- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file

disclosure and directory traversal through URL-encoded characters (CVE-2014-4650, bnc#885882) - python-2.7.7-mhlib-linkcount.patch: remove link count optimizations that are incorrect on btrfs (and possibly other filesystems) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=166
2014-07-24 14:33:34 +00:00
parent 71551512cd
commit 13e614b70b
6 changed files with 114 additions and 0 deletions
--- a/python-doc.spec
+++ b/python-doc.spec
@@ -60,6 +60,10 @@ Patch26:        xmlrpc_gzip_27.patch
 # CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
 Patch28:        smtplib_maxline-2.7.patch
 Patch29:        python-2.7.6-poplib.patch
+# CVE-2014-4650 - File disclosure and directory traversal in CGIHTTPServer
+Patch30:        CVE-2014-4650-CGIHTTPServer-traversal.patch
+# remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
+Patch31:        python-2.7.7-mhlib-linkcount.patch
 # COMMON-PATCH-END
 Provides:       pyth_doc
 Provides:       pyth_ps
@@ -106,6 +110,8 @@ Python, and Macintosh Module Reference in PDF format.
 %patch26 -p1
 %patch28 -p1
 %patch29 -p1
+%patch30 -p1
+%patch31 -p1

 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac