA2a3K+Dpqaqysl7NCYMTq2bqMcRh/ADUHfmCpneisdSZTq2vX7lfgBAj -py+OIeXTa3P6EFhMZYKOc+/7p/pltmh28cmLqhL91UEVQi4eT3EbAu17CI7d9pQr -28FtqM7EDhm1cbkE25GuVDE8zP5JO+AjcMmRBSiRDBTur////0NqzeoCqmFcwPpt -DZAfS4AAyQroXJsYElZDr5STL/guhgYe3FJGVSqpZ4Tk2Fyr1olQGnVR2TlPufQu -21e6dJZFyc+7cHIe9+gpizXsoOgMk40qTJB/xQ0ERNGJZ6t39VJ2s8GlaY0+Dnvq -yRt5a/SzHrJK4Y/0lC17LylSP5VuMUKm0gXFGmJGYfHYw7I51IpXpFWBQBzghelj -aKgEsjWxmHcaM7t8tBlQniSQ8eAONCBvhG+pnQn2WEaSdQxpTdeckcfP6K2CV7AN -XuZ42/u+lwRB4QI4sA1HXQ6ab/gjCAQzKJSbRhhx4WIosGxNMf0rI+u0cCOT/eBI -sYCLEx564/NS2ErMAVoT+tvXIDQXl7Z/0K95I4IJel+6aPiW9HI= -=YxNu ------END PGP SIGNATURE----- diff --git a/Python-2.7.18.tar.xz b/Python-2.7.18.tar.xz new file mode 100644 index 0000000..26608d7 --- /dev/null +++ b/Python-2.7.18.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b62c0e7937551d0cc02b8fd5cb0f544f9405bafc9a54d3808ed4594812edef43 +size 12854736 diff --git a/Python-2.7.18.tar.xz.asc b/Python-2.7.18.tar.xz.asc new file mode 100644 index 0000000..5afd904 --- /dev/null +++ b/Python-2.7.18.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEwB4crV6ixPC441cVBMNnwhit1P8FAl6cx00ACgkQBMNnwhit +1P8kiBAAmGj5Nz8rsDoqRppDfWuk/oLU1WwXIixFOuzrrIcSnUDGtZgikIlA0q1z +At/09+mbQMSv93/oa+ISCQujvH5QTbKqOoYYdBGdsK6XZevrGM1UO3eRaldBElQ0 +03zIT7d9OyvbvvvegsqaCMFoGhcAmnp6AomXFt20U80tIaCBCftGKIfQQXR/aTfz +w3F7s+ZrzLd2mj9rVtld6KPs9ZuTl3xK1YlsfKvXnLwK0v9h7shVvkj9vKnolwPI +Ykl1FDI0p/gHbkRzC0D10zOv58mO4jrkezlq1ZKVwu7hgGFVXt1ZudwbpIWz8cl0 +AHcEK+ls9F9fw6bvRJPHi0L/jvvr58+3hg1iwJW24eYvP2GuRSRk1GF3FroARll7 ++PW6y+kyrjhyznv0KVY5efEgJQRGJ4o6d5PvWKIWiwL6HycAXfUt7248S0N3acKZ +Am4UVCRXwhCB0+xENAaT/KtMK/kvl5G9bVLSpah0LlSZ0u/X86zhyitVky3LD/el +JRrHskXIA4wDcxfv503tEvRm9vLOdr0XwAyZ9qh7NGfmmAT2W/bKa3qlM6DJ027c +mRl0VKmiseh4r3JIOAqkDFUNbvjKhteA4HeTrOxsqacnzWTH+tvB2Pm3Qpl/oRhM +iAsGICpa9IMFmhmhoWjdpacXIiPaGhJA9AC3lufOPgIqMVvwsQ4= +=V2yl +-----END PGP SIGNATURE----- diff --git a/python-2.7.17-docs-pdf-a4.tar.bz2 b/python-2.7.17-docs-pdf-a4.tar.bz2 deleted file mode 100644 index dfee271..0000000 --- a/python-2.7.17-docs-pdf-a4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bec4c29c255bcf87b39606ec76d6ed25ef3880333a88447bb8958cf9269f7a21 -size 11440300 diff --git a/python-2.7.17-docs-pdf-letter.tar.bz2 b/python-2.7.17-docs-pdf-letter.tar.bz2 deleted file mode 100644 index ae384b5..0000000 --- a/python-2.7.17-docs-pdf-letter.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:27d3f0f23a13300a5df66c66d7a28d09681b810436ab94895295479a8ae0572d -size 11440077 diff --git a/python-2.7.18-docs-pdf-a4.tar.bz2 b/python-2.7.18-docs-pdf-a4.tar.bz2 new file mode 100644 index 0000000..4550925 --- /dev/null +++ b/python-2.7.18-docs-pdf-a4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:55cfc0527ec38284ae56d90b165f099184d6c4e2f1ba604af9e462a66552fcaa +size 11455638 diff --git a/python-2.7.18-docs-pdf-letter.tar.bz2 b/python-2.7.18-docs-pdf-letter.tar.bz2 new file mode 100644 index 0000000..721dc10 --- /dev/null +++ b/python-2.7.18-docs-pdf-letter.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:76e56fe618a6d5d1cd7b90e73d46fa1a4d0b3e5bbdfdce6c5d59cff9d49ed749 +size 11455851 diff --git a/python-base.changes b/python-base.changes index 272fae2..d982387 100644 --- a/python-base.changes +++ b/python-base.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl + +- Update to 2.7.18, final release of Python 2. Ever.: + - Newline characters have been escaped when performing uu + encoding to prevent them from overflowing into to content + section of the encoded file. This prevents malicious or + accidental modification of data during the decoding process. + - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch + by Ben Caller. + - Fixed line numbers and column offsets for AST nodes for calls + without arguments in decorators. + - Disallow control characters in hostnames in http.client, + addressing CVE-2019-18348. Such potentially malicious header + injection URLs now cause a InvalidURL to be raised. + - Fix urllib.urlretrieve failing on subsequent ftp transfers + from the same host. + - Fix problems identified by GCC's -Wstringop-truncation + warning. + - AddRefActCtx() was needlessly being checked for failure in + PC/dl_nt.c. + - Prevent failure of test_relative_path in test_py_compile on + macOS Catalina. + - Fixed possible leak in :c:func:`PyArg_Parse` and similar + functions for format units "es#" and "et#" when the macro + :c:macro:`PY_SSIZE_T_CLEAN` is not defined. + ------------------------------------------------------------------- Sat Feb 8 23:29:28 CET 2020 - Matej Cepl diff --git a/python-base.spec b/python-base.spec index 39396d2..ad010fc 100644 --- a/python-base.spec +++ b/python-base.spec @@ -19,7 +19,7 @@ %define so_version 2_7-1_0 Name: python-base -Version: 2.7.17 +Version: 2.7.18 Release: 0 Summary: Python Interpreter base package License: Python-2.0 diff --git a/python-doc.changes b/python-doc.changes index b935f47..d982387 100644 --- a/python-doc.changes +++ b/python-doc.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl + +- Update to 2.7.18, final release of Python 2. Ever.: + - Newline characters have been escaped when performing uu + encoding to prevent them from overflowing into to content + section of the encoded file. This prevents malicious or + accidental modification of data during the decoding process. + - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch + by Ben Caller. + - Fixed line numbers and column offsets for AST nodes for calls + without arguments in decorators. + - Disallow control characters in hostnames in http.client, + addressing CVE-2019-18348. Such potentially malicious header + injection URLs now cause a InvalidURL to be raised. + - Fix urllib.urlretrieve failing on subsequent ftp transfers + from the same host. + - Fix problems identified by GCC's -Wstringop-truncation + warning. + - AddRefActCtx() was needlessly being checked for failure in + PC/dl_nt.c. + - Prevent failure of test_relative_path in test_py_compile on + macOS Catalina. + - Fixed possible leak in :c:func:`PyArg_Parse` and similar + functions for format units "es#" and "et#" when the macro + :c:macro:`PY_SSIZE_T_CLEAN` is not defined. + +------------------------------------------------------------------- +Sat Feb 8 23:29:28 CET 2020 - Matej Cepl + +- Add CVE-2019-9674-zip-bomb.patch to improve documentation + warning about dangers of zip-bombs and other security problems + with zipfile library. (bsc#1162825 CVE-2019-9674) + ------------------------------------------------------------------- Sat Feb 8 22:30:51 CET 2020 - Matej Cepl diff --git a/python-doc.spec b/python-doc.spec index 12bd25a..1417348 100644 --- a/python-doc.spec +++ b/python-doc.spec @@ -17,7 +17,7 @@ Name: python-doc -Version: 2.7.17 +Version: 2.7.18 Release: 0 Summary: Additional Package Documentation for Python License: Python-2.0 diff --git a/python.changes b/python.changes index b935f47..d982387 100644 --- a/python.changes +++ b/python.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl + +- Update to 2.7.18, final release of Python 2. Ever.: + - Newline characters have been escaped when performing uu + encoding to prevent them from overflowing into to content + section of the encoded file. This prevents malicious or + accidental modification of data during the decoding process. + - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch + by Ben Caller. + - Fixed line numbers and column offsets for AST nodes for calls + without arguments in decorators. + - Disallow control characters in hostnames in http.client, + addressing CVE-2019-18348. Such potentially malicious header + injection URLs now cause a InvalidURL to be raised. + - Fix urllib.urlretrieve failing on subsequent ftp transfers + from the same host. + - Fix problems identified by GCC's -Wstringop-truncation + warning. + - AddRefActCtx() was needlessly being checked for failure in + PC/dl_nt.c. + - Prevent failure of test_relative_path in test_py_compile on + macOS Catalina. + - Fixed possible leak in :c:func:`PyArg_Parse` and similar + functions for format units "es#" and "et#" when the macro + :c:macro:`PY_SSIZE_T_CLEAN` is not defined. + +------------------------------------------------------------------- +Sat Feb 8 23:29:28 CET 2020 - Matej Cepl + +- Add CVE-2019-9674-zip-bomb.patch to improve documentation + warning about dangers of zip-bombs and other security problems + with zipfile library. (bsc#1162825 CVE-2019-9674) + ------------------------------------------------------------------- Sat Feb 8 22:30:51 CET 2020 - Matej Cepl diff --git a/python.spec b/python.spec index 1fb2188..3b3940b 100644 --- a/python.spec +++ b/python.spec @@ -17,7 +17,7 @@ Name: python -Version: 2.7.17 +Version: 2.7.18 Release: 0 Summary: Python Interpreter License: Python-2.0