Accepting request 692400 from home:mcepl:branches:devel:languages:python:Factory
- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch
removing unnecessary (and potentially harmful) URL scheme
local-file://.
- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
Characters in the netloc attribute that decompose under NFKC
normalization (as used by the IDNA encoding) into any of ``/``,
``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
URL is decomposed before parsing, or is not a Unicode string,
no error will be raised.
Upstream commits e37ef41 and 507bd8c.
- Update to 2.7.16:
* bugfix-only release: complete list of changes on
https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
* Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
which are fully included in the tarball.
* Updated patches to apply cleanly:
CVE-2019-5010-null-defer-x509-cert-DOS.patch
bpo36160-init-sysconfig_vars.patch
do-not-use-non-ascii-in-test_ssl.patch
openssl-111-middlebox-compat.patch
openssl-111-ssl_options.patch
python-2.5.1-sqlite.patch
python-2.6-gettext-plurals.patch
python-2.7-dirs.patch
python-2.7.2-fix_date_time_compiler.patch
python-2.7.4-canonicalize2.patch
python-2.7.5-multilib.patch
python-2.7.9-ssl_ca_path.patch
OBS-URL: https://build.opensuse.org/request/show/692400
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=241
This commit is contained in:
Git OBS Bridge
@@ -1,3 +1,47 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 8 22:40:01 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch
|
||||
removing unnecessary (and potentially harmful) URL scheme
|
||||
local-file://.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 8 21:13:48 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
|
||||
Characters in the netloc attribute that decompose under NFKC
|
||||
normalization (as used by the IDNA encoding) into any of ``/``,
|
||||
``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
|
||||
URL is decomposed before parsing, or is not a Unicode string,
|
||||
no error will be raised.
|
||||
Upstream commits e37ef41 and 507bd8c.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 4 22:28:24 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
- Update to 2.7.16:
|
||||
* bugfix-only release: complete list of changes on
|
||||
https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
|
||||
* Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
|
||||
which are fully included in the tarball.
|
||||
* Updated patches to apply cleanly:
|
||||
CVE-2019-5010-null-defer-x509-cert-DOS.patch
|
||||
bpo36160-init-sysconfig_vars.patch
|
||||
do-not-use-non-ascii-in-test_ssl.patch
|
||||
openssl-111-middlebox-compat.patch
|
||||
openssl-111-ssl_options.patch
|
||||
python-2.5.1-sqlite.patch
|
||||
python-2.6-gettext-plurals.patch
|
||||
python-2.7-dirs.patch
|
||||
python-2.7.2-fix_date_time_compiler.patch
|
||||
python-2.7.4-canonicalize2.patch
|
||||
python-2.7.5-multilib.patch
|
||||
python-2.7.9-ssl_ca_path.patch
|
||||
python-bsddb6.diff
|
||||
remove-static-libpython.diff
|
||||
* Update python-2.7.5-multilib.patch to pass with new platlib
|
||||
regime.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com
|
||||
|
||||
|
||||
Reference in New Issue
Block a user