Accepting request 692400 from home:mcepl:branches:devel:languages:python:Factory
- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch
removing unnecessary (and potentially harmful) URL scheme
local-file://.
- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
Characters in the netloc attribute that decompose under NFKC
normalization (as used by the IDNA encoding) into any of ``/``,
``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
URL is decomposed before parsing, or is not a Unicode string,
no error will be raised.
Upstream commits e37ef41 and 507bd8c.
- Update to 2.7.16:
* bugfix-only release: complete list of changes on
https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
* Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
which are fully included in the tarball.
* Updated patches to apply cleanly:
CVE-2019-5010-null-defer-x509-cert-DOS.patch
bpo36160-init-sysconfig_vars.patch
do-not-use-non-ascii-in-test_ssl.patch
openssl-111-middlebox-compat.patch
openssl-111-ssl_options.patch
python-2.5.1-sqlite.patch
python-2.6-gettext-plurals.patch
python-2.7-dirs.patch
python-2.7.2-fix_date_time_compiler.patch
python-2.7.4-canonicalize2.patch
python-2.7.5-multilib.patch
python-2.7.9-ssl_ca_path.patch
OBS-URL: https://build.opensuse.org/request/show/692400
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=241
This commit is contained in:
Git OBS Bridge
21
python.spec
21
python.spec
@@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: python
|
||||
Version: 2.7.15
|
||||
Version: 2.7.16
|
||||
Release: 0
|
||||
Summary: Python Interpreter
|
||||
License: Python-2.0
|
||||
@@ -66,11 +66,6 @@ Patch38: reproducible.patch
|
||||
Patch40: python-skip_random_failing_tests.patch
|
||||
# PATCH-FIX-UPSTREAM sorted tar https://github.com/python/cpython/pull/2263
|
||||
Patch41: python-sorted_tar.patch
|
||||
# https://github.com/python/cpython/pull/8771
|
||||
Patch42: openssl-111.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch mcepl@suse.com
|
||||
# Suggested in https://github.com/python/cpython/commit/add531a1e55b.patch
|
||||
Patch43: CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
|
||||
# https://github.com/python/cpython/pull/9624 (https://bugs.python.org/issue34834)
|
||||
Patch47: openssl-111-middlebox-compat.patch
|
||||
# PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE
|
||||
@@ -79,6 +74,15 @@ Patch48: openssl-111-ssl_options.patch
|
||||
# https://github.com/python/cpython/pull/11569
|
||||
# Fix segfault in ssl's cert parser
|
||||
Patch49: CVE-2019-5010-null-defer-x509-cert-DOS.patch
|
||||
# PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 mcepl@suse.com
|
||||
# Initialize sysconfig variables in test_site.
|
||||
Patch50: bpo36160-init-sysconfig_vars.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2019-9636-netloc-no-decompose-characters.patch bsc#1129346 mcepl@suse.com
|
||||
# https://bugs.python.org/issue36216
|
||||
Patch51: CVE-2019-9636-netloc-no-decompose-characters.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2019-9948-avoid_local-file.patch bsc#1130847 mcepl@suse.com
|
||||
# removing unnecessary (and potentially harmful) URL scheme local-file://
|
||||
Patch52: CVE-2019-9948-avoid_local-file.patch
|
||||
# COMMON-PATCH-END
|
||||
BuildRequires: automake
|
||||
BuildRequires: db-devel
|
||||
@@ -233,11 +237,12 @@ that rely on earlier non-verification behavior.
|
||||
%patch40 -p1
|
||||
%endif
|
||||
%patch41 -p1
|
||||
%patch42 -p1
|
||||
%patch43 -p1
|
||||
%patch47 -p1
|
||||
%patch48 -p1
|
||||
%patch49 -p1
|
||||
%patch50 -p1
|
||||
%patch51 -p1
|
||||
%patch52 -p1
|
||||
|
||||
# drop Autoconf version requirement
|
||||
sed -i 's/^version_required/dnl version_required/' configure.ac
|
||||
|
||||
Reference in New Issue
Block a user