From 00983cacd3597038e10acc7634c5cd8daf6b43741e26ed60f9bd390234abcf76 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 23 Apr 2020 09:28:38 +0000 Subject: [PATCH 1/2] - Update to 2.7.18, final release of Python 2. Ever.: - Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch by Ben Caller. - Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host. - Fix problems identified by GCC's -Wstringop-truncation warning. - AddRefActCtx() was needlessly being checked for failure in PC/dl_nt.c. - Prevent failure of test_relative_path in test_py_compile on macOS Catalina. - Fixed possible leak in :c:func:`PyArg_Parse` and similar functions for format units "es#" and "et#" when the macro :c:macro:`PY_SSIZE_T_CLEAN` is not defined. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=281 --- Python-2.7.17.tar.xz | 3 --- Python-2.7.17.tar.xz.asc | 16 ------------- Python-2.7.18.tar.xz | 3 +++ Python-2.7.18.tar.xz.asc | 16 +++++++++++++ python-2.7.17-docs-pdf-a4.tar.bz2 | 3 --- python-2.7.17-docs-pdf-letter.tar.bz2 | 3 --- python-2.7.18-docs-pdf-a4.tar.bz2 | 3 +++ python-2.7.18-docs-pdf-letter.tar.bz2 | 3 +++ python-base.changes | 27 +++++++++++++++++++++ python-base.spec | 2 +- python-doc.changes | 34 +++++++++++++++++++++++++++ python-doc.spec | 2 +- python.changes | 34 +++++++++++++++++++++++++++ python.spec | 2 +- 14 files changed, 123 insertions(+), 28 deletions(-) delete mode 100644 Python-2.7.17.tar.xz delete mode 100644 Python-2.7.17.tar.xz.asc create mode 100644 Python-2.7.18.tar.xz create mode 100644 Python-2.7.18.tar.xz.asc delete mode 100644 python-2.7.17-docs-pdf-a4.tar.bz2 delete mode 100644 python-2.7.17-docs-pdf-letter.tar.bz2 create mode 100644 python-2.7.18-docs-pdf-a4.tar.bz2 create mode 100644 python-2.7.18-docs-pdf-letter.tar.bz2 diff --git a/Python-2.7.17.tar.xz b/Python-2.7.17.tar.xz deleted file mode 100644 index 94abb7e..0000000 --- a/Python-2.7.17.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4d43f033cdbd0aa7b7023c81b0e986fd11e653b5248dac9144d508f11812ba41 -size 12855568 diff --git a/Python-2.7.17.tar.xz.asc b/Python-2.7.17.tar.xz.asc deleted file mode 100644 index e92d432..0000000 --- a/Python-2.7.17.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEwB4crV6ixPC441cVBMNnwhit1P8FAl2rXRsACgkQBMNnwhit -1P/dJg//UrZRji4wnui1gfsp/qUtEIQe3Qb48LU7NAPjr5Y0B+ebG9peOw2pR4JX -yUXYewWFN7Cy4wxyQki5pbo9bNwSqJ0Xfix/R+mcoSQHGWb0FVH+gk2tGehtM99M -EUR1cdywA2a3K+Dpqaqysl7NCYMTq2bqMcRh/ADUHfmCpneisdSZTq2vX7lfgBAj -py+OIeXTa3P6EFhMZYKOc+/7p/pltmh28cmLqhL91UEVQi4eT3EbAu17CI7d9pQr -28FtqM7EDhm1cbkE25GuVDE8zP5JO+AjcMmRBSiRDBTur////0NqzeoCqmFcwPpt -DZAfS4AAyQroXJsYElZDr5STL/guhgYe3FJGVSqpZ4Tk2Fyr1olQGnVR2TlPufQu -21e6dJZFyc+7cHIe9+gpizXsoOgMk40qTJB/xQ0ERNGJZ6t39VJ2s8GlaY0+Dnvq -yRt5a/SzHrJK4Y/0lC17LylSP5VuMUKm0gXFGmJGYfHYw7I51IpXpFWBQBzghelj -aKgEsjWxmHcaM7t8tBlQniSQ8eAONCBvhG+pnQn2WEaSdQxpTdeckcfP6K2CV7AN -XuZ42/u+lwRB4QI4sA1HXQ6ab/gjCAQzKJSbRhhx4WIosGxNMf0rI+u0cCOT/eBI -sYCLEx564/NS2ErMAVoT+tvXIDQXl7Z/0K95I4IJel+6aPiW9HI= -=YxNu ------END PGP SIGNATURE----- diff --git a/Python-2.7.18.tar.xz b/Python-2.7.18.tar.xz new file mode 100644 index 0000000..26608d7 --- /dev/null +++ b/Python-2.7.18.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b62c0e7937551d0cc02b8fd5cb0f544f9405bafc9a54d3808ed4594812edef43 +size 12854736 diff --git a/Python-2.7.18.tar.xz.asc b/Python-2.7.18.tar.xz.asc new file mode 100644 index 0000000..5afd904 --- /dev/null +++ b/Python-2.7.18.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEwB4crV6ixPC441cVBMNnwhit1P8FAl6cx00ACgkQBMNnwhit +1P8kiBAAmGj5Nz8rsDoqRppDfWuk/oLU1WwXIixFOuzrrIcSnUDGtZgikIlA0q1z +At/09+mbQMSv93/oa+ISCQujvH5QTbKqOoYYdBGdsK6XZevrGM1UO3eRaldBElQ0 +03zIT7d9OyvbvvvegsqaCMFoGhcAmnp6AomXFt20U80tIaCBCftGKIfQQXR/aTfz +w3F7s+ZrzLd2mj9rVtld6KPs9ZuTl3xK1YlsfKvXnLwK0v9h7shVvkj9vKnolwPI +Ykl1FDI0p/gHbkRzC0D10zOv58mO4jrkezlq1ZKVwu7hgGFVXt1ZudwbpIWz8cl0 +AHcEK+ls9F9fw6bvRJPHi0L/jvvr58+3hg1iwJW24eYvP2GuRSRk1GF3FroARll7 ++PW6y+kyrjhyznv0KVY5efEgJQRGJ4o6d5PvWKIWiwL6HycAXfUt7248S0N3acKZ +Am4UVCRXwhCB0+xENAaT/KtMK/kvl5G9bVLSpah0LlSZ0u/X86zhyitVky3LD/el +JRrHskXIA4wDcxfv503tEvRm9vLOdr0XwAyZ9qh7NGfmmAT2W/bKa3qlM6DJ027c +mRl0VKmiseh4r3JIOAqkDFUNbvjKhteA4HeTrOxsqacnzWTH+tvB2Pm3Qpl/oRhM +iAsGICpa9IMFmhmhoWjdpacXIiPaGhJA9AC3lufOPgIqMVvwsQ4= +=V2yl +-----END PGP SIGNATURE----- diff --git a/python-2.7.17-docs-pdf-a4.tar.bz2 b/python-2.7.17-docs-pdf-a4.tar.bz2 deleted file mode 100644 index dfee271..0000000 --- a/python-2.7.17-docs-pdf-a4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bec4c29c255bcf87b39606ec76d6ed25ef3880333a88447bb8958cf9269f7a21 -size 11440300 diff --git a/python-2.7.17-docs-pdf-letter.tar.bz2 b/python-2.7.17-docs-pdf-letter.tar.bz2 deleted file mode 100644 index ae384b5..0000000 --- a/python-2.7.17-docs-pdf-letter.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:27d3f0f23a13300a5df66c66d7a28d09681b810436ab94895295479a8ae0572d -size 11440077 diff --git a/python-2.7.18-docs-pdf-a4.tar.bz2 b/python-2.7.18-docs-pdf-a4.tar.bz2 new file mode 100644 index 0000000..4550925 --- /dev/null +++ b/python-2.7.18-docs-pdf-a4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:55cfc0527ec38284ae56d90b165f099184d6c4e2f1ba604af9e462a66552fcaa +size 11455638 diff --git a/python-2.7.18-docs-pdf-letter.tar.bz2 b/python-2.7.18-docs-pdf-letter.tar.bz2 new file mode 100644 index 0000000..721dc10 --- /dev/null +++ b/python-2.7.18-docs-pdf-letter.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:76e56fe618a6d5d1cd7b90e73d46fa1a4d0b3e5bbdfdce6c5d59cff9d49ed749 +size 11455851 diff --git a/python-base.changes b/python-base.changes index 272fae2..d982387 100644 --- a/python-base.changes +++ b/python-base.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl + +- Update to 2.7.18, final release of Python 2. Ever.: + - Newline characters have been escaped when performing uu + encoding to prevent them from overflowing into to content + section of the encoded file. This prevents malicious or + accidental modification of data during the decoding process. + - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch + by Ben Caller. + - Fixed line numbers and column offsets for AST nodes for calls + without arguments in decorators. + - Disallow control characters in hostnames in http.client, + addressing CVE-2019-18348. Such potentially malicious header + injection URLs now cause a InvalidURL to be raised. + - Fix urllib.urlretrieve failing on subsequent ftp transfers + from the same host. + - Fix problems identified by GCC's -Wstringop-truncation + warning. + - AddRefActCtx() was needlessly being checked for failure in + PC/dl_nt.c. + - Prevent failure of test_relative_path in test_py_compile on + macOS Catalina. + - Fixed possible leak in :c:func:`PyArg_Parse` and similar + functions for format units "es#" and "et#" when the macro + :c:macro:`PY_SSIZE_T_CLEAN` is not defined. + ------------------------------------------------------------------- Sat Feb 8 23:29:28 CET 2020 - Matej Cepl diff --git a/python-base.spec b/python-base.spec index 39396d2..ad010fc 100644 --- a/python-base.spec +++ b/python-base.spec @@ -19,7 +19,7 @@ %define so_version 2_7-1_0 Name: python-base -Version: 2.7.17 +Version: 2.7.18 Release: 0 Summary: Python Interpreter base package License: Python-2.0 diff --git a/python-doc.changes b/python-doc.changes index b935f47..d982387 100644 --- a/python-doc.changes +++ b/python-doc.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl + +- Update to 2.7.18, final release of Python 2. Ever.: + - Newline characters have been escaped when performing uu + encoding to prevent them from overflowing into to content + section of the encoded file. This prevents malicious or + accidental modification of data during the decoding process. + - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch + by Ben Caller. + - Fixed line numbers and column offsets for AST nodes for calls + without arguments in decorators. + - Disallow control characters in hostnames in http.client, + addressing CVE-2019-18348. Such potentially malicious header + injection URLs now cause a InvalidURL to be raised. + - Fix urllib.urlretrieve failing on subsequent ftp transfers + from the same host. + - Fix problems identified by GCC's -Wstringop-truncation + warning. + - AddRefActCtx() was needlessly being checked for failure in + PC/dl_nt.c. + - Prevent failure of test_relative_path in test_py_compile on + macOS Catalina. + - Fixed possible leak in :c:func:`PyArg_Parse` and similar + functions for format units "es#" and "et#" when the macro + :c:macro:`PY_SSIZE_T_CLEAN` is not defined. + +------------------------------------------------------------------- +Sat Feb 8 23:29:28 CET 2020 - Matej Cepl + +- Add CVE-2019-9674-zip-bomb.patch to improve documentation + warning about dangers of zip-bombs and other security problems + with zipfile library. (bsc#1162825 CVE-2019-9674) + ------------------------------------------------------------------- Sat Feb 8 22:30:51 CET 2020 - Matej Cepl diff --git a/python-doc.spec b/python-doc.spec index 12bd25a..1417348 100644 --- a/python-doc.spec +++ b/python-doc.spec @@ -17,7 +17,7 @@ Name: python-doc -Version: 2.7.17 +Version: 2.7.18 Release: 0 Summary: Additional Package Documentation for Python License: Python-2.0 diff --git a/python.changes b/python.changes index b935f47..d982387 100644 --- a/python.changes +++ b/python.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl + +- Update to 2.7.18, final release of Python 2. Ever.: + - Newline characters have been escaped when performing uu + encoding to prevent them from overflowing into to content + section of the encoded file. This prevents malicious or + accidental modification of data during the decoding process. + - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch + by Ben Caller. + - Fixed line numbers and column offsets for AST nodes for calls + without arguments in decorators. + - Disallow control characters in hostnames in http.client, + addressing CVE-2019-18348. Such potentially malicious header + injection URLs now cause a InvalidURL to be raised. + - Fix urllib.urlretrieve failing on subsequent ftp transfers + from the same host. + - Fix problems identified by GCC's -Wstringop-truncation + warning. + - AddRefActCtx() was needlessly being checked for failure in + PC/dl_nt.c. + - Prevent failure of test_relative_path in test_py_compile on + macOS Catalina. + - Fixed possible leak in :c:func:`PyArg_Parse` and similar + functions for format units "es#" and "et#" when the macro + :c:macro:`PY_SSIZE_T_CLEAN` is not defined. + +------------------------------------------------------------------- +Sat Feb 8 23:29:28 CET 2020 - Matej Cepl + +- Add CVE-2019-9674-zip-bomb.patch to improve documentation + warning about dangers of zip-bombs and other security problems + with zipfile library. (bsc#1162825 CVE-2019-9674) + ------------------------------------------------------------------- Sat Feb 8 22:30:51 CET 2020 - Matej Cepl diff --git a/python.spec b/python.spec index 1fb2188..3b3940b 100644 --- a/python.spec +++ b/python.spec @@ -17,7 +17,7 @@ Name: python -Version: 2.7.17 +Version: 2.7.18 Release: 0 Summary: Python Interpreter License: Python-2.0 From d32abf9b40e15d6fa0b653291287df0ceb217af1b6a60ed1f878809ef0ac440d Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 27 Apr 2020 07:04:57 +0000 Subject: [PATCH 2/2] - Use python3-Sphinx on anything more recent than SLE-15 (inclusive). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=282 --- python-base.changes | 5 +++++ python-doc.changes | 5 +++++ python-doc.spec | 4 ++++ python.changes | 5 +++++ 4 files changed, 19 insertions(+) diff --git a/python-base.changes b/python-base.changes index d982387..e53f85c 100644 --- a/python-base.changes +++ b/python-base.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Apr 27 06:56:55 UTC 2020 - Matej Cepl + +- Use python3-Sphinx on anything more recent than SLE-15 (inclusive). + ------------------------------------------------------------------- Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl diff --git a/python-doc.changes b/python-doc.changes index d982387..e53f85c 100644 --- a/python-doc.changes +++ b/python-doc.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Apr 27 06:56:55 UTC 2020 - Matej Cepl + +- Use python3-Sphinx on anything more recent than SLE-15 (inclusive). + ------------------------------------------------------------------- Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl diff --git a/python-doc.spec b/python-doc.spec index 1417348..49300c0 100644 --- a/python-doc.spec +++ b/python-doc.spec @@ -31,7 +31,11 @@ Source0: %{tarname}.tar.xz #Source3: http://docs.python.org/%{version}/archives/python-%{pyver}-docs-pdf-letter.tar.bz2 Source2: python-%{version}-docs-pdf-a4.tar.bz2 Source3: python-%{version}-docs-pdf-letter.tar.bz2 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-Sphinx +%else BuildRequires: python-Sphinx +%endif BuildRequires: xz # COMMON-PATCH-BEGIN Patch1: python-2.7-dirs.patch diff --git a/python.changes b/python.changes index d982387..e53f85c 100644 --- a/python.changes +++ b/python.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Apr 27 06:56:55 UTC 2020 - Matej Cepl + +- Use python3-Sphinx on anything more recent than SLE-15 (inclusive). + ------------------------------------------------------------------- Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl