diff --git a/python-base.changes b/python-base.changes index 0d81dda..0c3851b 100644 --- a/python-base.changes +++ b/python-base.changes @@ -4,2520 +4,6 @@ Sat Feb 26 12:41:42 UTC 2022 - Matej Cepl - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). -------------------------------------------------------------------- -Sat Feb 26 12:41:26 UTC 2022 - Matej Cepl - -------------------------------------------------------------------- -Fri Feb 18 11:00:25 UTC 2022 - Matej Cepl - -- BuildRequire rpm-build-python: The provider to inject python(abi) - has been moved there. rpm-build pulls rpm-build-python - automatically in when building anything against python3-base, but - this implies that the initial build of python3-base does not - trigger the automatic installation. - -------------------------------------------------------------------- -Fri Feb 18 10:51:04 UTC 2022 - Matej Cepl - -- Older SLE versions should use old OpenSSL. - -------------------------------------------------------------------- -Wed Feb 9 16:49:52 UTC 2022 - Matej Cepl - -- Add CVE-2022-0391-urllib_parse-newline-parsing.patch - (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs - containing ASCII newline and tabs in urlparse. - -------------------------------------------------------------------- -Sun Feb 6 07:43:11 UTC 2022 - Matej Cepl - -- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146, - bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib - not trust the PASV response. - -------------------------------------------------------------------- -Mon Dec 6 13:48:27 UTC 2021 - Dirk Müller - -- build against openssl 1.1.x (incompatible with openssl 3.0x) - for now. - -------------------------------------------------------------------- -Tue Nov 2 08:09:03 UTC 2021 - Marcus Meissner - -- on sle12, python2 modules will still be called python-xxxx until EOL, - for newer SLE versions they will be python2-xxxx - -------------------------------------------------------------------- -Fri Oct 15 08:17:46 UTC 2021 - Dominique Leuenberger - -- BuildRequire rpm-build-python: The provider to inject python(abi) - has been moved there. rpm-build pulls rpm-build-python - automatically in when building anything against python3-base, but - this implies that the initial build of python3-base does not - trigger the automatic installation. - -------------------------------------------------------------------- -Tue Sep 21 14:54:40 UTC 2021 - Matej Cepl - -- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 - (CVE-2019-20907, bpo#39017) avoiding possible infinite loop - in specifically crafted tarball. - Add recursion.tar as a testing tarball for the patch. -- Provide the newest setuptools wheel (bsc#1176262, - CVE-2019-20916) in their correct form (bsc#1180686). -- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211 - (CVE-2020-26116, bpo#39603) no longer allowing special characters in - the method parameter of HTTPConnection.putrequest in httplib, stopping - injection of headers. Such characters now raise ValueError. - - -------------------------------------------------------------------- -Thu Aug 26 15:35:10 UTC 2021 - Fusion Future - -- Renamed patch for assigned CVE: - * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch -> - CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch - (boo#1189241, CVE-2021-3737) - -------------------------------------------------------------------- -Mon Aug 23 11:16:24 UTC 2021 - Fusion Future - -- Renamed patch for assigned CVE: - * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch - (boo#1189287, CVE-2021-3733) -- Fix python-doc build (bpo#35293): - * sphinx-update-removed-function.patch -- Update documentation formatting for Sphinx 3.0 (bpo#40204). - -------------------------------------------------------------------- -Tue Aug 10 12:39:28 UTC 2021 - Fusion Future - -- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in - request (bpo#43075, boo#1189287). -- Add missing security announcement to - bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch. - -------------------------------------------------------------------- -Mon Aug 9 15:16:15 UTC 2021 - Fusion Future - -- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch - which fixes http client infinite line reading (DoS) after a http - 100 (bpo#44022, boo#1189241). - -------------------------------------------------------------------- -Fri Jul 16 14:25:20 UTC 2021 - Matej Cepl - -- Modify Lib/ensurepip/__init__.py to contain the same version - numbers as are in reality the ones in the bundled wheels - (bsc#1187668). - -------------------------------------------------------------------- -Fri Feb 26 18:21:55 UTC 2021 - Matej Cepl - -- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids - use of semicolon as a query string separator (bpo#42967, - bsc#1182379, CVE-2021-23336). - -------------------------------------------------------------------- -Mon Jan 25 23:35:49 UTC 2021 - Matej Cepl - -- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing - bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in - _ctypes/callproc.c, which may lead to remote code execution. - -------------------------------------------------------------------- -Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl - -- (bsc#1180125) We really don't Require python-rpm-macros package. - Unnecessary dependency. - -------------------------------------------------------------------- -Sat May 30 12:19:40 UTC 2020 - Matej Cepl - -- Add patch configure_PYTHON_FOR_REGEN.patch which makes - configure.ac to consider the correct version of - PYTHON_FO_REGEN (bsc#1078326). - -------------------------------------------------------------------- -Mon Apr 27 06:56:55 UTC 2020 - Matej Cepl - -- Use python3-Sphinx on anything more recent than SLE-15 (inclusive). - -------------------------------------------------------------------- -Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl - -- Update to 2.7.18, final release of Python 2. Ever.: - - Newline characters have been escaped when performing uu - encoding to prevent them from overflowing into to content - section of the encoded file. This prevents malicious or - accidental modification of data during the decoding process. - - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben - Caller. - - Fixed line numbers and column offsets for AST nodes for calls - without arguments in decorators. - - bsc#1155094 (CVE-2019-18348) Disallow control characters in - hostnames in http.client. Such potentially malicious header - injection URLs now cause a InvalidURL to be raised. - - Fix urllib.urlretrieve failing on subsequent ftp transfers - from the same host. - - Fix problems identified by GCC's -Wstringop-truncation - warning. - - AddRefActCtx() was needlessly being checked for failure in - PC/dl_nt.c. - - Prevent failure of test_relative_path in test_py_compile on - macOS Catalina. - - Fixed possible leak in `PyArg_Parse` and similar - functions for format units "es#" and "et#" when the macro - `PY_SSIZE_T_CLEAN` is not defined. -- Remove upstreamed patches: - - CVE-2019-18348-CRLF_injection_via_host_part.patch - - python-2.7.14-CVE-2017-1000158.patch - - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch - - CVE-2018-1061-DOS-via-regexp-difflib.patch - - CVE-2019-10160-netloc-port-regression.patch - - CVE-2019-16056-email-parse-addr.patch - -------------------------------------------------------------------- -Sat Feb 8 23:29:28 CET 2020 - Matej Cepl - -- Add CVE-2019-9674-zip-bomb.patch to improve documentation - warning about dangers of zip-bombs and other security problems - with zipfile library. (bsc#1162825 CVE-2019-9674) - -------------------------------------------------------------------- -Sat Feb 8 22:30:51 CET 2020 - Matej Cepl - -- Change to Requires: libpython%{so_version} == %{version}-%{release} - to python-base to keep both packages always synchronized (add - %{so_version}) (bsc#1162224). - -------------------------------------------------------------------- -Thu Feb 6 23:14:47 CET 2020 - Matej Cepl - -- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug - "Python urrlib allowed an HTTP server to conduct Regular - Expression Denial of Service (ReDoS)" (bsc#1162367) - -------------------------------------------------------------------- -Mon Feb 3 19:30:31 UTC 2020 - Tomáš Chvátal - -- Provide python-testsuite from devel subkg to ease py2->py3 - dependencies - -------------------------------------------------------------------- -Mon Jan 27 16:47:56 CET 2020 - Matej Cepl - -- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch - off tests coliding with the combination of modern Python and - ancient OpenSSL on SLE-12. - -------------------------------------------------------------------- -Fri Jan 10 16:01:57 CET 2020 - Matej Cepl - -- libnsl is required only on more recent SLEs and openSUSE, older - glibc supported NIS on its own. - -------------------------------------------------------------------- -Thu Jan 2 10:34:17 UTC 2020 - Tomáš Chvátal - -- Add provides in gdbm subpackage to provide dbm symbols. This - allows us to use %%{python_module dbm} as a dependency and have - it properly resolved for both python2 and python3 - -------------------------------------------------------------------- -Thu Dec 19 08:47:01 UTC 2019 - Dominique Leuenberger - -- Drop appstream-glib BuildRequires and no longer call - appstream-util validate-relax: eliminate a build cycle between - as-glib and python. The only thing would would gain by calling - as-uril is catching if upstream breaks the appdata.xml file in a - future release. Considering py2 is dying, chances for a new - release, let alone one breaking the xml file, are slim. - -------------------------------------------------------------------- -Wed Dec 11 14:35:46 CET 2019 - Matej Cepl - -- Unify packages among openSUSE:Factory and SLE versions. - (bsc#1159035) ; add missing records to this changelog. -- Add idle.desktop and idle.appdata.xml to provide IDLE in menus - (bsc#1153830) - -------------------------------------------------------------------- -Wed Dec 4 18:12:17 CET 2019 - Matej Cepl - -- Add python2_split_startup Provide to make it possible to - conflict older packages by shared-python-startup. - -------------------------------------------------------------------- -Fri Nov 22 13:10:03 CET 2019 - Matej Cepl - -- Move /etc/pythonstart script to shared-python-startup - package. - -------------------------------------------------------------------- -Tue Nov 5 11:41:40 CET 2019 - Matej Cepl - -- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from - bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes - bsc#1149792 - -------------------------------------------------------------------- -Tue Nov 5 04:24:05 UTC 2019 - Steve Kowalik - -- Add adapted-from-F00251-change-user-install-location.patch fixing - pip/distutils to install into /usr/local. - -------------------------------------------------------------------- -Thu Oct 24 14:40:39 CEST 2019 - Matej Cepl - -- Update to 2.7.17: - - a bug fix release in the Python 2.7.x series. It is expected - to be the penultimate release for Python 2.7. -- Removed patches included upstream: - - CVE-2018-20852-cookie-domain-check.patch - - CVE-2019-16935-xmlrpc-doc-server_title.patch - - CVE-2019-9636-netloc-no-decompose-characters.patch - - CVE-2019-9947-no-ctrl-char-http.patch - - CVE-2019-9948-avoid_local-file.patch - - python-2.7.14-CVE-2018-1000030-1.patch - - python-2.7.14-CVE-2018-1000030-2.patch -- Renamed remove-static-libpython.diff and python-bsddb6.diff to - remove-static-libpython.patch and python-bsddb6.patch to unify - filenames. - -------------------------------------------------------------------- -Tue Oct 8 19:46:52 CEST 2019 - Matej Cepl - -- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing - bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in - python/Lib/DocXMLRPCServer.py - -------------------------------------------------------------------- -Wed Sep 25 13:25:33 UTC 2019 - Bernhard Wiedemann - -- Add bpo36302-sort-module-sources.patch (boo#1041090) - -------------------------------------------------------------------- -Mon Sep 16 15:57:54 CEST 2019 - Matej Cepl - -- Add CVE-2019-16056-email-parse-addr.patch fixing the email - module wrongly parses email addresses [bsc#1149955, - CVE-2019-16056] - -------------------------------------------------------------------- -Thu Jul 25 19:31:47 CEST 2019 - Matej Cepl - -- boo#1141853 (CVE-2018-20852) add - CVE-2018-20852-cookie-domain-check.patch fixing - http.cookiejar.DefaultPolicy.domain_return_ok which did not - correctly validate the domain: it could be tricked into sending - cookies to the wrong server. - -------------------------------------------------------------------- -Fri Jul 19 11:19:42 UTC 2019 - Tomáš Chvátal - -- Skip test_urllib2_localnet that randomly fails in OBS - -------------------------------------------------------------------- -Wed Jul 3 21:02:00 CEST 2019 - Matej Cepl - -- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch - which fixes regression introduced by the previous patch. - (CVE-2019-10160) - Upstream gh#python/cpython#13812 - -------------------------------------------------------------------- -Wed May 29 08:58:16 UTC 2019 - Martin Liška - -- Set _lto_cflags to nil as it will prevent to propage LTO - for Python modules that are built in a separate package. - -------------------------------------------------------------------- -Thu May 2 08:40:33 CEST 2019 - Matej Cepl - -- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch - Address the issue by disallowing URL paths with embedded - whitespace or control characters through into the underlying - http client request. Such potentially malicious header - injection URLs now cause a ValueError to be raised. - -------------------------------------------------------------------- -Mon Apr 8 22:40:01 CEST 2019 - Matej Cepl - -- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch - removing unnecessary (and potentially harmful) URL scheme - local-file://. - -------------------------------------------------------------------- -Mon Apr 8 21:13:48 CEST 2019 - Matej Cepl - -- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch - Characters in the netloc attribute that decompose under NFKC - normalization (as used by the IDNA encoding) into any of ``/``, - ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the - URL is decomposed before parsing, or is not a Unicode string, - no error will be raised (CVE-2019-9636). - Upstream commits e37ef41 and 507bd8c. - -------------------------------------------------------------------- -Thu Apr 4 22:28:24 CEST 2019 - Matej Cepl - -- (bsc#1111793) Update to 2.7.16: - * bugfix-only release: complete list of changes on - https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst - * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch - which are fully included in the tarball. - * Updated patches to apply cleanly: - CVE-2019-5010-null-defer-x509-cert-DOS.patch - bpo36160-init-sysconfig_vars.patch - do-not-use-non-ascii-in-test_ssl.patch - openssl-111-middlebox-compat.patch - openssl-111-ssl_options.patch - python-2.5.1-sqlite.patch - python-2.6-gettext-plurals.patch - python-2.7-dirs.patch - python-2.7.2-fix_date_time_compiler.patch - python-2.7.4-canonicalize2.patch - python-2.7.5-multilib.patch - python-2.7.9-ssl_ca_path.patch - python-bsddb6.diff - remove-static-libpython.patch - * Update python-2.7.5-multilib.patch to pass with new platlib - regime. - -------------------------------------------------------------------- -Fri Jan 25 16:53:50 CET 2019 - mcepl@suse.com - -- bsc#1109847 (CVE-2018-14647): add - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing - bpo-34623. - -------------------------------------------------------------------- -Fri Jan 25 16:02:21 CET 2019 - mcepl@suse.com - -- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch - PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance - of PyWeakReference struct and does not intialize wr_prev and - wr_next of new isntance. These pointers can have garbage and - point to random memory locations. - Python should not crash while destroying the isntance created - in the same interpreter function. As per my understanding, both - wr_prev and wr_next of PyWeakReference instance should be - initialized to NULL to avoid segfault. - -------------------------------------------------------------------- -Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com - -- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch - fixing bpo-35746 (CVE-2019-5010). - An exploitable denial-of-service vulnerability exists in the - X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. - A specially crafted X509 certificate can cause a NULL pointer - dereference, resulting in a denial of service. An attacker can - initiate or accept TLS connections using crafted certificates - to trigger this vulnerability. - -------------------------------------------------------------------- -Wed Dec 19 19:29:44 UTC 2018 - Todd R - -- Use upstream-recommended %{_rpmconfigdir}/macros.d directory - for the rpm macros. - -------------------------------------------------------------------- -Fri Oct 26 10:48:44 UTC 2018 - Tomáš Chvátal - -- Add patch openssl-111.patch to work with openssl-1.1.1 - (bsc#1113755) - -------------------------------------------------------------------- -Tue Sep 25 22:01:08 UTC 2018 - Matěj Cepl - -- Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which - converts shutil._call_external_zip to use subprocess rather than - distutils.spawn. [bsc#1109663, CVE-2018-1000802] - -------------------------------------------------------------------- -Fri Jun 29 10:24:27 UTC 2018 - mcepl@suse.com - -- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent - low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS - (CVE-2018-1061). Prior to this patch mail server's timestamp was - susceptible to catastrophic backtracking on long evil response from - the server. Also, it was susceptible to catastrophic backtracking, - which was a potential DOS vector. - [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060] - -------------------------------------------------------------------- -Thu Jun 7 17:04:40 UTC 2018 - psimons@suse.com - -- Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that - verifies that at least one channel is provided. Prior to this - check, attackers could cause a denial of service (divide-by-zero - error and application crash) via a crafted wav format audio file. - [bsc#1083507, CVE-2017-18207] - -------------------------------------------------------------------- -Tue May 29 12:42:22 UTC 2018 - mcepl@suse.com - -- Apply "python-sorted_tar.patch" (bsc#1086001, boo#1081750) - sort tarfile output directory listing - -------------------------------------------------------------------- -Mon May 21 18:41:43 UTC 2018 - michael@stroeder.com - -- update to 2.7.15 - * dozens of bugfixes, see NEWS for details -- removed obsolete patches: - * python-ncurses-6.0-accessors.patch - * python-fix-shebang.patch - * gcc8-miscompilation-fix.patch -- add patch from upstream: - * do-not-use-non-ascii-in-test_ssl.patch - -------------------------------------------------------------------- -Fri Apr 6 10:11:22 UTC 2018 - mliska@suse.cz - -- Add gcc8-miscompilation-fix.patch (boo#1084650). - -------------------------------------------------------------------- -Tue Mar 13 15:22:47 UTC 2018 - psimons@suse.com - -- Apply "python-2.7.14-CVE-2017-1000158.patch" to prevent integer - overflows in PyString_DecodeEscape that could have resulted in - heap-based buffer overflow attacks and possible arbitrary code - execution. [bsc#1068664, CVE-2017-1000158] - -------------------------------------------------------------------- -Mon Feb 5 16:01:59 UTC 2018 - normand@linux.vnet.ibm.com - -- exclude test_socket & test_subprocess for PowerPC boo#1078485 - (same ref as previous change) - -------------------------------------------------------------------- -Fri Feb 2 09:21:24 UTC 2018 - normand@linux.vnet.ibm.com - -- Add python-skip_random_failing_tests.patch bypass boo#1078485 - and exclude many tests for PowerPC - -------------------------------------------------------------------- -Tue Jan 30 16:08:33 UTC 2018 - tchvatal@suse.com - -- Add patch python-fix-shebang.patch to fix bsc#1078326 - -------------------------------------------------------------------- -Fri Dec 22 16:49:38 UTC 2017 - jmatejek@suse.com - -- exclude test_regrtest for s390, where it does not segfault as it should - (fixes bsc#1073269) -- fix segfault while creating weakref - bsc#1073748, bpo#29347 - (this is actually fixed by the 2.7.14 update; mentioning this for purposes - of bugfix tracking) - -------------------------------------------------------------------- -Mon Nov 20 16:11:48 UTC 2017 - jmatejek@suse.com - -- update to 2.7.14 - * dozens of bugfixes, see NEWS for details - * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664) - * fixed segfaults with dict mutated during search - * fixed possible free-after-use problems with buffer objects with custom indexing - * fixed urllib.splithost to correctly parse fragments (bpo-30500) -- drop upstreamed python-2.7.13-overflow_check.patch -- drop unneeded python-2.7.12-makeopcode.patch -- drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch -- Apply "python-2.7.14-CVE-2018-1000030-1.patch" and - "python-2.7.14-CVE-2018-1000030-2.patch" to remedy a bug that - would crash the Python interpreter when multiple threads used the - same I/O stream concurrently. This issue is not classified as a - security vulnerability due to the fact that an attacker must be - able to run code, however in some situations -- such as function - as a service -- this vulnerability can potentially be used by an - attacker to violate a trust boundary. [bsc#1079300, - CVE-2018-1000030] - -------------------------------------------------------------------- -Thu Nov 2 16:53:42 UTC 2017 - mpluskal@suse.com - -- Call python2 instead of python in macros - -------------------------------------------------------------------- -Thu Sep 14 14:12:38 UTC 2017 - vcizek@suse.com - -- Fix test broken with OpenSSL 1.1 (bsc#1042670) - * add 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch - -------------------------------------------------------------------- -Mon Aug 28 13:28:46 UTC 2017 - jmatejek@suse.com - -- drop SUSE_ASNEEDED=0 as it is not needed anymore - -------------------------------------------------------------------- -Thu Aug 17 08:58:02 CEST 2017 - kukuk@suse.de - -- Add libnsl-devel build requires for glibc obsoleting libnsl - -------------------------------------------------------------------- -Mon May 15 14:03:01 UTC 2017 - jmatejek@suse.com - -- obsolete/provide python-argparse and provide python2-argparse, - because the argparse module is available from python 2.7 up - -------------------------------------------------------------------- -Tue Feb 28 16:16:40 UTC 2017 - jmatejek@suse.com - -- SLE package update (bsc#1027282) -- refresh python-2.7.5-multilib.patch -- dropped upstreamed patches: - python-fix-short-dh.patch - python-2.7.7-mhlib-linkcount.patch - python-2.7-urllib2-localnet-ssl.patch - CVE-2016-0772-smtplib-starttls.patch - CVE-2016-5699-http-header-injection.patch - CVE-2016-5636-zipimporter-overflow.patch - python-2.7-httpoxy.patch -- Add python-ncurses-6.0-accessors.patch: Fix build with - NCurses 6.0 and OPAQUE_WINDOW set to 1. - (dimstar@opensuse.org) - -------------------------------------------------------------------- -Fri Feb 24 17:08:25 UTC 2017 - bwiedemann@suse.com - -- Add reproducible.patch to allow reproducible builds of various - python packages like python-amqp - Upstream: https://github.com/python/cpython/pull/296 - -------------------------------------------------------------------- -Tue Jan 3 16:59:24 UTC 2017 - jmatejek@suse.com - -- update to 2.7.13 - * dozens of bugfixes, see NEWS for details - * updated cipher lists for openssl wrapper, support openssl >= 1.1.0 - * properly fix HTTPoxy (CVE-2016-1000110) - * profile-opt build now applies PGO to modules as well -- update python-2.7.10-overflow_check.patch - with python-2.7.13-overflow_check.patch, incorporating upstream changes - (bnc#964182) -- add "-fwrapv" to optflags explicitly because upstream code still - relies on it in many places - -------------------------------------------------------------------- -Fri Dec 2 15:32:59 UTC 2016 - jmatejek@suse.com - -- provide python2-* symbols, for support of new packages built as - python2-foo -- rename macros.python to macros.python2 accordingly -- require python-rpm-macros package, drop macro definitions from - macros.python2 - -------------------------------------------------------------------- -Mon Sep 26 14:06:25 UTC 2016 - jmatejek@suse.com - -- initial packaging of `python27` side-by-side variant (fate#321075, bsc#997436) -- renamed `python` to `python27` in package names and requires -- removed Provides and Obsoletes clauses -- dropped SLE12-only patch python-2.7.9-sles-disable-verification-by-default.patch, - companion sle_tls_checks_policy.py file and the python-strict-tls-checks subpackage -- dropped profile files -- removed /usr/bin/python and /usr/bin/python2, along with other unversioned - aliases -- rewrote macros file to enable stand-alone packages depending on py2.7 -- re-included downloaded version of HTML documentation - -------------------------------------------------------------------- -Thu Jun 30 09:23:05 UTC 2016 - jmatejek@suse.com - -- update to 2.7.12 - * dozens of bugfixes, see NEWS for details - * fixes multiple security issues: - CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) - CVE-2016-5636 zipimporter heap overflow (bsc#985177) - CVE-2016-5699 httplib header injection (bsc#985348) - (this one is actually fixed since 2.7.10) -- removed upstreamed python-2.7.7-mhlib-linkcount.patch -- refreshed multilib patch -- python-2.7.12-makeopcode.patch - run newly-built python interpreter - to make opcodes, in order not to require pre-built python -- update LD_LIBRARY_PATH to use $PWD instead of "." because the test - process escapes to its own directory -- modify shebang-fixing scriptlet to ignore makeopcodetargets.py - -------------------------------------------------------------------- -Fri Jun 17 12:33:23 UTC 2016 - jmatejek@suse.com - -- CVE-2016-0772-smtplib-starttls.patch: - smtplib vulnerability opens startTLS stripping attack - (CVE-2016-0772, bsc#984751) -- CVE-2016-5636-zipimporter-overflow.patch: - heap overflow when importing malformed zip files - (CVE-2016-5636, bsc#985177) -- CVE-2016-5699-http-header-injection.patch: - incorrect validation of HTTP headers allow header injection - (CVE-2016-5699, bsc#985348) -- python-2.7-httpoxy.patch: - HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY - when REQUEST_METHOD is also set - (CVE-2016-1000110, bsc#989523) - -------------------------------------------------------------------- -Fri Jan 29 13:03:40 UTC 2016 - rguenther@suse.com - -- Add python-2.7.10-overflow_check.patch to fix broken overflow checks. - [bnc#964182] - -------------------------------------------------------------------- -Mon Sep 14 15:04:43 UTC 2015 - jmatejek@suse.com - -- copy strict-tls-checks subpackage from SLE to retain future compatibility - (not built in openSUSE) -- do this properly to fix bnc#945401 -- update SLE check to exclude Leap which also has version 1315, - just to be sure - -------------------------------------------------------------------- -Wed Sep 9 12:19:01 UTC 2015 - dimstar@opensuse.org - -- Add python-ncurses-6.0-accessors.patch: Fix build with - NCurses 6.0 and OPAQUE_WINDOW set to 1. - -------------------------------------------------------------------- -Thu Aug 13 13:31:15 UTC 2015 - jmatejek@suse.com - -- add missing ssl.pyc and ssl.pyo to package -- implement python-strict-tls-checks subpackage - * when present, Python will perform TLS certificate checking by default. - it is possible to remove the package to turn off the checks - for compatibility with legacy scripts. - * as discussed in fate#318300 - * this is not built for openSUSE, but retained here in case we want - to build the package for a SLE system - -------------------------------------------------------------------- -Mon Jun 29 08:32:44 UTC 2015 - meissner@suse.com - -- python-fix-short-dh.patch: Bump DH parameters to 2048 bit - to fix logjam security issue. bsc#935856 - -------------------------------------------------------------------- -Wed Jun 10 11:19:58 UTC 2015 - dmueller@suse.com - -- add __python2 compatibility macro (used by Fedora) (fate#318838) - -------------------------------------------------------------------- -Sun May 24 14:36:37 UTC 2015 - michael@stroeder.com - -- update to 2.7.10 -- removed obsolete python-2.7-urllib2-localnet-ssl.patch - -------------------------------------------------------------------- -Tue May 19 11:18:12 UTC 2015 - schwab@suse.de - -- Reenable test_posix on aarch64 - -------------------------------------------------------------------- -Sun Dec 21 19:14:17 UTC 2014 - schwab@suse.de - -- python-2.7.4-aarch64.patch: Remove obsolete patch -- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for - aarch64 - -------------------------------------------------------------------- -Fri Dec 12 17:11:51 UTC 2014 - jmatejek@suse.com - -- update to 2.7.9 - * contains full backport of ssl module from Python 3.4 (PEP466) - * HTTPS certificate validation enabled by default (PEP476) - * SSLv3 disabled by default (bnc#901715) - * backported ensurepip module (PEP477) - * fixes several missing CVEs from last release: CVE-2013-1752, - CVE-2013-1753 - * dozens of minor bugfixes -- dropped upstreamed patches: python-2.7.6-poplib.patch, - smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch -- dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it - with ssl module from Python 3 -- libffi was upgraded upstream, seems to contain our changes, - so dropping libffi-ppc64le.diff as well -- python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional - "import ssl" from test_urllib2_localnet that caused it to fail without ssl - -------------------------------------------------------------------- -Wed Oct 22 13:30:24 UTC 2014 - dmueller@suse.com - -- skip test_thread in qemu_linux_user mode - -------------------------------------------------------------------- -Wed Oct 1 13:00:59 UTC 2014 - jmatejek@suse.com - -- CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow - in buffer() - (CVE-2014-7185, bnc#898572) - -------------------------------------------------------------------- -Tue Sep 30 15:06:15 UTC 2014 - jmatejek@suse.com - -- update to 2.7.8 - * bugfix-only release, dozens of bugs fixed - * fixes CVE-2014-4650 directory traversal in CGIHTTPServer - * fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer() -- dropped upstreamed CVE-2014-4650-CGIHTTPserver-traversal.patch -- dropped upstreamed CVE-2014-7185-buffer-wraparound.patch - -------------------------------------------------------------------- -Wed Jul 23 16:48:38 UTC 2014 - jmatejek@suse.com - -- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file - disclosure and directory traversal through URL-encoded characters - (CVE-2014-4650, bnc#885882) -- python-2.7.7-mhlib-linkcount.patch: remove link count optimizations - that are incorrect on btrfs (and possibly other filesystems) - -------------------------------------------------------------------- -Fri Jun 20 13:11:34 UTC 2014 - jmatejek@suse.com - -- update to 2.7.7 - * bugfix-only release, over a hundred bugs fixed - * backported hmac.compare_digest from python3, first step of PEP 466 -- drop upstreamed patches: - * CVE-2014-1912-recvfrom_into.patch - * python-2.7.4-no-REUSEPORT.patch - * python-2.7.6-bdist-rpm.patch - * python-2.7.6-imaplib.patch - * python-2.7.6-sqlite-3.8.4-tests.patch -- refresh patches: - * python-2.7.3-ssl_ca_path.patch - * python-2.7.4-canonicalize2.patch - * xmlrpc_gzip_27.patch -- added python keyring and signature for the main tarball - -------------------------------------------------------------------- -Sat Mar 15 08:05:41 UTC 2014 - schwab@suse.de - -- Use profile-opt only when profiling is enabled -- python-2.7.2-disable-tests-in-test_io.patch: removed, no longer needed -- update testsuite exclusion list: - * test_signal and test_posix fail due to qemu bugs - -------------------------------------------------------------------- -Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de - -- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, - adding python-2.7.6-sqlite-3.8.4-tests.patch - -------------------------------------------------------------------- -Mon Feb 10 14:24:52 UTC 2014 - jmatejek@suse.com - -- added patches for CVE-2013-1752 (bnc#856836) issues that are - missing in 2.7.6: - python-2.7.6-imaplib.patch - python-2.7.6-poplib.patch - smtplib_maxline-2.7.patch -- CVE-2013-1753 (bnc#856835) gzip decompression bomb in xmlrpc client: - xmlrpc_gzip_27.patch -- python-2.7.6-bdist-rpm.patch: fix broken "setup.py bdist_rpm" command - (bnc#857470, issue18045) -- multilib patch: add "~/.local/lib64" paths to search path - (bnc#637176) -- CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow - in socket.recvfrom_into (CVE-2014-1912, bnc#863741) - -------------------------------------------------------------------- -Tue Dec 10 16:56:02 UTC 2013 - uweigand@de.ibm.com - -- Add Obsoletes/Provides for python-ctypes. - -------------------------------------------------------------------- -Sat Dec 7 02:27:51 UTC 2013 - matz@suse.de - -- Ignore uuid testcase in the testsuite, it relies on unreliable - ifconfig output. - -------------------------------------------------------------------- -Tue Dec 3 20:03:08 CET 2013 - mls@suse.de - -- adapt python-2.7.5-multilib.patch for ppc64le - -------------------------------------------------------------------- -Tue Dec 3 17:30:26 UTC 2013 - dvaleev@suse.com - -- adjust %files for ppc64le - -------------------------------------------------------------------- -Tue Dec 3 17:05:45 UTC 2013 - matz@suse.de - -- Support for ppc64le in _ctypes libffi copy. - -- added patches: - * libffi-ppc64le.diff -------------------------------------------------------------------- -Tue Dec 3 09:44:28 UTC 2013 - adrian@suse.de - -- add ppc64le rules -- avoid errors from source-validator - -------------------------------------------------------------------- -Thu Nov 21 15:39:28 UTC 2013 - jmatejek@suse.com - -- update to 2.7.6 - * bugfix-only release - * SSL-related fixes - * upstream fix for CVE-2013-4238 - * upstream fixes for CVE-2013-1752 -- removed upstreamed patch CVE-2013-4238_py27.patch -- reintroduce audioop.so as the problems with it seem to be fixed - (bnc#831442) - -------------------------------------------------------------------- -Thu Oct 10 18:13:08 UTC 2013 - dmueller@suse.com - -- exclude test_mmap under qemu_linux_user - emulation fails here - as the tests mmap address conflicts with qemu - -------------------------------------------------------------------- -Mon Aug 26 13:55:35 UTC 2013 - lnussel@suse.de - -- update python-2.7.3-ssl_ca_path.patch patch to load default verify locations - if no ca_certs file is specified (bnc#827982, bnc#836739) - -------------------------------------------------------------------- -Fri Aug 16 11:25:49 UTC 2013 - jmatejek@suse.com - -- handle NULL bytes in certain fields of SSL certificates - (CVE-2013-4238, bnc#834601) - -------------------------------------------------------------------- -Tue Jul 9 07:55:50 UTC 2013 - jengelh@inai.de - -- Add python-bsddb6.diff to support building against libdb-6.0 - -------------------------------------------------------------------- -Sat Jul 6 17:17:11 UTC 2013 - coolo@suse.com - -- have python-devel require python: - http://lists.opensuse.org/opensuse-factory/2013-06/msg00622.html - -------------------------------------------------------------------- -Sun Jun 30 21:20:29 UTC 2013 - schwab@suse.de - -- Disable test_multiprocessing in QEmu build - -------------------------------------------------------------------- -Wed Jun 5 15:17:51 UTC 2013 - schwab@suse.de - -- Disable test_asyncore in QEmu build -- Reenable testsuite on arm - -------------------------------------------------------------------- -Thu May 30 16:40:16 UTC 2013 - jmatejek@suse.com - -- python-2.7.4-aarch64.patch: add missing bits of aarch64 support -- python-2.7.4-no-REUSEPORT.patch: disable test of - missing kernel functionality -- drop unnecessary patch: python-2.7.1-distutils_test_path.patch -- switch to xz archive - -------------------------------------------------------------------- -Tue May 28 08:42:49 UTC 2013 - speilicke@suse.com - -- Update to version 2.7.5: - + bugfix-only release - + fixes several important regressions introduced in 2.7.4 - + Issue #15535: Fixed regression in the pickling of named tuples by - removing the __dict__ property introduced in 2.7.4. - + Issue #17857: Prevent build failures with pre-3.5.0 versions of sqlite3, - such as was shipped with Centos 5 and Mac OS X 10.4. - + Issue #17703: Fix a regression where an illegal use of Py_DECREF() after - interpreter finalization can cause a crash. - + Issue #16447: Fixed potential segmentation fault when setting __name__ on a - class. - + Issue #17610: Don't rely on non-standard behavior of the C qsort() function. 12 - See http://hg.python.org/cpython/file/ab05e7dd2788/Misc/NEWS for more -- Drop upstreamed patches: - + python-2.7.3-fix-dbm-64bit-bigendian.patch - + python-test_structmembers.patch -- Rebased other patches - -------------------------------------------------------------------- -Mon May 13 09:24:29 UTC 2013 - dmueller@suse.com - -- add aarch64 to the list of 64-bit platforms - -------------------------------------------------------------------- -Thu May 9 16:11:23 UTC 2013 - jmatejek@suse.com - -- update to 2.7.4 - * bugfix-only release -- drop upstreamed patches: - pypirc-secure.diff - python-2.7.3-multiprocessing-join.patch - ctypes-libffi-aarch64.patch -- drop python-2.7rc2-configure.patch as it doesn't seem necessary anymore - -------------------------------------------------------------------- -Fri Apr 5 13:33:27 UTC 2013 - idonmez@suse.com - -- Add Source URL, see https://en.opensuse.org/SourceUrls - -------------------------------------------------------------------- -Wed Feb 27 17:04:32 UTC 2013 - schwab@suse.de - -- Add aarch64 to the list of lib64 platforms - -------------------------------------------------------------------- -Mon Feb 25 17:24:52 UTC 2013 - jmatejek@suse.com - -- fix pythonstart failing on $HOME-less users (bnc#804978) - -------------------------------------------------------------------- -Sat Feb 9 16:24:10 UTC 2013 - schwab@suse.de - -- Add ctypes-libffi-aarch64.patch: import aarch64 support for libffi in - _ctypes module - -------------------------------------------------------------------- -Fri Feb 8 14:49:45 UTC 2013 - jmatejek@suse.com - -- multiprocessing: thread joining itself (bnc#747794) -- gettext: fix cases where no bundle is found (bnc#794139) - -------------------------------------------------------------------- -Thu Oct 25 11:21:06 UTC 2012 - coolo@suse.com - -- add explicit buildrequire on libbz2-devel - -------------------------------------------------------------------- -Mon Oct 15 10:39:15 UTC 2012 - coolo@suse.com - -- buildrequire explicitly netcfg for the test suite - -------------------------------------------------------------------- -Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com - -- remove distutils.cfg (bnc#658604) - * this changes default prefix for distutils to /usr - * see ML for details: -http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html - -------------------------------------------------------------------- -Fri Aug 3 18:43:32 UTC 2012 - dimstar@opensuse.org - -- Add python-bundle-lang.patch: gettext: If bindtextdomain is - instructed to look in the default location of translations, we - check additionally in locale-bundle. Fixes issues like bnc#617751 - -------------------------------------------------------------------- -Tue Jul 31 12:36:04 UTC 2012 - jmatejek@suse.com - -- all subpackages require python-base=%{version}-%{release} explicitly - (fixes bnc#766778 bug and similar that might arise in the future) - -------------------------------------------------------------------- -Tue Jun 26 11:54:22 UTC 2012 - dvaleev@suse.com - -- Fix failing test_dbm on ppc64 - -------------------------------------------------------------------- -Thu May 17 17:49:31 UTC 2012 - jfunk@funktronics.ca - -- Support directory-based certificate stores with the ca_certs parameter of SSL - functions [bnc#761501] - -------------------------------------------------------------------- -Sat Apr 14 08:57:46 UTC 2012 - dmueller@suse.com - -- update to 2.7.3: - * no change -- remove static libpython.a from build to avoid packages - linking it statically - -------------------------------------------------------------------- -Wed Mar 28 18:19:18 UTC 2012 - jmatejek@suse.com - -- update to 2.7.3rc2 - * fixes several security issues: - * CVE-2012-0845, bnc#747125 - * CVE-2012-1150, bnc#751718 - * CVE-2011-4944, bnc#754447 - * CVE-2011-3389 -- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) - -!!important!! -- disabled test_unicode which segfaults on 64bits. - this should not happen, revisit in next RC! -!!important!! - -------------------------------------------------------------------- -Thu Feb 16 12:33:44 UTC 2012 - dvaleev@suse.com - -- skip broken test_io test on ppc - -------------------------------------------------------------------- -Mon Dec 12 13:39:57 UTC 2011 - toddrme2178@gmail.com - -- Exclude /usr/bin/2to3 to prevent conflicts with python3-2to3 - -------------------------------------------------------------------- -Thu Dec 8 13:31:01 UTC 2011 - jmatejek@suse.com - -- %python_version now correctly refers to %tarversion - -------------------------------------------------------------------- -Mon Nov 28 09:21:32 UTC 2011 - saschpe@suse.de - -- Spec file cleanup: - * Run spec-cleaner - * Remove outdated %clean section, AutoReqProv and authors from descr. -- Fix license to Python-2.0 (also SPDX style) - -------------------------------------------------------------------- -Fri Sep 30 09:08:59 UTC 2011 - adrian@suse.de - -- fix build for arm by removing an old hack for arm, bz2.so is built now - -------------------------------------------------------------------- -Fri Sep 16 16:21:44 UTC 2011 - jmatejek@suse.com - -- dropped newslist.py from demos because of bad license - (bnc#718009) - -------------------------------------------------------------------- -Fri Aug 19 22:37:42 CEST 2011 - dmueller@suse.de - -- update to 2.7.2: - * Bug fix only release, see - http://hg.python.org/cpython/raw-file/eb3c9b74884c/Misc/NEWS - for details -- introduce a pre_checkin.sh file that synchronizes - patches between python and python-base -- rediff patches for 2.7.2 -- replace kernel3 patch with the upstream solution - -------------------------------------------------------------------- -Fri Jul 22 13:03:49 UTC 2011 - idonmez@novell.com - -- Copy Lib/plat-linux2 to Lix/plat-linux3 so that DLFCN module - is also available for linux3 systems bnc#707667 - -------------------------------------------------------------------- -Mon Jul 11 01:59:56 CEST 2011 - ro@suse.de - -- fix build on factory: setup reports linux3 not linux2 now, - adapt checks - -------------------------------------------------------------------- -Tue May 31 17:58:30 UTC 2011 - jmatejek@novell.com - -- added explicit requires to libpython-%version-%release - to prevent bugs like bnc#697251 reappearing - -------------------------------------------------------------------- -Tue May 24 14:27:05 UTC 2011 - jmatejek@novell.com - -- update to 2.7.1 - * bugfix-only release, see NEWS for details -- refreshed patches, dropped the upstreamed ones -- dropped acrequire patch, replacing it with build-time sed -- improved fix to bnc#673071 by defining the constants - only for files that require it (as is done in python3) - -------------------------------------------------------------------- -Mon May 2 16:04:49 UTC 2011 - jmatejek@novell.com - -- fixed a security flaw where malicious sites could redirect - Python application from http to a local file - (CVE-2011-1521, bnc#682554) -- fixed race condition in Makefile which randomly failed - parallel builds ( http://bugs.python.org/issue10013 ) - -------------------------------------------------------------------- -Thu Feb 17 17:37:09 CET 2011 - pth@suse.de - -- Prefix DATE and TIME with PY_BUILD_ and COMPILER with PYTHON_ as - to not break external code (bnc#673071). - -------------------------------------------------------------------- -Mon Jan 17 09:42:20 UTC 2011 - coolo@novell.com - -- provide pyxml to avoid touching tons of packages - -------------------------------------------------------------------- -Thu Nov 18 08:23:34 UTC 2010 - coolo@novell.com - -- add patch from http://psf.upfronthosting.co.za/roundup/tracker/issue9960 - to fix build on ppc64 - -------------------------------------------------------------------- -Fri Oct 1 13:41:30 UTC 2010 - jmatejek@novell.com - -- moved unittest to python-base (it is a testing framework, not a - testsuite, so it clearly belongs into stdlib) -- fixed smtpd.py DoS (bnc#638233, CVE probably not assigned) - -------------------------------------------------------------------- -Tue Sep 21 10:07:43 UTC 2010 - coolo@novell.com - -- fix baselibs.conf - -------------------------------------------------------------------- -Thu Aug 26 15:13:49 UTC 2010 - suse-tux@gmx.de - -- fix for urllib2 (http://bugs.python.org/issue9639) - -------------------------------------------------------------------- -Thu Aug 26 13:45:19 UTC 2010 - jmatejek@novell.com - -- fixed distutils test -- dropped autoconf version requirement (it builds just fine with other versions) - -------------------------------------------------------------------- -Thu Aug 26 11:37:28 UTC 2010 - jmatejek@novell.com - -- update to version 2.7 - * improved handling of numeric types - * deprecation warnings are now silent by default - * new argparse module for command line arguments - * many new features, see http://docs.python.org/dev/whatsnew/2.7.html - for complete list -*** 2.7 is supposed to be the last version from the 2.x series, -so its (upstream) maintenance period will probably be longer than usual. -However, upstream development now focuses on 3.x series. - -- cleaned up spec and patches - -------------------------------------------------------------------- -Fri Jul 2 13:58:38 UTC 2010 - jengelh@medozas.de - -- add patch from http://bugs.python.org/issue6029 -- use %_smp_mflags - -------------------------------------------------------------------- -Mon May 17 17:07:33 CEST 2010 - matejcik@suse.cz - -- dropped audioop.so because of security vulnerabilities - (bnc#603255) - -------------------------------------------------------------------- -Wed Apr 7 20:35:26 CEST 2010 - matejcik@suse.cz - -- update to 2.6.5 (rpm version 2.6.5) -- patched test_distutils to work - -------------------------------------------------------------------- -Thu Mar 11 18:13:05 CET 2010 - matejcik@suse.cz - -- update to 2.6.5rc2 (rpm version is 2.6.4.92) - * bugfix-only release -- removed fwrapv patch - no longer needed -- removed expat patches (this version also fixes expat vulnerabilities - from bnc#581765 ) -- removed readline spacing patch - no longer needed -- removed https_proxy patch - no longer needed -- removed test_distutils patch - no longer needed -- disabled test_distutils because of spurious failure, - * TODO reenable at release - -------------------------------------------------------------------- -Thu Feb 4 20:46:03 CET 2010 - matejcik@suse.cz - -- removed precompiled exe files (as noted in bnc#577032) - -------------------------------------------------------------------- -Fri Jan 29 15:44:15 CET 2010 - matejcik@suse.cz - -- enabled ipv6 in configure (bnc#572673) - -------------------------------------------------------------------- -Wed Dec 23 08:36:29 UTC 2009 - aj@suse.de - -- Apply patches with fuzz=0 - -------------------------------------------------------------------- -Tue Dec 15 00:22:44 CET 2009 - jengelh@medozas.de - -- add baselibs.conf as source - -------------------------------------------------------------------- -Wed Nov 4 19:04:16 CET 2009 - matejcik@suse.cz - -- readline shouldn't append space after completion (bnc#551715, - python bug 5833) - -------------------------------------------------------------------- -Wed Oct 28 18:03:27 UTC 2009 - crrodriguez@opensuse.org - -- python-devel Requires glibc-devel - -------------------------------------------------------------------- -Fri Sep 4 20:16:42 CEST 2009 - matejcik@suse.cz - -- fixed potential DoS in python's copy of expat (bnc#534721) -- added patch for potential SSL hangup during handshake (bnc#525295) - -------------------------------------------------------------------- -Sun Aug 2 17:01:16 UTC 2009 - jansimon.moeller@opensuse.org - -- fix files section for ARM, as bz2.so isn't built on ARM. - -------------------------------------------------------------------- -Fri Jul 31 22:41:02 CEST 2009 - matejcik@suse.cz - -- added /usr/lib/python2.6{,/site-packages} to the package even if - it is on lib64 arch -- added %python_sitelib and %python_sitearch for fedora compatibility - -------------------------------------------------------------------- -Thu Jul 30 18:34:09 CEST 2009 - matejcik@suse.cz - -- fixed test in test_distutils suite that would generate a warning - when the log threshold was set too low by preceding tests - -------------------------------------------------------------------- -Wed Jul 29 16:09:32 CEST 2009 - matejcik@suse.cz - -- support noarch python packages (modified multilib patch - to differentiate between purelib and platlib, added /usr/lib - to search path in all cases - -------------------------------------------------------------------- -Thu Jul 16 10:11:27 CEST 2009 - coolo@novell.com - -- disable as-needed to fix build - -------------------------------------------------------------------- -Mon Apr 27 15:19:45 CEST 2009 - matejcik@suse.cz - -- update to 2.6.2 - * bugfix-only release for 2.6 series - -------------------------------------------------------------------- -Fri Feb 6 16:10:31 CET 2009 - matejcik@suse.cz - -- excluded pyconfig.h and Makefile and Setup from -devel subpackage - to prevent file conflicts of python-base and python-devel - -------------------------------------------------------------------- -Thu Jan 15 16:00:02 CET 2009 - matejcik@suse.cz - -- fixed gettext.py problem with empty plurals line (bnc#462375) - -------------------------------------------------------------------- -Wed Jan 7 12:34:56 CET 2009 - olh@suse.de - -- obsolete old -XXbit packages (bnc#437293) - -------------------------------------------------------------------- -Mon Dec 15 17:10:17 CET 2008 - matejcik@suse.cz - -- removed bsddb directory from python-base, reenabled in python - ( bnc#441088 ) - -------------------------------------------------------------------- -Mon Oct 20 15:18:30 CEST 2008 - matejcik@suse.cz - -- added libpython and python-base to baselibs.conf (bnc#432677) -- disabled test_smtplib for ia64 so that the package actually - gets built (bnc#436966) - -------------------------------------------------------------------- -Thu Oct 9 18:56:33 CEST 2008 - matejcik@suse.cz - -- update to 2.6 final (version name is 2.6.0 to make upgrade from - 2.6rc2 possible) -- replaced site.py hack with a .pth file to do the same thing - (cleaner solution that doesn't mess up documented behavior - and also fixes virtualenv, bnc#430761) -- enabled profile optimized build -- fixed %py_requires macro (bnc#346490) -- provide %name = 2.6 - -------------------------------------------------------------------- -Fri Sep 19 20:09:50 CEST 2008 - matejcik@suse.cz - -- moved tests to %check section -- update to 2.6rc2, removing the last remaining security patch -- included patch for https proxy support that resolves bnc#214983 - (in a proper way) and bnc#298378 -- included fix for socket.ssl() behavior regression, fixing - bnc#426563 - -------------------------------------------------------------------- -Wed Sep 17 22:09:12 CEST 2008 - matejcik@suse.cz - -- included /etc/rpm/macros.python to fix the split-caused breakage - -------------------------------------------------------------------- -Tue Sep 16 18:12:10 CEST 2008 - matejcik@suse.cz - -- applied bug-no-proxy patch from python#3879, which should improve - backwards compatibility (important i.e. for bzr) -- moved python-xml to a subpackage of this (brings no additional - dependencies, so it can as well stay) -- moved Makefile and pyconfig.h to python-base, removing the need - to have python-devel for installation -- improved compatibility with older distros for 11.0 -- moved ssl.py and sqlite3 module to python package - they won't work - without their respective binary modules anyway - -------------------------------------------------------------------- -Mon Sep 15 18:34:27 CEST 2008 - matejcik@suse.cz - -- updated to 2.6rc1 - bugfix-only pre-stable release -- renamed python-base-devel to python-devel as it should be -- removed macros from libpython package name - -------------------------------------------------------------------- -Fri Sep 12 14:46:00 CEST 2008 - matejcik@suse.cz - -- moved python-devel to a subpackage of this -- created libpython subpackage -- moved essential files from -devel to -base, so that distutils - should now be able to install without -devel package - -------------------------------------------------------------------- -Fri Sep 12 14:44:55 CEST 2008 - matejcik@suse.cz - -- split package, as per fate#305065 -- moved python-devel to be a subpackage of python-base -- minor fixes & packaging cleanups - -------------------------------------------------------------------- -Wed Sep 10 16:31:29 CEST 2008 - matejcik@suse.cz - -- fixed misapplied ssl-compat patch (caused segfaults when - opening SSL connections, bnc#425138 ) - -------------------------------------------------------------------- -Wed Sep 3 17:17:06 CEST 2008 - matejcik@suse.cz - -- updated to 2.6beta3 from BETA dist, summary of changes follows: - * patches update/cleanup - * removed failing tests (test_unicode, test_urllib2), those will - be reworked later to not fail - * fixed ncurses/panel.h include - * removed most security fixes, as they are already included in - this version - * removed imageop/rgbimg - (reasons: they only work in 32bit environment anyway, are - deprecated by upstream and have inherent security problems) - * fixed pythonstart script to trim history after 10000 lines - (bnc#399190) -- 2.6beta3 is mostly stable release of the 2.6 series, - package will be updated to 2.6 final as soon as it comes out - (in the beginning of October) - -------------------------------------------------------------------- -Wed Jul 30 20:35:02 CEST 2008 - matejcik@suse.cz - -- security fixes for issues mentioned in bnc#406051: - * CVE-2008-2315 - multiple integer overflows in basic types - * CVE-2008-2316 - partial hashing of huge data with hashlib - * CVE-2008-3142 - multiple buffer oveflows in unicode processing - * CVE-2008-3144 - possible integer over/underflow in mysnprintf - * buffer overflows in expandtabs() method (afaik no CVE assigned) -- also mentioned CVE-2008-3143 is already fixed in python 2.5.2 - -------------------------------------------------------------------- -Mon Jun 30 15:38:17 CEST 2008 - schwab@suse.de - -- Work around autoheader bug. - -------------------------------------------------------------------- -Fri Jun 13 10:07:02 CEST 2008 - schwab@suse.de - -- Fix configure script. - -------------------------------------------------------------------- -Thu Apr 24 19:37:14 CEST 2008 - matejcik@suse.cz - -- proper path for html documentation from python-doc, - help text mentioning python-doc package in pydoc - (bnc#380942) - -------------------------------------------------------------------- -Wed Apr 16 21:20:07 CEST 2008 - matejcik@suse.cz - -- PyString_FromStringAndSize now checks size parameter - (bnc#379534, CVE-2008-1721) - -------------------------------------------------------------------- -Tue Apr 15 09:14:29 CEST 2008 - adrian@suse.de - -- disable DNS lookup test when running in build service. - The XEN build hosts have no network. - -------------------------------------------------------------------- -Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - -- added baselibs.conf file to build xxbit packages - for multilib support - -------------------------------------------------------------------- -Mon Apr 7 13:59:29 CEST 2008 - schwab@suse.de - -- Limit virtual memory to avoid spurious testsuite failures. - -------------------------------------------------------------------- -Mon Mar 10 18:18:43 CET 2008 - matejcik@suse.cz - -- bnc#367853 turned out to be invalid, upstream is already on to - the real problem -- forcing -fwrapv to compiler flags until upstream has a solution - -------------------------------------------------------------------- -Wed Feb 27 18:08:58 CET 2008 - matejcik@suse.cz - -- update to 2.5.2 - - bugfix-only release, over 100 bugs fixed -- removed hppa patch (already included) -- disabled test_str until gcc issue bnc#367853 is resolved - -------------------------------------------------------------------- -Tue Nov 13 17:32:06 CET 2007 - matejcik@suse.cz - -- patched a bug in sqlite module that would cause segfault on - call to executescript() - -> TODO return and improve the patch - -------------------------------------------------------------------- -Mon Sep 3 17:57:43 CEST 2007 - matejcik@suse.cz - -- replaced fdupes oneliner with %fdupes macro -- added /usr/bin/python2 symlink (#307097) -- obsoletes python-elementtree and python-sqlite (#301182) - (obsoletes, but doesn't provide - the modules that obsolete those - packages are renamed and dependent packages need to be changed) - -------------------------------------------------------------------- -Fri Aug 24 16:42:12 CEST 2007 - bg@suse.de - -- fix build on hppa - -------------------------------------------------------------------- -Fri Aug 3 15:25:32 CEST 2007 - jmatejek@suse.cz - -- replaced duplicate files with hardlinks - -------------------------------------------------------------------- -Fri Jul 27 14:51:03 CEST 2007 - jmatejek@suse.cz - -- removed emacs python-mode and dependency on emacs - -------------------------------------------------------------------- -Fri Jun 8 16:33:09 CEST 2007 - jmatejek@suse.cz - -- revisited & explained failing tests -- applied EINTR recovery patch (#278622) -- experimental replacement of shebang strings, - removing dependency on /usr/bin/env - -------------------------------------------------------------------- -Thu May 24 18:47:20 CEST 2007 - jmatejek@suse.cz - -- update to 2.5.1 - - bugfix only release, over 150 bugs fixed - - fixes off-by-one memory leak in _localemodule.c - (#276889, CVE-2007-2052) -- unnecessary patches removed, minor build cleanup -- warns when attempting to use https proxy (#214983) - -------------------------------------------------------------------- -Tue May 22 01:13:28 CEST 2007 - ro@suse.de - -- make setup.py accept db-4.5 - -------------------------------------------------------------------- -Thu Mar 29 13:32:08 CEST 2007 - aj@suse.de - -- Add ncurses-devel to BuildRequires. - -------------------------------------------------------------------- -Sat Mar 24 18:16:08 CET 2007 - aj@suse.de - -- Add libbz2-devel to BuildRequires. - -------------------------------------------------------------------- -Fri Mar 23 15:10:09 CET 2007 - rguenther@suse.de - -- add gdbm-devel BuildRequires - -------------------------------------------------------------------- -Mon Jan 8 19:27:06 CET 2007 - cthiel@suse.de - -- fix sqlite3 support (#228733) - -------------------------------------------------------------------- -Tue Sep 19 18:20:07 CEST 2006 - jmatejek@suse.cz - -- update to 2.5 final, going into STABLE dist -- issue with lib/python/config is not caused by dirs patch - -------------------------------------------------------------------- -Wed Sep 13 19:07:35 CEST 2006 - jmatejek@suse.cz - -- update to 2.5c2 - - 2.5 final is expected next week -- removed testfiles.tar.bz2 from package due to copyright issues - (see #204867). Reminder: enable urlfetch or put it back (or both, - using Nosource) - -------------------------------------------------------------------- -Tue Sep 5 13:51:48 CEST 2006 - jmatejek@suse.cz - -- update to 2.5c1 -- many new features, see http://www.python.org/dev/peps/pep-0356/ -- 64bit indices issue will require changes of modules, see - http://www.python.org/dev/peps/pep-0353/ for transition guidelines -- non-backwards-compatible changes, see - http://docs.python.org/dev/whatsnew/section-other.html - (this link is expected to die, so just search for "what's new in 2.5") -- open issues in build process: - - sed'ing out /usr/local/bin/python from files causes build to fail - if not filtered by grep (see %prep section) - might be a bug in sed - - 2.3.3-dirs patch + --enable-shared + --libdir breaks build, - because "-L/usr/lib*/python2.5/config" is added instead of "-L." - Workaround in 2.5c1-dirs-fix, should be replaced soon - - test_file fails in autobuild, but is OK when building manually - - test_nis fails in autobuild, probably due to a misconfiguration - on autobuild servers - - it might be good to create python-sqlite3 subpackage - -------------------------------------------------------------------- -Mon Apr 24 20:08:30 CEST 2006 - jmatejek@suse.cz - -- update to 2.4.3 - - no big changes, bugfix-only release (about 50 bugs fixed) - -------------------------------------------------------------------- -Wed Mar 15 17:51:29 CET 2006 - jmatejek@suse.cz - -- moved -doc and -doc-pdf into separate noarch specfile - -------------------------------------------------------------------- -Mon Feb 27 18:05:56 CET 2006 - jmatejek@suse.cz - -- implemented /usr/local path schemes for bug #149809 - - python now recognizes packages in /usr/local/lib/python2.4 - - distutils install by default into /usr/local/lib/python2.4/site-packages - - on 64bit systems that is of course lib64 - -------------------------------------------------------------------- -Wed Jan 25 21:30:52 CET 2006 - mls@suse.de - -- converted neededforbuild to BuildRequires - -------------------------------------------------------------------- -Sat Jan 14 13:25:08 CET 2006 - kukuk@suse.de - -- Add gmp-devel to nfb - -------------------------------------------------------------------- -Mon Nov 28 19:10:03 CET 2005 - jmatejek@suse.cz - -- reenabled optimization on ppc64 - -------------------------------------------------------------------- -Fri Nov 11 16:59:11 CET 2005 - nadvornik@suse.cz - -- fixed another bug in canonicalize patch [#133267] - -------------------------------------------------------------------- -Wed Oct 5 15:53:01 CEST 2005 - jmatejek@suse.cz - -- update to 2.4.2 -- additional fixes to canonicalize patch, restored interactive mode - -------------------------------------------------------------------- -Mon Sep 26 15:40:20 CEST 2005 - jmatejek@suse.cz - -- replaced the previous patch with a new one - - it now tries to use canonical_file_name(), falling back to realpath() - and eventually readlink - - canonical_file_name() branch now sets the buffer length - -------------------------------------------------------------------- -Fri Sep 23 16:29:19 CEST 2005 - jmatejek@suse.cz - -- fixed to build with gcc's new buffer overflow checking - - added patch from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169046 - -------------------------------------------------------------------- -Fri Apr 22 17:04:38 CEST 2005 - schwab@suse.de - -- Always enable SSL bug workarounds. - -------------------------------------------------------------------- -Tue Apr 5 16:58:27 CEST 2005 - mcihar@suse.cz - -- update to 2.4.1 - -------------------------------------------------------------------- -Thu Mar 24 16:15:25 CET 2005 - uli@suse.de - -- fixed to build on ARM - -------------------------------------------------------------------- -Tue Mar 1 19:16:46 CET 2005 - mcihar@suse.cz - -- skip some test on ia64 for now - -------------------------------------------------------------------- -Tue Feb 8 16:43:56 CET 2005 - mcihar@suse.cz - -- mark configuration files as %config - -------------------------------------------------------------------- -Tue Feb 01 14:16:43 CET 2005 - mcihar@suse.cz - -- fix vulnerability in SimpleXMLRPCServer (bug #50321, CAN-2005-0089) - -------------------------------------------------------------------- -Tue Dec 28 16:43:47 CET 2004 - mcihar@suse.cz - -- disable bsddb tests, it fails probably on all 64-bit - -------------------------------------------------------------------- -Thu Dec 23 13:46:21 CET 2004 - mcihar@suse.cz - -- make lib64 installation also work on others than x86_64 - -------------------------------------------------------------------- -Mon Dec 20 17:51:29 CET 2004 - mcihar@suse.de - -- fixed build on ppc64 - - update multiarch patch - - do not test bsddb internals - - remove optimalisation from flags, it breaks at least math - -------------------------------------------------------------------- -Mon Dec 20 14:22:15 CET 2004 - mcihar@suse.cz - -- added extra files needed for some tests (codecmaps and unicode normalisation) -- enabled bsddb tests -- reenabled test_shelve, as it works now - -------------------------------------------------------------------- -Thu Dec 16 17:13:04 CET 2004 - mcihar@suse.cz - -- update db 4.3 patch -- fix bdist_rpm when spec file generates more than one rpm - -------------------------------------------------------------------- -Tue Dec 14 08:13:09 CET 2004 - bg@suse.de - -- disable tests for hppa - -------------------------------------------------------------------- -Mon Dec 06 12:30:59 CET 2004 - mcihar@suse.cz - -- fix bsddb module for current bsddb -- improved readline detection - -------------------------------------------------------------------- -Fri Dec 03 17:37:48 CET 2004 - mcihar@suse.cz - -- updated documentation to 2.4 - -------------------------------------------------------------------- -Wed Dec 01 18:07:17 CET 2004 - mcihar@suse.cz - -- don't use wctype functions from glibc, it breaks at some situations -- enable tests during compilation, removing currently known failures - -------------------------------------------------------------------- -Tue Nov 30 14:32:27 CET 2004 - mcihar@suse.cz - -- update to 2.4 final - -------------------------------------------------------------------- -Wed Nov 24 18:30:23 CET 2004 - mcihar@suse.cz - -- yet another ignore list update, ignore man and locale dirs - -------------------------------------------------------------------- -Wed Nov 24 15:15:46 CET 2004 - mcihar@suse.cz - -- ignore /etc and avoid infinite loop while generating directory list - -------------------------------------------------------------------- -Wed Nov 24 12:43:07 CET 2004 - mcihar@suse.cz - -- ignore one more directories in file list generating -- handle correctly headers path in file list generating -- handle extra_dir in file list generating -- use same way as mandrake to support lib64, at least it's a bit cleaner - solution than we had, so we now also have sys.lib -- audioop is now enabled on 64-bit - -------------------------------------------------------------------- -Tue Nov 23 16:25:15 CET 2004 - mcihar@suse.cz - -- updated to 2.4c1 (2.4 release candidate 1) -- dropped python-mpz package as it was dropped by upstream -- completely rewritten and much simplified rpm file list generation, if you - have problems with new version, please drop me a note -- install also /etc/profile.d/python.csh - -------------------------------------------------------------------- -Tue Aug 24 16:22:05 CEST 2004 - mcihar@suse.cz - -- updated README.SUSE -- added startup script, which enables saving of history and completion - for interactive usage - -------------------------------------------------------------------- -Thu May 27 15:25:20 CEST 2004 - mcihar@suse.cz - -- update to 2.3.4 final (no changes from rc 1) - -------------------------------------------------------------------- -Wed May 19 17:11:10 CEST 2004 - mcihar@suse.cz - -- update to 2.3.4 release candidate 1 (obsoletes some patches taken from cvs) -- forcing of large file support is not needed (for quite a long time) -- updated README.SUSE - -------------------------------------------------------------------- -Tue Mar 16 15:24:49 CET 2004 - mcihar@suse.cz - -- included some fixes from cvs: - - fix possible segfault in bsddb - - urllib2 supports non-anonymous ftp and absolute paths - - fixed GC problems in PyWeakref_NewRef - -------------------------------------------------------------------- -Thu Mar 11 18:36:16 CET 2004 - mcihar@suse.cz - -- fix readline with utf-8 (bug #34302) - -------------------------------------------------------------------- -Wed Mar 03 15:47:22 CET 2004 - mcihar@suse.cz - -- obsoletes python21 - -------------------------------------------------------------------- -Thu Feb 26 17:13:43 CET 2004 - mcihar@suse.cz - -- all subpackages depend on current python version - -------------------------------------------------------------------- -Thu Feb 19 13:11:04 CET 2004 - mcihar@suse.cz - -- fix Lib/email/Charset.py for use in some locales -- fix format string in zipimport module -- use system readline -- add more IPV6 socket options -- use sed instead of perl for replacing -- include LICENSE - -------------------------------------------------------------------- -Sat Jan 10 11:26:35 CET 2004 - adrian@suse.de - -- build as user - -------------------------------------------------------------------- -Mon Jan 05 11:24:09 CET 2004 - mcihar@suse.cz - -- updated to 2.3.3 (final) -- call %{run_ldconfig} in post and postun -- libpython.2.3.so symlink moved to devel package (bug #33779) - -------------------------------------------------------------------- -Fri Dec 12 14:33:36 CET 2003 - mcihar@suse.cz - -- updated to 2.3.3 (release candidate 1) - -------------------------------------------------------------------- -Tue Nov 18 12:41:20 CET 2003 - mcihar@suse.cz - -- use wchar_t functions from libc, this reduces size of interpreter - -------------------------------------------------------------------- -Mon Oct 27 13:19:52 CET 2003 - kukuk@suse.de - -- Remove useless Requires -- Remove not used packages from neededforbuild - -------------------------------------------------------------------- -Fri Oct 03 14:59:55 CEST 2003 - mcihar@suse.cz - -- updated to 2.3.2 - - A bug in autoconf that broke building on HP/UX systems is fixed. - - A bug in the Python configure script that meant os.fsync() was - never available is fixed. - -------------------------------------------------------------------- -Thu Oct 02 16:03:05 CEST 2003 - mcihar@suse.cz - -- force use of directories passed to configure script (-dirs.patch), bug #31947 - -------------------------------------------------------------------- -Mon Sep 29 13:57:18 CEST 2003 - mcihar@suse.cz - -- updated to 2.3.1, most of changes were alredy included in -cvs.patch -- not so verbose untaring - -------------------------------------------------------------------- -Thu Sep 11 14:31:48 CEST 2003 - mcihar@suse.cz - -- included fixes from cvs (branch release23-maint), this fixes some - memory leaks and other bugs (-cvs.patch) -- nicer output from pydoc (-pydoc.patch) -- cleaned up configure parameters -- compiling with -Wall - -------------------------------------------------------------------- -Wed Sep 10 18:39:00 CEST 2003 - mcihar@suse.cz - -- build as shared - -------------------------------------------------------------------- -Wed Sep 03 11:48:07 CEST 2003 - mcihar@suse.cz - -- python now obsoletes python-nothreads (bug #29907) - -------------------------------------------------------------------- -Thu Aug 14 13:23:50 CEST 2003 - mcihar@suse.cz - -- fixed symlinks to configuration files -- cleaned up spec file - -------------------------------------------------------------------- -Wed Aug 06 18:03:22 CEST 2003 - mcihar@suse.cz - -- updated lib64 patch - -------------------------------------------------------------------- -Tue Aug 05 13:17:20 CEST 2003 - mcihar@suse.cz - -- updated to final 2.3, some highlights: - * Python 2.3 is about 20-30% faster than Python 2.2.3 - * Brand new IDLE - * Some new or upgraded built-ins, includes better support for - unicode, new bool type... - * Lots of upgraded or new modules and packages. - * PYTHONINSPECT variabale that can cause python to behave as it - was executed with -i parameter. - -------------------------------------------------------------------- -Tue Jul 29 01:46:23 CEST 2003 - ro@suse.de - -- added tk-devel to neededforbuild - -------------------------------------------------------------------- -Thu Jun 26 22:57:28 CEST 2003 - mcihar@suse.cz - -- updated to cvs snapshot, mostly because of finally correct DESTDIR - support, to avoid buildroot leftovers - -------------------------------------------------------------------- -Tue Jun 24 12:32:23 CEST 2003 - mcihar@suse.cz - -- better excluding site-packages from generated dirlist - -------------------------------------------------------------------- -Tue Jun 17 15:37:51 CEST 2003 - mcihar@suse.cz - -- ignore site-packages and share directories for filelists -- include install dir if not site-packages in filelists - -------------------------------------------------------------------- -Tue Jun 17 10:20:09 CEST 2003 - mcihar@suse.cz - -- better handle mutliple level of install directories when - generating %dir entries - -------------------------------------------------------------------- -Mon Jun 16 17:25:08 CEST 2003 - mcihar@suse.cz - -- one more distutils patch update: - * fix generating of dirs in chrooted installs for install_data - * don't include directory for install_scripts - -------------------------------------------------------------------- -Mon Jun 16 15:55:20 CEST 2003 - mcihar@suse.cz - -- updated patch to work around problems with self defined get_outputs - -------------------------------------------------------------------- -Mon Jun 16 12:29:31 CEST 2003 - mcihar@suse.cz - -- modified distutils to allow generating complete file list for rpm - (including directories with %dir macro), to use this use - --record-rpm= instead of --record= - -------------------------------------------------------------------- -Thu Jun 05 09:23:32 CEST 2003 - mcihar@suse.cz - -- move documentation where it was in 2.2 versions -- fixed permissions for some scripts in devel package - -------------------------------------------------------------------- -Thu May 29 14:22:08 CEST 2003 - mcihar@suse.cz - -- cleaned up specfile -- make executable only files that should be - -------------------------------------------------------------------- -Mon May 19 19:01:43 CEST 2003 - mcihar@suse.cz - -- removed .cvsignore files - -------------------------------------------------------------------- -Tue Apr 29 13:26:02 CEST 2003 - mcihar@suse.cz - -- updated lib64 patch - -------------------------------------------------------------------- -Mon Apr 28 11:25:11 CEST 2003 - mcihar@suse.cz - -- updated to 2.3b1, some highlights: - - sum() builtin, adds a sequence of numbers, beats reduce(). - - csv module, reads comma-separated-value files (and more). - - timeit module, times code snippets. - - os.walk(), a generator slated to replace os.path.walk(). - - platform module, by Marc-Andre Lemburg, returns detailed platform - information. - -------------------------------------------------------------------- -Thu Apr 10 14:52:48 CEST 2003 - mcihar@suse.cz - -- added DEFS to config/Makefile as it was in 2.2 - -------------------------------------------------------------------- -Wed Apr 02 14:50:29 CEST 2003 - mcihar@suse.cz - -- updated lib64 patch -- fixed list of built modules for 64-bit arches - -------------------------------------------------------------------- -Tue Apr 01 17:57:56 CEST 2003 - mcihar@suse.cz - -- updated to python 2.3 alpha 2 - - updated many builtins and modules - - new modules: bsddb, bz2, datetime, logging, optparse, sets, - textwrap, zipimport, - - some general things have changed: - - Hex/oct literals prefixed with a minus sign were handled - inconsistently. - - Package index and metadata for distutils. - - Encoding declarations - you can put a comment of the form - "# -*- coding: -*-" in the first or second line of a Python - source file to indicate the encoding (e.g. utf-8). - - Import from zipfiles. - - see Misc/NEWS in documentation or python website - - http://python.org/2.3/highlights.html for more details -- moved distutils into -devel package -- cleaned up specfile - -------------------------------------------------------------------- -Tue Apr 01 12:27:06 CEST 2003 - mcihar@suse.cz - -- removed RPM_BUILD_ROOT leftovers (bug #25963) - -------------------------------------------------------------------- -Thu Mar 6 12:05:53 CET 2003 - kukuk@suse.de - -- Provide/Obsolete python-tkinter - -------------------------------------------------------------------- -Tue Jan 28 17:51:45 CET 2003 - mcihar@suse.cz - -- idle symlink corrected for lib64 -- fixed LIBDEST path for distutils, closes #22322 - -------------------------------------------------------------------- -Fri Jan 10 13:39:51 CET 2003 - mcihar@suse.cz - -- fixed distutils for lib64 - -------------------------------------------------------------------- -Wed Dec 18 13:45:15 CET 2002 - mcihar@suse.cz - -- improved blt detection for tkinter -- build with detected version of tix -- enabled SIGFPE catching -- enabled signal module -- enabled C++ support - -------------------------------------------------------------------- -Fri Nov 29 16:16:57 CET 2002 - mcihar@suse.cz - -- enabled ipv6 support -- no apache is needed for building -- python-nothreads is not built anymore as is seems that mod_python - works correctly woth python 2.2.2 and threads -- Makefile also copied to config directory in rpm - -------------------------------------------------------------------- -Wed Nov 27 10:59:03 CET 2002 - adrian@suse.de - -- Makefile.pre* to config directory - (following the official spec file change) - -------------------------------------------------------------------- -Fri Nov 08 11:06:39 CET 2002 - mcihar@suse.cz - -- fixed bad source number for suse-start-python-mode.el - -------------------------------------------------------------------- -Thu Nov 07 11:37:34 CET 2002 - mcihar@suse.cz - -- fixed %files section for idle on lib64 arches - -------------------------------------------------------------------- -Wed Nov 06 10:35:50 CET 2002 - mcihar@suse.cz - -- included python-mode.el for emacs -- idle moved from demos to separate package -- merged tk and tkinter - -------------------------------------------------------------------- -Wed Oct 30 14:54:31 CET 2002 - mcihar@suse.cz - -- removed not needed l2h and tetex from neededforbuild - -------------------------------------------------------------------- -Wed Oct 30 11:31:44 CET 2002 - ro@suse.de - -- changed neededforbuild to - -------------------------------------------------------------------- -Wed Oct 23 14:36:10 CEST 2002 - mcihar@suse.cz - -- updated to 2.2.2 (bugfix release) -- moved python-korean into separate source package - -------------------------------------------------------------------- -Tue Sep 17 17:34:28 CEST 2002 - ro@suse.de - -- removed bogus self-provides - -------------------------------------------------------------------- -Tue Sep 10 13:52:26 CEST 2002 - kukuk@suse.de - -- Add provides for correct update - -------------------------------------------------------------------- -Thu Sep 5 12:14:45 CEST 2002 - ro@suse.de - -- remove l2h from neededforbuild (apparently no longer used) - -------------------------------------------------------------------- -Thu Aug 15 00:45:41 CEST 2002 - ro@suse.de - -- no fpectl.so on alpha - -------------------------------------------------------------------- -Tue Aug 13 12:45:33 CEST 2002 - uli@suse.de - -- rediffed lib64 patch - -------------------------------------------------------------------- -Thu Aug 8 07:57:25 CEST 2002 - vinil@suse.de - -- new version 2.2.1 -- new version of Korean codes 2.0.5 - and splitted to standalone package 'python-korean' -- get rid of Makefile.pre.in -- clean part added to spec - -------------------------------------------------------------------- -Sun Jul 28 09:27:46 CEST 2002 - kukuk@suse.de - -- removed termcap and tetex from neededforbuild (not used) - -------------------------------------------------------------------- -Fri Jul 26 22:03:54 CEST 2002 - adrian@suse.de - -- fix neededforbuild - -------------------------------------------------------------------- -Tue Jun 11 11:48:13 CEST 2002 - meissner@suse.de - -- add ppc64 to list of 64bit archs that don't compile 3 of the plugins. - -------------------------------------------------------------------- -Tue Jun 4 17:06:04 CEST 2002 - stepan@suse.de - -- change more locations of lib to %{_lib} on platforms - that need it. -- change Makefile to use install -d instead of mkdir - to solve trouble when installing in buildroots. - -------------------------------------------------------------------- -Mon Jun 3 13:21:07 CEST 2002 - stepan@suse.de - -- Change config/Makefile and config/Makefile.pre.in - to use %_lib instead of lib (fixes i.e. zope) - -------------------------------------------------------------------- -Fri May 17 15:08:18 CEST 2002 - sf@suse.de - -- changed site.py to detect the correct location (is needed at least for - postresql to build -- it still needs to be corrected, as only 64-bit excutable shlibs - have to reside in */lib64 - -------------------------------------------------------------------- -Wed May 15 12:01:45 CEST 2002 - coolo@suse.de - -- fixing file list for s390x - -------------------------------------------------------------------- -Tue May 14 23:50:05 CEST 2002 - ro@suse.de - -- use libdir -- try to get this working with lib64 - -------------------------------------------------------------------- -Mon May 6 17:12:49 CEST 2002 - schwab@suse.de - -- Build python library with -fPIC, for inclusion in shared library. - -------------------------------------------------------------------- -Wed Apr 17 15:48:52 CEST 2002 - schwab@suse.de - -- Fix detection of readline library (use -lncurses instead of -ltermcap). - -------------------------------------------------------------------- -Sat Mar 23 17:21:32 CET 2002 - ro@suse.de - -- changed neededforbuild to - -------------------------------------------------------------------- -Fri Feb 1 00:26:09 CET 2002 - ro@suse.de - -- changed neededforbuild to - -------------------------------------------------------------------- -Wed Jan 9 19:34:47 CET 2002 - rvasice@suse.cz - -- used correct Makefile.pre.in - -------------------------------------------------------------------- -Wed Jan 9 14:49:59 CET 2002 - rvasice@suse.cz - -- added Makefile.pre.in to enable build other python packages - -------------------------------------------------------------------- -Mon Jan 7 08:51:27 CET 2002 - rvasice@suse.cz - -- update to version 2.2 -- recreated modules list - -------------------------------------------------------------------- -Mon Dec 17 12:55:39 CET 2001 - ro@suse.de - -- fixed for gmp-4.x - -------------------------------------------------------------------- -Mon Sep 3 13:48:04 CEST 2001 - rvasice@suse.cz - -- added patch for Large File Support - -------------------------------------------------------------------- -Mon Aug 27 10:26:55 CEST 2001 - rvasice@suse.cz - -- removed conflicting file /etc/susehelp.d/pythonhtml.conf from - subpackage python-doc - -------------------------------------------------------------------- -Fri Aug 17 14:41:48 CEST 2001 - schwab@suse.de - -- Compile python library with -fPIC to allow inclusion in shared - libraries. -- Fix configure check for rl_completion_matches. -- Replace use of config.guess by %ifarch. - -------------------------------------------------------------------- -Mon Aug 13 12:51:39 CEST 2001 - ro@suse.de - -- added regex module (needed for yodl) -- filelist probably needs re-check - -------------------------------------------------------------------- -Mon Jul 30 11:34:35 CEST 2001 - rvasice@suse.cz - -- fix /usr/local path - -------------------------------------------------------------------- -Fri Jul 27 16:23:47 CEST 2001 - rvasice@suse.cz - -- update to version 2.1.1 - -------------------------------------------------------------------- -Tue May 8 02:15:19 CEST 2001 - mfabian@suse.de - -- bzip2 sources - -------------------------------------------------------------------- -Fri Apr 13 20:27:17 CEST 2001 - kukuk@suse.de - -- fix build with new readline library - -------------------------------------------------------------------- -Wed Apr 11 14:30:16 CEST 2001 - utuerk@suse.de - -- added pythonhtml.conf for susehelp - -------------------------------------------------------------------- -Fri Feb 23 16:24:25 CET 2001 - ro@suse.de - -- changed neededforbuild to - -------------------------------------------------------------------- -Fri Feb 23 00:10:25 CET 2001 - ro@suse.de - -- added readline/readline-devel to neededforbuild (split from bash) - -------------------------------------------------------------------- -Mon Jan 22 16:25:53 CET 2001 - kukuk@suse.de - -- Use -fPIC - -------------------------------------------------------------------- -Tue Jan 16 19:26:08 CET 2001 - schwab@suse.de - -- Compile python library with -fpic so that it can be included in a - shared library (for mod_python). - -------------------------------------------------------------------- -Mon Jan 15 13:00:09 CET 2001 - mt@suse.de - -- added uc-kr codec, thanks to Hwang, SangJin - -------------------------------------------------------------------- -Sun Dec 31 18:55:09 CET 2000 - schwab@suse.de - -- Fix filelist for ia64. - -------------------------------------------------------------------- -Mon Dec 18 17:18:37 CET 2000 - mt@suse.de - -- added sub-package python-nothreads for mod_python apache-module -- added Obsoletes for old 8.3 packages names - -------------------------------------------------------------------- -Wed Dec 6 18:04:55 CET 2000 - mt@suse.de - -- cleaned up pythons tk dependencies - -------------------------------------------------------------------- -Thu Nov 30 01:41:16 CET 2000 - ro@suse.de - -- fixed tix-link - -------------------------------------------------------------------- -Wed Nov 29 17:26:54 CET 2000 - ro@suse.de - -- changed neededforbuild to - -------------------------------------------------------------------- -Mon Nov 27 10:17:40 CET 2000 - mt@suse.de - -- changed libnetpb to libnetpbm in neededforbuild -- changed file-list in python-devel - -------------------------------------------------------------------- -Thu Nov 23 09:39:10 CET 2000 - mt@suse.de - -- added openssl-devel to neededforbuild - -------------------------------------------------------------------- -Wed Nov 22 10:11:15 CET 2000 - mt@suse.de - -- removed site-packages from Setup.in patch -- python-64bit.patch should be used on all 64bit platforms - -------------------------------------------------------------------- -Sun Nov 19 18:31:21 CET 2000 - mt@suse.de - -- updated to BeOpen-Python-2.0 - -------------------------------------------------------------------- -Fri Oct 27 14:34:14 CEST 2000 - kukuk@suse.de - -- Use long filenames -- Fix some paths -- Include - -------------------------------------------------------------------- -Thu Jul 6 01:14:30 CEST 2000 - mt@suse.de - -- added anydbm (whichdb.py) patch from www.tummy.com - -------------------------------------------------------------------- -Sat May 27 11:30:28 CEST 2000 - kukuk@suse.de - -- Use libtk8.3.so and libtcl8.3.so - -------------------------------------------------------------------- -Thu May 4 18:32:34 CEST 2000 - kukuk@suse.de - -- Fix filelist for new doc dir - -------------------------------------------------------------------- -Mon Mar 13 23:52:19 CET 2000 - ro@suse.de - -- fixed filelist for alpha - -------------------------------------------------------------------- -Wed Mar 1 18:17:20 CET 2000 - werner@suse.de - -- Fix config.guess selection - -------------------------------------------------------------------- -Wed Feb 16 15:13:47 CET 2000 - uli@suse.de - -- passing MANDIR to "make install libinstall" (seems like it gets - lost somewhere) - -------------------------------------------------------------------- -Wed Feb 16 00:25:30 CET 2000 - ro@suse.de - -- man to /usr/share using macro - -------------------------------------------------------------------- -Tue Feb 15 20:43:25 CET 2000 - mt@suse.de - -- stripped the python binary - -------------------------------------------------------------------- -Mon Oct 11 17:40:31 MEST 1999 - max@suse.de - -- ready for the new Tcl/Tk packages - -------------------------------------------------------------------- -Mon Sep 27 16:31:01 CEST 1999 - bs@suse.de - -- fixed requirements for sub packages - -------------------------------------------------------------------- -Mon Sep 20 18:25:03 CEST 1999 - ro@suse.de - -- added python_image_lib as requires to pyth_tk and as provides to pyth_tkl - -------------------------------------------------------------------- -Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de - -- ran old prepare_spec on spec file to switch to new prepare_spec. - -------------------------------------------------------------------- -Mon Jun 7 14:27:02 MEST 1999 - mt@suse.de - -- disabled pyth_dvi module in spec-file - -------------------------------------------------------------------- -Wed May 26 12:27:24 MEST 1999 - ro@suse.de - -- added libpng to neededforbuild - -------------------------------------------------------------------- -Wed May 26 12:06:13 MEST 1999 - ro@suse.de - -- added blt to neededforbuild - -------------------------------------------------------------------- -Tue May 25 16:00:31 MEST 1999 - mt@suse.de - -- new version 1.5.2 -- splited into sub-packages: pyth_doc, pyth_ps, pyth_pdf, - pyth_dvi, pyth_dmo, pyth_tk, pyth_tkl, pyth_cur, pythgdbm - to have better base-package compatibility to andrich.net. - -------------------------------------------------------------------- -Thu Mar 18 01:13:02 MET 1999 - ro@suse.de - -- don't set POSIXLY_CORRECT for second patch - -------------------------------------------------------------------- -Mon Jan 18 23:55:16 MET 1999 - ro@suse.de - -- added automake to neededforbuild -- alpha-fix: don't mix up dec-osf with linux-alpha - -------------------------------------------------------------------- -Tue Dec 1 23:50:20 MET 1998 - mt@suse.de - -- removed TkInter into a separate package - pyth_tk - to make it - possible to replace it with a PIL based TkInter (Python Imaging - Lib) and better package dependecies (not each app needs TkInter) -- removed Makefile.Linux - all build is done from spec file now -- more /usr/local path fixes - -------------------------------------------------------------------- -Fri Nov 6 15:37:40 MET 1998 - ro@suse.de - -- added automake to neededforbuild -- configure with threads - -------------------------------------------------------------------- -Thu Nov 5 09:53:54 MET 1998 - ro@suse.de - -- use db_185.h only for glibc-2.1 - -------------------------------------------------------------------- -Wed Sep 23 12:15:47 MEST 1998 - ro@suse.de - -- two hacks to compile for glibc: - Modules/bsddbmodule.c include db_185.h for glibc - Modules/mpzmodule.c gmp-mparam.h dont exist for glibc / use define - -------------------------------------------------------------------- -Sun Aug 23 13:15:31 MEST 1998 - ke@suse.de - -- Compress PostScript docu. - -------------------------------------------------------------------- -Mon Aug 17 12:47:42 MEST 1998 - mt@suse.de - -- linked readline- and curses-modules with ncurses - -------------------------------------------------------------------- -Fri Aug 7 21:47:11 MEST 1998 - mt@suse.de - -- python modules - file permissions changed (-x) - -------------------------------------------------------------------- -Sat Jul 11 12:57:01 MEST 1998 - bs@suse.de - -- fixed neededforbuild - -------------------------------------------------------------------- -Thu Jul 9 00:29:05 MEST 1998 - mt@suse.de - -- new revision 1.5.1 -- docu in a separate package (pyth_doc) -- Tkinter uses tk8.0/tcl8.0 now -- first attempt to make it "alpha ready" (spec- & dif-file) - -------------------------------------------------------------------- -Mon Mar 2 18:38:49 MET 1998 - ro@suse.de - -- fixed dependency to /usr/local/bin/python - -------------------------------------------------------------------- -Mon Feb 9 17:28:57 MET 1998 - ro@suse.de - -- added some in neededforbuild - -------------------------------------------------------------------- -Wed Feb 4 19:27:08 CET 1998 - mt@suse.de - -- new Version 1.5 with more features, html documentation and new modules - -------------------------------------------------------------------- -Mon Sep 15 14:57:42 CEST 1997 - mt@suse.de - -- added support for readline and (shared) modules: tkinter, dbm, gdbm, - syslog, ncurses, ... - see /usr/lib/python1.4/config/Setup for details - -------------------------------------------------------------------- -Thu Jun 5 17:57:42 CEST 1997 - mt@suse.de - -- new Version 1.4 -- a symlink (python -> python1.4) will be used instead of a hardlink - - ------------------------------------------------------------------- Fri Feb 18 11:00:25 UTC 2022 - Matej Cepl diff --git a/python-doc.changes b/python-doc.changes index 0d81dda..0c3851b 100644 --- a/python-doc.changes +++ b/python-doc.changes @@ -4,2520 +4,6 @@ Sat Feb 26 12:41:42 UTC 2022 - Matej Cepl - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). -------------------------------------------------------------------- -Sat Feb 26 12:41:26 UTC 2022 - Matej Cepl - -------------------------------------------------------------------- -Fri Feb 18 11:00:25 UTC 2022 - Matej Cepl - -- BuildRequire rpm-build-python: The provider to inject python(abi) - has been moved there. rpm-build pulls rpm-build-python - automatically in when building anything against python3-base, but - this implies that the initial build of python3-base does not - trigger the automatic installation. - -------------------------------------------------------------------- -Fri Feb 18 10:51:04 UTC 2022 - Matej Cepl - -- Older SLE versions should use old OpenSSL. - -------------------------------------------------------------------- -Wed Feb 9 16:49:52 UTC 2022 - Matej Cepl - -- Add CVE-2022-0391-urllib_parse-newline-parsing.patch - (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs - containing ASCII newline and tabs in urlparse. - -------------------------------------------------------------------- -Sun Feb 6 07:43:11 UTC 2022 - Matej Cepl - -- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146, - bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib - not trust the PASV response. - -------------------------------------------------------------------- -Mon Dec 6 13:48:27 UTC 2021 - Dirk Müller - -- build against openssl 1.1.x (incompatible with openssl 3.0x) - for now. - -------------------------------------------------------------------- -Tue Nov 2 08:09:03 UTC 2021 - Marcus Meissner - -- on sle12, python2 modules will still be called python-xxxx until EOL, - for newer SLE versions they will be python2-xxxx - -------------------------------------------------------------------- -Fri Oct 15 08:17:46 UTC 2021 - Dominique Leuenberger - -- BuildRequire rpm-build-python: The provider to inject python(abi) - has been moved there. rpm-build pulls rpm-build-python - automatically in when building anything against python3-base, but - this implies that the initial build of python3-base does not - trigger the automatic installation. - -------------------------------------------------------------------- -Tue Sep 21 14:54:40 UTC 2021 - Matej Cepl - -- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 - (CVE-2019-20907, bpo#39017) avoiding possible infinite loop - in specifically crafted tarball. - Add recursion.tar as a testing tarball for the patch. -- Provide the newest setuptools wheel (bsc#1176262, - CVE-2019-20916) in their correct form (bsc#1180686). -- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211 - (CVE-2020-26116, bpo#39603) no longer allowing special characters in - the method parameter of HTTPConnection.putrequest in httplib, stopping - injection of headers. Such characters now raise ValueError. - - -------------------------------------------------------------------- -Thu Aug 26 15:35:10 UTC 2021 - Fusion Future - -- Renamed patch for assigned CVE: - * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch -> - CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch - (boo#1189241, CVE-2021-3737) - -------------------------------------------------------------------- -Mon Aug 23 11:16:24 UTC 2021 - Fusion Future - -- Renamed patch for assigned CVE: - * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch - (boo#1189287, CVE-2021-3733) -- Fix python-doc build (bpo#35293): - * sphinx-update-removed-function.patch -- Update documentation formatting for Sphinx 3.0 (bpo#40204). - -------------------------------------------------------------------- -Tue Aug 10 12:39:28 UTC 2021 - Fusion Future - -- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in - request (bpo#43075, boo#1189287). -- Add missing security announcement to - bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch. - -------------------------------------------------------------------- -Mon Aug 9 15:16:15 UTC 2021 - Fusion Future - -- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch - which fixes http client infinite line reading (DoS) after a http - 100 (bpo#44022, boo#1189241). - -------------------------------------------------------------------- -Fri Jul 16 14:25:20 UTC 2021 - Matej Cepl - -- Modify Lib/ensurepip/__init__.py to contain the same version - numbers as are in reality the ones in the bundled wheels - (bsc#1187668). - -------------------------------------------------------------------- -Fri Feb 26 18:21:55 UTC 2021 - Matej Cepl - -- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids - use of semicolon as a query string separator (bpo#42967, - bsc#1182379, CVE-2021-23336). - -------------------------------------------------------------------- -Mon Jan 25 23:35:49 UTC 2021 - Matej Cepl - -- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing - bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in - _ctypes/callproc.c, which may lead to remote code execution. - -------------------------------------------------------------------- -Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl - -- (bsc#1180125) We really don't Require python-rpm-macros package. - Unnecessary dependency. - -------------------------------------------------------------------- -Sat May 30 12:19:40 UTC 2020 - Matej Cepl - -- Add patch configure_PYTHON_FOR_REGEN.patch which makes - configure.ac to consider the correct version of - PYTHON_FO_REGEN (bsc#1078326). - -------------------------------------------------------------------- -Mon Apr 27 06:56:55 UTC 2020 - Matej Cepl - -- Use python3-Sphinx on anything more recent than SLE-15 (inclusive). - -------------------------------------------------------------------- -Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl - -- Update to 2.7.18, final release of Python 2. Ever.: - - Newline characters have been escaped when performing uu - encoding to prevent them from overflowing into to content - section of the encoded file. This prevents malicious or - accidental modification of data during the decoding process. - - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben - Caller. - - Fixed line numbers and column offsets for AST nodes for calls - without arguments in decorators. - - bsc#1155094 (CVE-2019-18348) Disallow control characters in - hostnames in http.client. Such potentially malicious header - injection URLs now cause a InvalidURL to be raised. - - Fix urllib.urlretrieve failing on subsequent ftp transfers - from the same host. - - Fix problems identified by GCC's -Wstringop-truncation - warning. - - AddRefActCtx() was needlessly being checked for failure in - PC/dl_nt.c. - - Prevent failure of test_relative_path in test_py_compile on - macOS Catalina. - - Fixed possible leak in `PyArg_Parse` and similar - functions for format units "es#" and "et#" when the macro - `PY_SSIZE_T_CLEAN` is not defined. -- Remove upstreamed patches: - - CVE-2019-18348-CRLF_injection_via_host_part.patch - - python-2.7.14-CVE-2017-1000158.patch - - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch - - CVE-2018-1061-DOS-via-regexp-difflib.patch - - CVE-2019-10160-netloc-port-regression.patch - - CVE-2019-16056-email-parse-addr.patch - -------------------------------------------------------------------- -Sat Feb 8 23:29:28 CET 2020 - Matej Cepl - -- Add CVE-2019-9674-zip-bomb.patch to improve documentation - warning about dangers of zip-bombs and other security problems - with zipfile library. (bsc#1162825 CVE-2019-9674) - -------------------------------------------------------------------- -Sat Feb 8 22:30:51 CET 2020 - Matej Cepl - -- Change to Requires: libpython%{so_version} == %{version}-%{release} - to python-base to keep both packages always synchronized (add - %{so_version}) (bsc#1162224). - -------------------------------------------------------------------- -Thu Feb 6 23:14:47 CET 2020 - Matej Cepl - -- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug - "Python urrlib allowed an HTTP server to conduct Regular - Expression Denial of Service (ReDoS)" (bsc#1162367) - -------------------------------------------------------------------- -Mon Feb 3 19:30:31 UTC 2020 - Tomáš Chvátal - -- Provide python-testsuite from devel subkg to ease py2->py3 - dependencies - -------------------------------------------------------------------- -Mon Jan 27 16:47:56 CET 2020 - Matej Cepl - -- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch - off tests coliding with the combination of modern Python and - ancient OpenSSL on SLE-12. - -------------------------------------------------------------------- -Fri Jan 10 16:01:57 CET 2020 - Matej Cepl - -- libnsl is required only on more recent SLEs and openSUSE, older - glibc supported NIS on its own. - -------------------------------------------------------------------- -Thu Jan 2 10:34:17 UTC 2020 - Tomáš Chvátal - -- Add provides in gdbm subpackage to provide dbm symbols. This - allows us to use %%{python_module dbm} as a dependency and have - it properly resolved for both python2 and python3 - -------------------------------------------------------------------- -Thu Dec 19 08:47:01 UTC 2019 - Dominique Leuenberger - -- Drop appstream-glib BuildRequires and no longer call - appstream-util validate-relax: eliminate a build cycle between - as-glib and python. The only thing would would gain by calling - as-uril is catching if upstream breaks the appdata.xml file in a - future release. Considering py2 is dying, chances for a new - release, let alone one breaking the xml file, are slim. - -------------------------------------------------------------------- -Wed Dec 11 14:35:46 CET 2019 - Matej Cepl - -- Unify packages among openSUSE:Factory and SLE versions. - (bsc#1159035) ; add missing records to this changelog. -- Add idle.desktop and idle.appdata.xml to provide IDLE in menus - (bsc#1153830) - -------------------------------------------------------------------- -Wed Dec 4 18:12:17 CET 2019 - Matej Cepl - -- Add python2_split_startup Provide to make it possible to - conflict older packages by shared-python-startup. - -------------------------------------------------------------------- -Fri Nov 22 13:10:03 CET 2019 - Matej Cepl - -- Move /etc/pythonstart script to shared-python-startup - package. - -------------------------------------------------------------------- -Tue Nov 5 11:41:40 CET 2019 - Matej Cepl - -- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from - bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes - bsc#1149792 - -------------------------------------------------------------------- -Tue Nov 5 04:24:05 UTC 2019 - Steve Kowalik - -- Add adapted-from-F00251-change-user-install-location.patch fixing - pip/distutils to install into /usr/local. - -------------------------------------------------------------------- -Thu Oct 24 14:40:39 CEST 2019 - Matej Cepl - -- Update to 2.7.17: - - a bug fix release in the Python 2.7.x series. It is expected - to be the penultimate release for Python 2.7. -- Removed patches included upstream: - - CVE-2018-20852-cookie-domain-check.patch - - CVE-2019-16935-xmlrpc-doc-server_title.patch - - CVE-2019-9636-netloc-no-decompose-characters.patch - - CVE-2019-9947-no-ctrl-char-http.patch - - CVE-2019-9948-avoid_local-file.patch - - python-2.7.14-CVE-2018-1000030-1.patch - - python-2.7.14-CVE-2018-1000030-2.patch -- Renamed remove-static-libpython.diff and python-bsddb6.diff to - remove-static-libpython.patch and python-bsddb6.patch to unify - filenames. - -------------------------------------------------------------------- -Tue Oct 8 19:46:52 CEST 2019 - Matej Cepl - -- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing - bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in - python/Lib/DocXMLRPCServer.py - -------------------------------------------------------------------- -Wed Sep 25 13:25:33 UTC 2019 - Bernhard Wiedemann - -- Add bpo36302-sort-module-sources.patch (boo#1041090) - -------------------------------------------------------------------- -Mon Sep 16 15:57:54 CEST 2019 - Matej Cepl - -- Add CVE-2019-16056-email-parse-addr.patch fixing the email - module wrongly parses email addresses [bsc#1149955, - CVE-2019-16056] - -------------------------------------------------------------------- -Thu Jul 25 19:31:47 CEST 2019 - Matej Cepl - -- boo#1141853 (CVE-2018-20852) add - CVE-2018-20852-cookie-domain-check.patch fixing - http.cookiejar.DefaultPolicy.domain_return_ok which did not - correctly validate the domain: it could be tricked into sending - cookies to the wrong server. - -------------------------------------------------------------------- -Fri Jul 19 11:19:42 UTC 2019 - Tomáš Chvátal - -- Skip test_urllib2_localnet that randomly fails in OBS - -------------------------------------------------------------------- -Wed Jul 3 21:02:00 CEST 2019 - Matej Cepl - -- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch - which fixes regression introduced by the previous patch. - (CVE-2019-10160) - Upstream gh#python/cpython#13812 - -------------------------------------------------------------------- -Wed May 29 08:58:16 UTC 2019 - Martin Liška - -- Set _lto_cflags to nil as it will prevent to propage LTO - for Python modules that are built in a separate package. - -------------------------------------------------------------------- -Thu May 2 08:40:33 CEST 2019 - Matej Cepl - -- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch - Address the issue by disallowing URL paths with embedded - whitespace or control characters through into the underlying - http client request. Such potentially malicious header - injection URLs now cause a ValueError to be raised. - -------------------------------------------------------------------- -Mon Apr 8 22:40:01 CEST 2019 - Matej Cepl - -- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch - removing unnecessary (and potentially harmful) URL scheme - local-file://. - -------------------------------------------------------------------- -Mon Apr 8 21:13:48 CEST 2019 - Matej Cepl - -- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch - Characters in the netloc attribute that decompose under NFKC - normalization (as used by the IDNA encoding) into any of ``/``, - ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the - URL is decomposed before parsing, or is not a Unicode string, - no error will be raised (CVE-2019-9636). - Upstream commits e37ef41 and 507bd8c. - -------------------------------------------------------------------- -Thu Apr 4 22:28:24 CEST 2019 - Matej Cepl - -- (bsc#1111793) Update to 2.7.16: - * bugfix-only release: complete list of changes on - https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst - * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch - which are fully included in the tarball. - * Updated patches to apply cleanly: - CVE-2019-5010-null-defer-x509-cert-DOS.patch - bpo36160-init-sysconfig_vars.patch - do-not-use-non-ascii-in-test_ssl.patch - openssl-111-middlebox-compat.patch - openssl-111-ssl_options.patch - python-2.5.1-sqlite.patch - python-2.6-gettext-plurals.patch - python-2.7-dirs.patch - python-2.7.2-fix_date_time_compiler.patch - python-2.7.4-canonicalize2.patch - python-2.7.5-multilib.patch - python-2.7.9-ssl_ca_path.patch - python-bsddb6.diff - remove-static-libpython.patch - * Update python-2.7.5-multilib.patch to pass with new platlib - regime. - -------------------------------------------------------------------- -Fri Jan 25 16:53:50 CET 2019 - mcepl@suse.com - -- bsc#1109847 (CVE-2018-14647): add - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing - bpo-34623. - -------------------------------------------------------------------- -Fri Jan 25 16:02:21 CET 2019 - mcepl@suse.com - -- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch - PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance - of PyWeakReference struct and does not intialize wr_prev and - wr_next of new isntance. These pointers can have garbage and - point to random memory locations. - Python should not crash while destroying the isntance created - in the same interpreter function. As per my understanding, both - wr_prev and wr_next of PyWeakReference instance should be - initialized to NULL to avoid segfault. - -------------------------------------------------------------------- -Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com - -- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch - fixing bpo-35746 (CVE-2019-5010). - An exploitable denial-of-service vulnerability exists in the - X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. - A specially crafted X509 certificate can cause a NULL pointer - dereference, resulting in a denial of service. An attacker can - initiate or accept TLS connections using crafted certificates - to trigger this vulnerability. - -------------------------------------------------------------------- -Wed Dec 19 19:29:44 UTC 2018 - Todd R - -- Use upstream-recommended %{_rpmconfigdir}/macros.d directory - for the rpm macros. - -------------------------------------------------------------------- -Fri Oct 26 10:48:44 UTC 2018 - Tomáš Chvátal - -- Add patch openssl-111.patch to work with openssl-1.1.1 - (bsc#1113755) - -------------------------------------------------------------------- -Tue Sep 25 22:01:08 UTC 2018 - Matěj Cepl - -- Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which - converts shutil._call_external_zip to use subprocess rather than - distutils.spawn. [bsc#1109663, CVE-2018-1000802] - -------------------------------------------------------------------- -Fri Jun 29 10:24:27 UTC 2018 - mcepl@suse.com - -- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent - low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS - (CVE-2018-1061). Prior to this patch mail server's timestamp was - susceptible to catastrophic backtracking on long evil response from - the server. Also, it was susceptible to catastrophic backtracking, - which was a potential DOS vector. - [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060] - -------------------------------------------------------------------- -Thu Jun 7 17:04:40 UTC 2018 - psimons@suse.com - -- Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that - verifies that at least one channel is provided. Prior to this - check, attackers could cause a denial of service (divide-by-zero - error and application crash) via a crafted wav format audio file. - [bsc#1083507, CVE-2017-18207] - -------------------------------------------------------------------- -Tue May 29 12:42:22 UTC 2018 - mcepl@suse.com - -- Apply "python-sorted_tar.patch" (bsc#1086001, boo#1081750) - sort tarfile output directory listing - -------------------------------------------------------------------- -Mon May 21 18:41:43 UTC 2018 - michael@stroeder.com - -- update to 2.7.15 - * dozens of bugfixes, see NEWS for details -- removed obsolete patches: - * python-ncurses-6.0-accessors.patch - * python-fix-shebang.patch - * gcc8-miscompilation-fix.patch -- add patch from upstream: - * do-not-use-non-ascii-in-test_ssl.patch - -------------------------------------------------------------------- -Fri Apr 6 10:11:22 UTC 2018 - mliska@suse.cz - -- Add gcc8-miscompilation-fix.patch (boo#1084650). - -------------------------------------------------------------------- -Tue Mar 13 15:22:47 UTC 2018 - psimons@suse.com - -- Apply "python-2.7.14-CVE-2017-1000158.patch" to prevent integer - overflows in PyString_DecodeEscape that could have resulted in - heap-based buffer overflow attacks and possible arbitrary code - execution. [bsc#1068664, CVE-2017-1000158] - -------------------------------------------------------------------- -Mon Feb 5 16:01:59 UTC 2018 - normand@linux.vnet.ibm.com - -- exclude test_socket & test_subprocess for PowerPC boo#1078485 - (same ref as previous change) - -------------------------------------------------------------------- -Fri Feb 2 09:21:24 UTC 2018 - normand@linux.vnet.ibm.com - -- Add python-skip_random_failing_tests.patch bypass boo#1078485 - and exclude many tests for PowerPC - -------------------------------------------------------------------- -Tue Jan 30 16:08:33 UTC 2018 - tchvatal@suse.com - -- Add patch python-fix-shebang.patch to fix bsc#1078326 - -------------------------------------------------------------------- -Fri Dec 22 16:49:38 UTC 2017 - jmatejek@suse.com - -- exclude test_regrtest for s390, where it does not segfault as it should - (fixes bsc#1073269) -- fix segfault while creating weakref - bsc#1073748, bpo#29347 - (this is actually fixed by the 2.7.14 update; mentioning this for purposes - of bugfix tracking) - -------------------------------------------------------------------- -Mon Nov 20 16:11:48 UTC 2017 - jmatejek@suse.com - -- update to 2.7.14 - * dozens of bugfixes, see NEWS for details - * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664) - * fixed segfaults with dict mutated during search - * fixed possible free-after-use problems with buffer objects with custom indexing - * fixed urllib.splithost to correctly parse fragments (bpo-30500) -- drop upstreamed python-2.7.13-overflow_check.patch -- drop unneeded python-2.7.12-makeopcode.patch -- drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch -- Apply "python-2.7.14-CVE-2018-1000030-1.patch" and - "python-2.7.14-CVE-2018-1000030-2.patch" to remedy a bug that - would crash the Python interpreter when multiple threads used the - same I/O stream concurrently. This issue is not classified as a - security vulnerability due to the fact that an attacker must be - able to run code, however in some situations -- such as function - as a service -- this vulnerability can potentially be used by an - attacker to violate a trust boundary. [bsc#1079300, - CVE-2018-1000030] - -------------------------------------------------------------------- -Thu Nov 2 16:53:42 UTC 2017 - mpluskal@suse.com - -- Call python2 instead of python in macros - -------------------------------------------------------------------- -Thu Sep 14 14:12:38 UTC 2017 - vcizek@suse.com - -- Fix test broken with OpenSSL 1.1 (bsc#1042670) - * add 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch - -------------------------------------------------------------------- -Mon Aug 28 13:28:46 UTC 2017 - jmatejek@suse.com - -- drop SUSE_ASNEEDED=0 as it is not needed anymore - -------------------------------------------------------------------- -Thu Aug 17 08:58:02 CEST 2017 - kukuk@suse.de - -- Add libnsl-devel build requires for glibc obsoleting libnsl - -------------------------------------------------------------------- -Mon May 15 14:03:01 UTC 2017 - jmatejek@suse.com - -- obsolete/provide python-argparse and provide python2-argparse, - because the argparse module is available from python 2.7 up - -------------------------------------------------------------------- -Tue Feb 28 16:16:40 UTC 2017 - jmatejek@suse.com - -- SLE package update (bsc#1027282) -- refresh python-2.7.5-multilib.patch -- dropped upstreamed patches: - python-fix-short-dh.patch - python-2.7.7-mhlib-linkcount.patch - python-2.7-urllib2-localnet-ssl.patch - CVE-2016-0772-smtplib-starttls.patch - CVE-2016-5699-http-header-injection.patch - CVE-2016-5636-zipimporter-overflow.patch - python-2.7-httpoxy.patch -- Add python-ncurses-6.0-accessors.patch: Fix build with - NCurses 6.0 and OPAQUE_WINDOW set to 1. - (dimstar@opensuse.org) - -------------------------------------------------------------------- -Fri Feb 24 17:08:25 UTC 2017 - bwiedemann@suse.com - -- Add reproducible.patch to allow reproducible builds of various - python packages like python-amqp - Upstream: https://github.com/python/cpython/pull/296 - -------------------------------------------------------------------- -Tue Jan 3 16:59:24 UTC 2017 - jmatejek@suse.com - -- update to 2.7.13 - * dozens of bugfixes, see NEWS for details - * updated cipher lists for openssl wrapper, support openssl >= 1.1.0 - * properly fix HTTPoxy (CVE-2016-1000110) - * profile-opt build now applies PGO to modules as well -- update python-2.7.10-overflow_check.patch - with python-2.7.13-overflow_check.patch, incorporating upstream changes - (bnc#964182) -- add "-fwrapv" to optflags explicitly because upstream code still - relies on it in many places - -------------------------------------------------------------------- -Fri Dec 2 15:32:59 UTC 2016 - jmatejek@suse.com - -- provide python2-* symbols, for support of new packages built as - python2-foo -- rename macros.python to macros.python2 accordingly -- require python-rpm-macros package, drop macro definitions from - macros.python2 - -------------------------------------------------------------------- -Mon Sep 26 14:06:25 UTC 2016 - jmatejek@suse.com - -- initial packaging of `python27` side-by-side variant (fate#321075, bsc#997436) -- renamed `python` to `python27` in package names and requires -- removed Provides and Obsoletes clauses -- dropped SLE12-only patch python-2.7.9-sles-disable-verification-by-default.patch, - companion sle_tls_checks_policy.py file and the python-strict-tls-checks subpackage -- dropped profile files -- removed /usr/bin/python and /usr/bin/python2, along with other unversioned - aliases -- rewrote macros file to enable stand-alone packages depending on py2.7 -- re-included downloaded version of HTML documentation - -------------------------------------------------------------------- -Thu Jun 30 09:23:05 UTC 2016 - jmatejek@suse.com - -- update to 2.7.12 - * dozens of bugfixes, see NEWS for details - * fixes multiple security issues: - CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) - CVE-2016-5636 zipimporter heap overflow (bsc#985177) - CVE-2016-5699 httplib header injection (bsc#985348) - (this one is actually fixed since 2.7.10) -- removed upstreamed python-2.7.7-mhlib-linkcount.patch -- refreshed multilib patch -- python-2.7.12-makeopcode.patch - run newly-built python interpreter - to make opcodes, in order not to require pre-built python -- update LD_LIBRARY_PATH to use $PWD instead of "." because the test - process escapes to its own directory -- modify shebang-fixing scriptlet to ignore makeopcodetargets.py - -------------------------------------------------------------------- -Fri Jun 17 12:33:23 UTC 2016 - jmatejek@suse.com - -- CVE-2016-0772-smtplib-starttls.patch: - smtplib vulnerability opens startTLS stripping attack - (CVE-2016-0772, bsc#984751) -- CVE-2016-5636-zipimporter-overflow.patch: - heap overflow when importing malformed zip files - (CVE-2016-5636, bsc#985177) -- CVE-2016-5699-http-header-injection.patch: - incorrect validation of HTTP headers allow header injection - (CVE-2016-5699, bsc#985348) -- python-2.7-httpoxy.patch: - HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY - when REQUEST_METHOD is also set - (CVE-2016-1000110, bsc#989523) - -------------------------------------------------------------------- -Fri Jan 29 13:03:40 UTC 2016 - rguenther@suse.com - -- Add python-2.7.10-overflow_check.patch to fix broken overflow checks. - [bnc#964182] - -------------------------------------------------------------------- -Mon Sep 14 15:04:43 UTC 2015 - jmatejek@suse.com - -- copy strict-tls-checks subpackage from SLE to retain future compatibility - (not built in openSUSE) -- do this properly to fix bnc#945401 -- update SLE check to exclude Leap which also has version 1315, - just to be sure - -------------------------------------------------------------------- -Wed Sep 9 12:19:01 UTC 2015 - dimstar@opensuse.org - -- Add python-ncurses-6.0-accessors.patch: Fix build with - NCurses 6.0 and OPAQUE_WINDOW set to 1. - -------------------------------------------------------------------- -Thu Aug 13 13:31:15 UTC 2015 - jmatejek@suse.com - -- add missing ssl.pyc and ssl.pyo to package -- implement python-strict-tls-checks subpackage - * when present, Python will perform TLS certificate checking by default. - it is possible to remove the package to turn off the checks - for compatibility with legacy scripts. - * as discussed in fate#318300 - * this is not built for openSUSE, but retained here in case we want - to build the package for a SLE system - -------------------------------------------------------------------- -Mon Jun 29 08:32:44 UTC 2015 - meissner@suse.com - -- python-fix-short-dh.patch: Bump DH parameters to 2048 bit - to fix logjam security issue. bsc#935856 - -------------------------------------------------------------------- -Wed Jun 10 11:19:58 UTC 2015 - dmueller@suse.com - -- add __python2 compatibility macro (used by Fedora) (fate#318838) - -------------------------------------------------------------------- -Sun May 24 14:36:37 UTC 2015 - michael@stroeder.com - -- update to 2.7.10 -- removed obsolete python-2.7-urllib2-localnet-ssl.patch - -------------------------------------------------------------------- -Tue May 19 11:18:12 UTC 2015 - schwab@suse.de - -- Reenable test_posix on aarch64 - -------------------------------------------------------------------- -Sun Dec 21 19:14:17 UTC 2014 - schwab@suse.de - -- python-2.7.4-aarch64.patch: Remove obsolete patch -- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for - aarch64 - -------------------------------------------------------------------- -Fri Dec 12 17:11:51 UTC 2014 - jmatejek@suse.com - -- update to 2.7.9 - * contains full backport of ssl module from Python 3.4 (PEP466) - * HTTPS certificate validation enabled by default (PEP476) - * SSLv3 disabled by default (bnc#901715) - * backported ensurepip module (PEP477) - * fixes several missing CVEs from last release: CVE-2013-1752, - CVE-2013-1753 - * dozens of minor bugfixes -- dropped upstreamed patches: python-2.7.6-poplib.patch, - smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch -- dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it - with ssl module from Python 3 -- libffi was upgraded upstream, seems to contain our changes, - so dropping libffi-ppc64le.diff as well -- python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional - "import ssl" from test_urllib2_localnet that caused it to fail without ssl - -------------------------------------------------------------------- -Wed Oct 22 13:30:24 UTC 2014 - dmueller@suse.com - -- skip test_thread in qemu_linux_user mode - -------------------------------------------------------------------- -Wed Oct 1 13:00:59 UTC 2014 - jmatejek@suse.com - -- CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow - in buffer() - (CVE-2014-7185, bnc#898572) - -------------------------------------------------------------------- -Tue Sep 30 15:06:15 UTC 2014 - jmatejek@suse.com - -- update to 2.7.8 - * bugfix-only release, dozens of bugs fixed - * fixes CVE-2014-4650 directory traversal in CGIHTTPServer - * fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer() -- dropped upstreamed CVE-2014-4650-CGIHTTPserver-traversal.patch -- dropped upstreamed CVE-2014-7185-buffer-wraparound.patch - -------------------------------------------------------------------- -Wed Jul 23 16:48:38 UTC 2014 - jmatejek@suse.com - -- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file - disclosure and directory traversal through URL-encoded characters - (CVE-2014-4650, bnc#885882) -- python-2.7.7-mhlib-linkcount.patch: remove link count optimizations - that are incorrect on btrfs (and possibly other filesystems) - -------------------------------------------------------------------- -Fri Jun 20 13:11:34 UTC 2014 - jmatejek@suse.com - -- update to 2.7.7 - * bugfix-only release, over a hundred bugs fixed - * backported hmac.compare_digest from python3, first step of PEP 466 -- drop upstreamed patches: - * CVE-2014-1912-recvfrom_into.patch - * python-2.7.4-no-REUSEPORT.patch - * python-2.7.6-bdist-rpm.patch - * python-2.7.6-imaplib.patch - * python-2.7.6-sqlite-3.8.4-tests.patch -- refresh patches: - * python-2.7.3-ssl_ca_path.patch - * python-2.7.4-canonicalize2.patch - * xmlrpc_gzip_27.patch -- added python keyring and signature for the main tarball - -------------------------------------------------------------------- -Sat Mar 15 08:05:41 UTC 2014 - schwab@suse.de - -- Use profile-opt only when profiling is enabled -- python-2.7.2-disable-tests-in-test_io.patch: removed, no longer needed -- update testsuite exclusion list: - * test_signal and test_posix fail due to qemu bugs - -------------------------------------------------------------------- -Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de - -- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, - adding python-2.7.6-sqlite-3.8.4-tests.patch - -------------------------------------------------------------------- -Mon Feb 10 14:24:52 UTC 2014 - jmatejek@suse.com - -- added patches for CVE-2013-1752 (bnc#856836) issues that are - missing in 2.7.6: - python-2.7.6-imaplib.patch - python-2.7.6-poplib.patch - smtplib_maxline-2.7.patch -- CVE-2013-1753 (bnc#856835) gzip decompression bomb in xmlrpc client: - xmlrpc_gzip_27.patch -- python-2.7.6-bdist-rpm.patch: fix broken "setup.py bdist_rpm" command - (bnc#857470, issue18045) -- multilib patch: add "~/.local/lib64" paths to search path - (bnc#637176) -- CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow - in socket.recvfrom_into (CVE-2014-1912, bnc#863741) - -------------------------------------------------------------------- -Tue Dec 10 16:56:02 UTC 2013 - uweigand@de.ibm.com - -- Add Obsoletes/Provides for python-ctypes. - -------------------------------------------------------------------- -Sat Dec 7 02:27:51 UTC 2013 - matz@suse.de - -- Ignore uuid testcase in the testsuite, it relies on unreliable - ifconfig output. - -------------------------------------------------------------------- -Tue Dec 3 20:03:08 CET 2013 - mls@suse.de - -- adapt python-2.7.5-multilib.patch for ppc64le - -------------------------------------------------------------------- -Tue Dec 3 17:30:26 UTC 2013 - dvaleev@suse.com - -- adjust %files for ppc64le - -------------------------------------------------------------------- -Tue Dec 3 17:05:45 UTC 2013 - matz@suse.de - -- Support for ppc64le in _ctypes libffi copy. - -- added patches: - * libffi-ppc64le.diff -------------------------------------------------------------------- -Tue Dec 3 09:44:28 UTC 2013 - adrian@suse.de - -- add ppc64le rules -- avoid errors from source-validator - -------------------------------------------------------------------- -Thu Nov 21 15:39:28 UTC 2013 - jmatejek@suse.com - -- update to 2.7.6 - * bugfix-only release - * SSL-related fixes - * upstream fix for CVE-2013-4238 - * upstream fixes for CVE-2013-1752 -- removed upstreamed patch CVE-2013-4238_py27.patch -- reintroduce audioop.so as the problems with it seem to be fixed - (bnc#831442) - -------------------------------------------------------------------- -Thu Oct 10 18:13:08 UTC 2013 - dmueller@suse.com - -- exclude test_mmap under qemu_linux_user - emulation fails here - as the tests mmap address conflicts with qemu - -------------------------------------------------------------------- -Mon Aug 26 13:55:35 UTC 2013 - lnussel@suse.de - -- update python-2.7.3-ssl_ca_path.patch patch to load default verify locations - if no ca_certs file is specified (bnc#827982, bnc#836739) - -------------------------------------------------------------------- -Fri Aug 16 11:25:49 UTC 2013 - jmatejek@suse.com - -- handle NULL bytes in certain fields of SSL certificates - (CVE-2013-4238, bnc#834601) - -------------------------------------------------------------------- -Tue Jul 9 07:55:50 UTC 2013 - jengelh@inai.de - -- Add python-bsddb6.diff to support building against libdb-6.0 - -------------------------------------------------------------------- -Sat Jul 6 17:17:11 UTC 2013 - coolo@suse.com - -- have python-devel require python: - http://lists.opensuse.org/opensuse-factory/2013-06/msg00622.html - -------------------------------------------------------------------- -Sun Jun 30 21:20:29 UTC 2013 - schwab@suse.de - -- Disable test_multiprocessing in QEmu build - -------------------------------------------------------------------- -Wed Jun 5 15:17:51 UTC 2013 - schwab@suse.de - -- Disable test_asyncore in QEmu build -- Reenable testsuite on arm - -------------------------------------------------------------------- -Thu May 30 16:40:16 UTC 2013 - jmatejek@suse.com - -- python-2.7.4-aarch64.patch: add missing bits of aarch64 support -- python-2.7.4-no-REUSEPORT.patch: disable test of - missing kernel functionality -- drop unnecessary patch: python-2.7.1-distutils_test_path.patch -- switch to xz archive - -------------------------------------------------------------------- -Tue May 28 08:42:49 UTC 2013 - speilicke@suse.com - -- Update to version 2.7.5: - + bugfix-only release - + fixes several important regressions introduced in 2.7.4 - + Issue #15535: Fixed regression in the pickling of named tuples by - removing the __dict__ property introduced in 2.7.4. - + Issue #17857: Prevent build failures with pre-3.5.0 versions of sqlite3, - such as was shipped with Centos 5 and Mac OS X 10.4. - + Issue #17703: Fix a regression where an illegal use of Py_DECREF() after - interpreter finalization can cause a crash. - + Issue #16447: Fixed potential segmentation fault when setting __name__ on a - class. - + Issue #17610: Don't rely on non-standard behavior of the C qsort() function. 12 - See http://hg.python.org/cpython/file/ab05e7dd2788/Misc/NEWS for more -- Drop upstreamed patches: - + python-2.7.3-fix-dbm-64bit-bigendian.patch - + python-test_structmembers.patch -- Rebased other patches - -------------------------------------------------------------------- -Mon May 13 09:24:29 UTC 2013 - dmueller@suse.com - -- add aarch64 to the list of 64-bit platforms - -------------------------------------------------------------------- -Thu May 9 16:11:23 UTC 2013 - jmatejek@suse.com - -- update to 2.7.4 - * bugfix-only release -- drop upstreamed patches: - pypirc-secure.diff - python-2.7.3-multiprocessing-join.patch - ctypes-libffi-aarch64.patch -- drop python-2.7rc2-configure.patch as it doesn't seem necessary anymore - -------------------------------------------------------------------- -Fri Apr 5 13:33:27 UTC 2013 - idonmez@suse.com - -- Add Source URL, see https://en.opensuse.org/SourceUrls - -------------------------------------------------------------------- -Wed Feb 27 17:04:32 UTC 2013 - schwab@suse.de - -- Add aarch64 to the list of lib64 platforms - -------------------------------------------------------------------- -Mon Feb 25 17:24:52 UTC 2013 - jmatejek@suse.com - -- fix pythonstart failing on $HOME-less users (bnc#804978) - -------------------------------------------------------------------- -Sat Feb 9 16:24:10 UTC 2013 - schwab@suse.de - -- Add ctypes-libffi-aarch64.patch: import aarch64 support for libffi in - _ctypes module - -------------------------------------------------------------------- -Fri Feb 8 14:49:45 UTC 2013 - jmatejek@suse.com - -- multiprocessing: thread joining itself (bnc#747794) -- gettext: fix cases where no bundle is found (bnc#794139) - -------------------------------------------------------------------- -Thu Oct 25 11:21:06 UTC 2012 - coolo@suse.com - -- add explicit buildrequire on libbz2-devel - -------------------------------------------------------------------- -Mon Oct 15 10:39:15 UTC 2012 - coolo@suse.com - -- buildrequire explicitly netcfg for the test suite - -------------------------------------------------------------------- -Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com - -- remove distutils.cfg (bnc#658604) - * this changes default prefix for distutils to /usr - * see ML for details: -http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html - -------------------------------------------------------------------- -Fri Aug 3 18:43:32 UTC 2012 - dimstar@opensuse.org - -- Add python-bundle-lang.patch: gettext: If bindtextdomain is - instructed to look in the default location of translations, we - check additionally in locale-bundle. Fixes issues like bnc#617751 - -------------------------------------------------------------------- -Tue Jul 31 12:36:04 UTC 2012 - jmatejek@suse.com - -- all subpackages require python-base=%{version}-%{release} explicitly - (fixes bnc#766778 bug and similar that might arise in the future) - -------------------------------------------------------------------- -Tue Jun 26 11:54:22 UTC 2012 - dvaleev@suse.com - -- Fix failing test_dbm on ppc64 - -------------------------------------------------------------------- -Thu May 17 17:49:31 UTC 2012 - jfunk@funktronics.ca - -- Support directory-based certificate stores with the ca_certs parameter of SSL - functions [bnc#761501] - -------------------------------------------------------------------- -Sat Apr 14 08:57:46 UTC 2012 - dmueller@suse.com - -- update to 2.7.3: - * no change -- remove static libpython.a from build to avoid packages - linking it statically - -------------------------------------------------------------------- -Wed Mar 28 18:19:18 UTC 2012 - jmatejek@suse.com - -- update to 2.7.3rc2 - * fixes several security issues: - * CVE-2012-0845, bnc#747125 - * CVE-2012-1150, bnc#751718 - * CVE-2011-4944, bnc#754447 - * CVE-2011-3389 -- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) - -!!important!! -- disabled test_unicode which segfaults on 64bits. - this should not happen, revisit in next RC! -!!important!! - -------------------------------------------------------------------- -Thu Feb 16 12:33:44 UTC 2012 - dvaleev@suse.com - -- skip broken test_io test on ppc - -------------------------------------------------------------------- -Mon Dec 12 13:39:57 UTC 2011 - toddrme2178@gmail.com - -- Exclude /usr/bin/2to3 to prevent conflicts with python3-2to3 - -------------------------------------------------------------------- -Thu Dec 8 13:31:01 UTC 2011 - jmatejek@suse.com - -- %python_version now correctly refers to %tarversion - -------------------------------------------------------------------- -Mon Nov 28 09:21:32 UTC 2011 - saschpe@suse.de - -- Spec file cleanup: - * Run spec-cleaner - * Remove outdated %clean section, AutoReqProv and authors from descr. -- Fix license to Python-2.0 (also SPDX style) - -------------------------------------------------------------------- -Fri Sep 30 09:08:59 UTC 2011 - adrian@suse.de - -- fix build for arm by removing an old hack for arm, bz2.so is built now - -------------------------------------------------------------------- -Fri Sep 16 16:21:44 UTC 2011 - jmatejek@suse.com - -- dropped newslist.py from demos because of bad license - (bnc#718009) - -------------------------------------------------------------------- -Fri Aug 19 22:37:42 CEST 2011 - dmueller@suse.de - -- update to 2.7.2: - * Bug fix only release, see - http://hg.python.org/cpython/raw-file/eb3c9b74884c/Misc/NEWS - for details -- introduce a pre_checkin.sh file that synchronizes - patches between python and python-base -- rediff patches for 2.7.2 -- replace kernel3 patch with the upstream solution - -------------------------------------------------------------------- -Fri Jul 22 13:03:49 UTC 2011 - idonmez@novell.com - -- Copy Lib/plat-linux2 to Lix/plat-linux3 so that DLFCN module - is also available for linux3 systems bnc#707667 - -------------------------------------------------------------------- -Mon Jul 11 01:59:56 CEST 2011 - ro@suse.de - -- fix build on factory: setup reports linux3 not linux2 now, - adapt checks - -------------------------------------------------------------------- -Tue May 31 17:58:30 UTC 2011 - jmatejek@novell.com - -- added explicit requires to libpython-%version-%release - to prevent bugs like bnc#697251 reappearing - -------------------------------------------------------------------- -Tue May 24 14:27:05 UTC 2011 - jmatejek@novell.com - -- update to 2.7.1 - * bugfix-only release, see NEWS for details -- refreshed patches, dropped the upstreamed ones -- dropped acrequire patch, replacing it with build-time sed -- improved fix to bnc#673071 by defining the constants - only for files that require it (as is done in python3) - -------------------------------------------------------------------- -Mon May 2 16:04:49 UTC 2011 - jmatejek@novell.com - -- fixed a security flaw where malicious sites could redirect - Python application from http to a local file - (CVE-2011-1521, bnc#682554) -- fixed race condition in Makefile which randomly failed - parallel builds ( http://bugs.python.org/issue10013 ) - -------------------------------------------------------------------- -Thu Feb 17 17:37:09 CET 2011 - pth@suse.de - -- Prefix DATE and TIME with PY_BUILD_ and COMPILER with PYTHON_ as - to not break external code (bnc#673071). - -------------------------------------------------------------------- -Mon Jan 17 09:42:20 UTC 2011 - coolo@novell.com - -- provide pyxml to avoid touching tons of packages - -------------------------------------------------------------------- -Thu Nov 18 08:23:34 UTC 2010 - coolo@novell.com - -- add patch from http://psf.upfronthosting.co.za/roundup/tracker/issue9960 - to fix build on ppc64 - -------------------------------------------------------------------- -Fri Oct 1 13:41:30 UTC 2010 - jmatejek@novell.com - -- moved unittest to python-base (it is a testing framework, not a - testsuite, so it clearly belongs into stdlib) -- fixed smtpd.py DoS (bnc#638233, CVE probably not assigned) - -------------------------------------------------------------------- -Tue Sep 21 10:07:43 UTC 2010 - coolo@novell.com - -- fix baselibs.conf - -------------------------------------------------------------------- -Thu Aug 26 15:13:49 UTC 2010 - suse-tux@gmx.de - -- fix for urllib2 (http://bugs.python.org/issue9639) - -------------------------------------------------------------------- -Thu Aug 26 13:45:19 UTC 2010 - jmatejek@novell.com - -- fixed distutils test -- dropped autoconf version requirement (it builds just fine with other versions) - -------------------------------------------------------------------- -Thu Aug 26 11:37:28 UTC 2010 - jmatejek@novell.com - -- update to version 2.7 - * improved handling of numeric types - * deprecation warnings are now silent by default - * new argparse module for command line arguments - * many new features, see http://docs.python.org/dev/whatsnew/2.7.html - for complete list -*** 2.7 is supposed to be the last version from the 2.x series, -so its (upstream) maintenance period will probably be longer than usual. -However, upstream development now focuses on 3.x series. - -- cleaned up spec and patches - -------------------------------------------------------------------- -Fri Jul 2 13:58:38 UTC 2010 - jengelh@medozas.de - -- add patch from http://bugs.python.org/issue6029 -- use %_smp_mflags - -------------------------------------------------------------------- -Mon May 17 17:07:33 CEST 2010 - matejcik@suse.cz - -- dropped audioop.so because of security vulnerabilities - (bnc#603255) - -------------------------------------------------------------------- -Wed Apr 7 20:35:26 CEST 2010 - matejcik@suse.cz - -- update to 2.6.5 (rpm version 2.6.5) -- patched test_distutils to work - -------------------------------------------------------------------- -Thu Mar 11 18:13:05 CET 2010 - matejcik@suse.cz - -- update to 2.6.5rc2 (rpm version is 2.6.4.92) - * bugfix-only release -- removed fwrapv patch - no longer needed -- removed expat patches (this version also fixes expat vulnerabilities - from bnc#581765 ) -- removed readline spacing patch - no longer needed -- removed https_proxy patch - no longer needed -- removed test_distutils patch - no longer needed -- disabled test_distutils because of spurious failure, - * TODO reenable at release - -------------------------------------------------------------------- -Thu Feb 4 20:46:03 CET 2010 - matejcik@suse.cz - -- removed precompiled exe files (as noted in bnc#577032) - -------------------------------------------------------------------- -Fri Jan 29 15:44:15 CET 2010 - matejcik@suse.cz - -- enabled ipv6 in configure (bnc#572673) - -------------------------------------------------------------------- -Wed Dec 23 08:36:29 UTC 2009 - aj@suse.de - -- Apply patches with fuzz=0 - -------------------------------------------------------------------- -Tue Dec 15 00:22:44 CET 2009 - jengelh@medozas.de - -- add baselibs.conf as source - -------------------------------------------------------------------- -Wed Nov 4 19:04:16 CET 2009 - matejcik@suse.cz - -- readline shouldn't append space after completion (bnc#551715, - python bug 5833) - -------------------------------------------------------------------- -Wed Oct 28 18:03:27 UTC 2009 - crrodriguez@opensuse.org - -- python-devel Requires glibc-devel - -------------------------------------------------------------------- -Fri Sep 4 20:16:42 CEST 2009 - matejcik@suse.cz - -- fixed potential DoS in python's copy of expat (bnc#534721) -- added patch for potential SSL hangup during handshake (bnc#525295) - -------------------------------------------------------------------- -Sun Aug 2 17:01:16 UTC 2009 - jansimon.moeller@opensuse.org - -- fix files section for ARM, as bz2.so isn't built on ARM. - -------------------------------------------------------------------- -Fri Jul 31 22:41:02 CEST 2009 - matejcik@suse.cz - -- added /usr/lib/python2.6{,/site-packages} to the package even if - it is on lib64 arch -- added %python_sitelib and %python_sitearch for fedora compatibility - -------------------------------------------------------------------- -Thu Jul 30 18:34:09 CEST 2009 - matejcik@suse.cz - -- fixed test in test_distutils suite that would generate a warning - when the log threshold was set too low by preceding tests - -------------------------------------------------------------------- -Wed Jul 29 16:09:32 CEST 2009 - matejcik@suse.cz - -- support noarch python packages (modified multilib patch - to differentiate between purelib and platlib, added /usr/lib - to search path in all cases - -------------------------------------------------------------------- -Thu Jul 16 10:11:27 CEST 2009 - coolo@novell.com - -- disable as-needed to fix build - -------------------------------------------------------------------- -Mon Apr 27 15:19:45 CEST 2009 - matejcik@suse.cz - -- update to 2.6.2 - * bugfix-only release for 2.6 series - -------------------------------------------------------------------- -Fri Feb 6 16:10:31 CET 2009 - matejcik@suse.cz - -- excluded pyconfig.h and Makefile and Setup from -devel subpackage - to prevent file conflicts of python-base and python-devel - -------------------------------------------------------------------- -Thu Jan 15 16:00:02 CET 2009 - matejcik@suse.cz - -- fixed gettext.py problem with empty plurals line (bnc#462375) - -------------------------------------------------------------------- -Wed Jan 7 12:34:56 CET 2009 - olh@suse.de - -- obsolete old -XXbit packages (bnc#437293) - -------------------------------------------------------------------- -Mon Dec 15 17:10:17 CET 2008 - matejcik@suse.cz - -- removed bsddb directory from python-base, reenabled in python - ( bnc#441088 ) - -------------------------------------------------------------------- -Mon Oct 20 15:18:30 CEST 2008 - matejcik@suse.cz - -- added libpython and python-base to baselibs.conf (bnc#432677) -- disabled test_smtplib for ia64 so that the package actually - gets built (bnc#436966) - -------------------------------------------------------------------- -Thu Oct 9 18:56:33 CEST 2008 - matejcik@suse.cz - -- update to 2.6 final (version name is 2.6.0 to make upgrade from - 2.6rc2 possible) -- replaced site.py hack with a .pth file to do the same thing - (cleaner solution that doesn't mess up documented behavior - and also fixes virtualenv, bnc#430761) -- enabled profile optimized build -- fixed %py_requires macro (bnc#346490) -- provide %name = 2.6 - -------------------------------------------------------------------- -Fri Sep 19 20:09:50 CEST 2008 - matejcik@suse.cz - -- moved tests to %check section -- update to 2.6rc2, removing the last remaining security patch -- included patch for https proxy support that resolves bnc#214983 - (in a proper way) and bnc#298378 -- included fix for socket.ssl() behavior regression, fixing - bnc#426563 - -------------------------------------------------------------------- -Wed Sep 17 22:09:12 CEST 2008 - matejcik@suse.cz - -- included /etc/rpm/macros.python to fix the split-caused breakage - -------------------------------------------------------------------- -Tue Sep 16 18:12:10 CEST 2008 - matejcik@suse.cz - -- applied bug-no-proxy patch from python#3879, which should improve - backwards compatibility (important i.e. for bzr) -- moved python-xml to a subpackage of this (brings no additional - dependencies, so it can as well stay) -- moved Makefile and pyconfig.h to python-base, removing the need - to have python-devel for installation -- improved compatibility with older distros for 11.0 -- moved ssl.py and sqlite3 module to python package - they won't work - without their respective binary modules anyway - -------------------------------------------------------------------- -Mon Sep 15 18:34:27 CEST 2008 - matejcik@suse.cz - -- updated to 2.6rc1 - bugfix-only pre-stable release -- renamed python-base-devel to python-devel as it should be -- removed macros from libpython package name - -------------------------------------------------------------------- -Fri Sep 12 14:46:00 CEST 2008 - matejcik@suse.cz - -- moved python-devel to a subpackage of this -- created libpython subpackage -- moved essential files from -devel to -base, so that distutils - should now be able to install without -devel package - -------------------------------------------------------------------- -Fri Sep 12 14:44:55 CEST 2008 - matejcik@suse.cz - -- split package, as per fate#305065 -- moved python-devel to be a subpackage of python-base -- minor fixes & packaging cleanups - -------------------------------------------------------------------- -Wed Sep 10 16:31:29 CEST 2008 - matejcik@suse.cz - -- fixed misapplied ssl-compat patch (caused segfaults when - opening SSL connections, bnc#425138 ) - -------------------------------------------------------------------- -Wed Sep 3 17:17:06 CEST 2008 - matejcik@suse.cz - -- updated to 2.6beta3 from BETA dist, summary of changes follows: - * patches update/cleanup - * removed failing tests (test_unicode, test_urllib2), those will - be reworked later to not fail - * fixed ncurses/panel.h include - * removed most security fixes, as they are already included in - this version - * removed imageop/rgbimg - (reasons: they only work in 32bit environment anyway, are - deprecated by upstream and have inherent security problems) - * fixed pythonstart script to trim history after 10000 lines - (bnc#399190) -- 2.6beta3 is mostly stable release of the 2.6 series, - package will be updated to 2.6 final as soon as it comes out - (in the beginning of October) - -------------------------------------------------------------------- -Wed Jul 30 20:35:02 CEST 2008 - matejcik@suse.cz - -- security fixes for issues mentioned in bnc#406051: - * CVE-2008-2315 - multiple integer overflows in basic types - * CVE-2008-2316 - partial hashing of huge data with hashlib - * CVE-2008-3142 - multiple buffer oveflows in unicode processing - * CVE-2008-3144 - possible integer over/underflow in mysnprintf - * buffer overflows in expandtabs() method (afaik no CVE assigned) -- also mentioned CVE-2008-3143 is already fixed in python 2.5.2 - -------------------------------------------------------------------- -Mon Jun 30 15:38:17 CEST 2008 - schwab@suse.de - -- Work around autoheader bug. - -------------------------------------------------------------------- -Fri Jun 13 10:07:02 CEST 2008 - schwab@suse.de - -- Fix configure script. - -------------------------------------------------------------------- -Thu Apr 24 19:37:14 CEST 2008 - matejcik@suse.cz - -- proper path for html documentation from python-doc, - help text mentioning python-doc package in pydoc - (bnc#380942) - -------------------------------------------------------------------- -Wed Apr 16 21:20:07 CEST 2008 - matejcik@suse.cz - -- PyString_FromStringAndSize now checks size parameter - (bnc#379534, CVE-2008-1721) - -------------------------------------------------------------------- -Tue Apr 15 09:14:29 CEST 2008 - adrian@suse.de - -- disable DNS lookup test when running in build service. - The XEN build hosts have no network. - -------------------------------------------------------------------- -Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - -- added baselibs.conf file to build xxbit packages - for multilib support - -------------------------------------------------------------------- -Mon Apr 7 13:59:29 CEST 2008 - schwab@suse.de - -- Limit virtual memory to avoid spurious testsuite failures. - -------------------------------------------------------------------- -Mon Mar 10 18:18:43 CET 2008 - matejcik@suse.cz - -- bnc#367853 turned out to be invalid, upstream is already on to - the real problem -- forcing -fwrapv to compiler flags until upstream has a solution - -------------------------------------------------------------------- -Wed Feb 27 18:08:58 CET 2008 - matejcik@suse.cz - -- update to 2.5.2 - - bugfix-only release, over 100 bugs fixed -- removed hppa patch (already included) -- disabled test_str until gcc issue bnc#367853 is resolved - -------------------------------------------------------------------- -Tue Nov 13 17:32:06 CET 2007 - matejcik@suse.cz - -- patched a bug in sqlite module that would cause segfault on - call to executescript() - -> TODO return and improve the patch - -------------------------------------------------------------------- -Mon Sep 3 17:57:43 CEST 2007 - matejcik@suse.cz - -- replaced fdupes oneliner with %fdupes macro -- added /usr/bin/python2 symlink (#307097) -- obsoletes python-elementtree and python-sqlite (#301182) - (obsoletes, but doesn't provide - the modules that obsolete those - packages are renamed and dependent packages need to be changed) - -------------------------------------------------------------------- -Fri Aug 24 16:42:12 CEST 2007 - bg@suse.de - -- fix build on hppa - -------------------------------------------------------------------- -Fri Aug 3 15:25:32 CEST 2007 - jmatejek@suse.cz - -- replaced duplicate files with hardlinks - -------------------------------------------------------------------- -Fri Jul 27 14:51:03 CEST 2007 - jmatejek@suse.cz - -- removed emacs python-mode and dependency on emacs - -------------------------------------------------------------------- -Fri Jun 8 16:33:09 CEST 2007 - jmatejek@suse.cz - -- revisited & explained failing tests -- applied EINTR recovery patch (#278622) -- experimental replacement of shebang strings, - removing dependency on /usr/bin/env - -------------------------------------------------------------------- -Thu May 24 18:47:20 CEST 2007 - jmatejek@suse.cz - -- update to 2.5.1 - - bugfix only release, over 150 bugs fixed - - fixes off-by-one memory leak in _localemodule.c - (#276889, CVE-2007-2052) -- unnecessary patches removed, minor build cleanup -- warns when attempting to use https proxy (#214983) - -------------------------------------------------------------------- -Tue May 22 01:13:28 CEST 2007 - ro@suse.de - -- make setup.py accept db-4.5 - -------------------------------------------------------------------- -Thu Mar 29 13:32:08 CEST 2007 - aj@suse.de - -- Add ncurses-devel to BuildRequires. - -------------------------------------------------------------------- -Sat Mar 24 18:16:08 CET 2007 - aj@suse.de - -- Add libbz2-devel to BuildRequires. - -------------------------------------------------------------------- -Fri Mar 23 15:10:09 CET 2007 - rguenther@suse.de - -- add gdbm-devel BuildRequires - -------------------------------------------------------------------- -Mon Jan 8 19:27:06 CET 2007 - cthiel@suse.de - -- fix sqlite3 support (#228733) - -------------------------------------------------------------------- -Tue Sep 19 18:20:07 CEST 2006 - jmatejek@suse.cz - -- update to 2.5 final, going into STABLE dist -- issue with lib/python/config is not caused by dirs patch - -------------------------------------------------------------------- -Wed Sep 13 19:07:35 CEST 2006 - jmatejek@suse.cz - -- update to 2.5c2 - - 2.5 final is expected next week -- removed testfiles.tar.bz2 from package due to copyright issues - (see #204867). Reminder: enable urlfetch or put it back (or both, - using Nosource) - -------------------------------------------------------------------- -Tue Sep 5 13:51:48 CEST 2006 - jmatejek@suse.cz - -- update to 2.5c1 -- many new features, see http://www.python.org/dev/peps/pep-0356/ -- 64bit indices issue will require changes of modules, see - http://www.python.org/dev/peps/pep-0353/ for transition guidelines -- non-backwards-compatible changes, see - http://docs.python.org/dev/whatsnew/section-other.html - (this link is expected to die, so just search for "what's new in 2.5") -- open issues in build process: - - sed'ing out /usr/local/bin/python from files causes build to fail - if not filtered by grep (see %prep section) - might be a bug in sed - - 2.3.3-dirs patch + --enable-shared + --libdir breaks build, - because "-L/usr/lib*/python2.5/config" is added instead of "-L." - Workaround in 2.5c1-dirs-fix, should be replaced soon - - test_file fails in autobuild, but is OK when building manually - - test_nis fails in autobuild, probably due to a misconfiguration - on autobuild servers - - it might be good to create python-sqlite3 subpackage - -------------------------------------------------------------------- -Mon Apr 24 20:08:30 CEST 2006 - jmatejek@suse.cz - -- update to 2.4.3 - - no big changes, bugfix-only release (about 50 bugs fixed) - -------------------------------------------------------------------- -Wed Mar 15 17:51:29 CET 2006 - jmatejek@suse.cz - -- moved -doc and -doc-pdf into separate noarch specfile - -------------------------------------------------------------------- -Mon Feb 27 18:05:56 CET 2006 - jmatejek@suse.cz - -- implemented /usr/local path schemes for bug #149809 - - python now recognizes packages in /usr/local/lib/python2.4 - - distutils install by default into /usr/local/lib/python2.4/site-packages - - on 64bit systems that is of course lib64 - -------------------------------------------------------------------- -Wed Jan 25 21:30:52 CET 2006 - mls@suse.de - -- converted neededforbuild to BuildRequires - -------------------------------------------------------------------- -Sat Jan 14 13:25:08 CET 2006 - kukuk@suse.de - -- Add gmp-devel to nfb - -------------------------------------------------------------------- -Mon Nov 28 19:10:03 CET 2005 - jmatejek@suse.cz - -- reenabled optimization on ppc64 - -------------------------------------------------------------------- -Fri Nov 11 16:59:11 CET 2005 - nadvornik@suse.cz - -- fixed another bug in canonicalize patch [#133267] - -------------------------------------------------------------------- -Wed Oct 5 15:53:01 CEST 2005 - jmatejek@suse.cz - -- update to 2.4.2 -- additional fixes to canonicalize patch, restored interactive mode - -------------------------------------------------------------------- -Mon Sep 26 15:40:20 CEST 2005 - jmatejek@suse.cz - -- replaced the previous patch with a new one - - it now tries to use canonical_file_name(), falling back to realpath() - and eventually readlink - - canonical_file_name() branch now sets the buffer length - -------------------------------------------------------------------- -Fri Sep 23 16:29:19 CEST 2005 - jmatejek@suse.cz - -- fixed to build with gcc's new buffer overflow checking - - added patch from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169046 - -------------------------------------------------------------------- -Fri Apr 22 17:04:38 CEST 2005 - schwab@suse.de - -- Always enable SSL bug workarounds. - -------------------------------------------------------------------- -Tue Apr 5 16:58:27 CEST 2005 - mcihar@suse.cz - -- update to 2.4.1 - -------------------------------------------------------------------- -Thu Mar 24 16:15:25 CET 2005 - uli@suse.de - -- fixed to build on ARM - -------------------------------------------------------------------- -Tue Mar 1 19:16:46 CET 2005 - mcihar@suse.cz - -- skip some test on ia64 for now - -------------------------------------------------------------------- -Tue Feb 8 16:43:56 CET 2005 - mcihar@suse.cz - -- mark configuration files as %config - -------------------------------------------------------------------- -Tue Feb 01 14:16:43 CET 2005 - mcihar@suse.cz - -- fix vulnerability in SimpleXMLRPCServer (bug #50321, CAN-2005-0089) - -------------------------------------------------------------------- -Tue Dec 28 16:43:47 CET 2004 - mcihar@suse.cz - -- disable bsddb tests, it fails probably on all 64-bit - -------------------------------------------------------------------- -Thu Dec 23 13:46:21 CET 2004 - mcihar@suse.cz - -- make lib64 installation also work on others than x86_64 - -------------------------------------------------------------------- -Mon Dec 20 17:51:29 CET 2004 - mcihar@suse.de - -- fixed build on ppc64 - - update multiarch patch - - do not test bsddb internals - - remove optimalisation from flags, it breaks at least math - -------------------------------------------------------------------- -Mon Dec 20 14:22:15 CET 2004 - mcihar@suse.cz - -- added extra files needed for some tests (codecmaps and unicode normalisation) -- enabled bsddb tests -- reenabled test_shelve, as it works now - -------------------------------------------------------------------- -Thu Dec 16 17:13:04 CET 2004 - mcihar@suse.cz - -- update db 4.3 patch -- fix bdist_rpm when spec file generates more than one rpm - -------------------------------------------------------------------- -Tue Dec 14 08:13:09 CET 2004 - bg@suse.de - -- disable tests for hppa - -------------------------------------------------------------------- -Mon Dec 06 12:30:59 CET 2004 - mcihar@suse.cz - -- fix bsddb module for current bsddb -- improved readline detection - -------------------------------------------------------------------- -Fri Dec 03 17:37:48 CET 2004 - mcihar@suse.cz - -- updated documentation to 2.4 - -------------------------------------------------------------------- -Wed Dec 01 18:07:17 CET 2004 - mcihar@suse.cz - -- don't use wctype functions from glibc, it breaks at some situations -- enable tests during compilation, removing currently known failures - -------------------------------------------------------------------- -Tue Nov 30 14:32:27 CET 2004 - mcihar@suse.cz - -- update to 2.4 final - -------------------------------------------------------------------- -Wed Nov 24 18:30:23 CET 2004 - mcihar@suse.cz - -- yet another ignore list update, ignore man and locale dirs - -------------------------------------------------------------------- -Wed Nov 24 15:15:46 CET 2004 - mcihar@suse.cz - -- ignore /etc and avoid infinite loop while generating directory list - -------------------------------------------------------------------- -Wed Nov 24 12:43:07 CET 2004 - mcihar@suse.cz - -- ignore one more directories in file list generating -- handle correctly headers path in file list generating -- handle extra_dir in file list generating -- use same way as mandrake to support lib64, at least it's a bit cleaner - solution than we had, so we now also have sys.lib -- audioop is now enabled on 64-bit - -------------------------------------------------------------------- -Tue Nov 23 16:25:15 CET 2004 - mcihar@suse.cz - -- updated to 2.4c1 (2.4 release candidate 1) -- dropped python-mpz package as it was dropped by upstream -- completely rewritten and much simplified rpm file list generation, if you - have problems with new version, please drop me a note -- install also /etc/profile.d/python.csh - -------------------------------------------------------------------- -Tue Aug 24 16:22:05 CEST 2004 - mcihar@suse.cz - -- updated README.SUSE -- added startup script, which enables saving of history and completion - for interactive usage - -------------------------------------------------------------------- -Thu May 27 15:25:20 CEST 2004 - mcihar@suse.cz - -- update to 2.3.4 final (no changes from rc 1) - -------------------------------------------------------------------- -Wed May 19 17:11:10 CEST 2004 - mcihar@suse.cz - -- update to 2.3.4 release candidate 1 (obsoletes some patches taken from cvs) -- forcing of large file support is not needed (for quite a long time) -- updated README.SUSE - -------------------------------------------------------------------- -Tue Mar 16 15:24:49 CET 2004 - mcihar@suse.cz - -- included some fixes from cvs: - - fix possible segfault in bsddb - - urllib2 supports non-anonymous ftp and absolute paths - - fixed GC problems in PyWeakref_NewRef - -------------------------------------------------------------------- -Thu Mar 11 18:36:16 CET 2004 - mcihar@suse.cz - -- fix readline with utf-8 (bug #34302) - -------------------------------------------------------------------- -Wed Mar 03 15:47:22 CET 2004 - mcihar@suse.cz - -- obsoletes python21 - -------------------------------------------------------------------- -Thu Feb 26 17:13:43 CET 2004 - mcihar@suse.cz - -- all subpackages depend on current python version - -------------------------------------------------------------------- -Thu Feb 19 13:11:04 CET 2004 - mcihar@suse.cz - -- fix Lib/email/Charset.py for use in some locales -- fix format string in zipimport module -- use system readline -- add more IPV6 socket options -- use sed instead of perl for replacing -- include LICENSE - -------------------------------------------------------------------- -Sat Jan 10 11:26:35 CET 2004 - adrian@suse.de - -- build as user - -------------------------------------------------------------------- -Mon Jan 05 11:24:09 CET 2004 - mcihar@suse.cz - -- updated to 2.3.3 (final) -- call %{run_ldconfig} in post and postun -- libpython.2.3.so symlink moved to devel package (bug #33779) - -------------------------------------------------------------------- -Fri Dec 12 14:33:36 CET 2003 - mcihar@suse.cz - -- updated to 2.3.3 (release candidate 1) - -------------------------------------------------------------------- -Tue Nov 18 12:41:20 CET 2003 - mcihar@suse.cz - -- use wchar_t functions from libc, this reduces size of interpreter - -------------------------------------------------------------------- -Mon Oct 27 13:19:52 CET 2003 - kukuk@suse.de - -- Remove useless Requires -- Remove not used packages from neededforbuild - -------------------------------------------------------------------- -Fri Oct 03 14:59:55 CEST 2003 - mcihar@suse.cz - -- updated to 2.3.2 - - A bug in autoconf that broke building on HP/UX systems is fixed. - - A bug in the Python configure script that meant os.fsync() was - never available is fixed. - -------------------------------------------------------------------- -Thu Oct 02 16:03:05 CEST 2003 - mcihar@suse.cz - -- force use of directories passed to configure script (-dirs.patch), bug #31947 - -------------------------------------------------------------------- -Mon Sep 29 13:57:18 CEST 2003 - mcihar@suse.cz - -- updated to 2.3.1, most of changes were alredy included in -cvs.patch -- not so verbose untaring - -------------------------------------------------------------------- -Thu Sep 11 14:31:48 CEST 2003 - mcihar@suse.cz - -- included fixes from cvs (branch release23-maint), this fixes some - memory leaks and other bugs (-cvs.patch) -- nicer output from pydoc (-pydoc.patch) -- cleaned up configure parameters -- compiling with -Wall - -------------------------------------------------------------------- -Wed Sep 10 18:39:00 CEST 2003 - mcihar@suse.cz - -- build as shared - -------------------------------------------------------------------- -Wed Sep 03 11:48:07 CEST 2003 - mcihar@suse.cz - -- python now obsoletes python-nothreads (bug #29907) - -------------------------------------------------------------------- -Thu Aug 14 13:23:50 CEST 2003 - mcihar@suse.cz - -- fixed symlinks to configuration files -- cleaned up spec file - -------------------------------------------------------------------- -Wed Aug 06 18:03:22 CEST 2003 - mcihar@suse.cz - -- updated lib64 patch - -------------------------------------------------------------------- -Tue Aug 05 13:17:20 CEST 2003 - mcihar@suse.cz - -- updated to final 2.3, some highlights: - * Python 2.3 is about 20-30% faster than Python 2.2.3 - * Brand new IDLE - * Some new or upgraded built-ins, includes better support for - unicode, new bool type... - * Lots of upgraded or new modules and packages. - * PYTHONINSPECT variabale that can cause python to behave as it - was executed with -i parameter. - -------------------------------------------------------------------- -Tue Jul 29 01:46:23 CEST 2003 - ro@suse.de - -- added tk-devel to neededforbuild - -------------------------------------------------------------------- -Thu Jun 26 22:57:28 CEST 2003 - mcihar@suse.cz - -- updated to cvs snapshot, mostly because of finally correct DESTDIR - support, to avoid buildroot leftovers - -------------------------------------------------------------------- -Tue Jun 24 12:32:23 CEST 2003 - mcihar@suse.cz - -- better excluding site-packages from generated dirlist - -------------------------------------------------------------------- -Tue Jun 17 15:37:51 CEST 2003 - mcihar@suse.cz - -- ignore site-packages and share directories for filelists -- include install dir if not site-packages in filelists - -------------------------------------------------------------------- -Tue Jun 17 10:20:09 CEST 2003 - mcihar@suse.cz - -- better handle mutliple level of install directories when - generating %dir entries - -------------------------------------------------------------------- -Mon Jun 16 17:25:08 CEST 2003 - mcihar@suse.cz - -- one more distutils patch update: - * fix generating of dirs in chrooted installs for install_data - * don't include directory for install_scripts - -------------------------------------------------------------------- -Mon Jun 16 15:55:20 CEST 2003 - mcihar@suse.cz - -- updated patch to work around problems with self defined get_outputs - -------------------------------------------------------------------- -Mon Jun 16 12:29:31 CEST 2003 - mcihar@suse.cz - -- modified distutils to allow generating complete file list for rpm - (including directories with %dir macro), to use this use - --record-rpm= instead of --record= - -------------------------------------------------------------------- -Thu Jun 05 09:23:32 CEST 2003 - mcihar@suse.cz - -- move documentation where it was in 2.2 versions -- fixed permissions for some scripts in devel package - -------------------------------------------------------------------- -Thu May 29 14:22:08 CEST 2003 - mcihar@suse.cz - -- cleaned up specfile -- make executable only files that should be - -------------------------------------------------------------------- -Mon May 19 19:01:43 CEST 2003 - mcihar@suse.cz - -- removed .cvsignore files - -------------------------------------------------------------------- -Tue Apr 29 13:26:02 CEST 2003 - mcihar@suse.cz - -- updated lib64 patch - -------------------------------------------------------------------- -Mon Apr 28 11:25:11 CEST 2003 - mcihar@suse.cz - -- updated to 2.3b1, some highlights: - - sum() builtin, adds a sequence of numbers, beats reduce(). - - csv module, reads comma-separated-value files (and more). - - timeit module, times code snippets. - - os.walk(), a generator slated to replace os.path.walk(). - - platform module, by Marc-Andre Lemburg, returns detailed platform - information. - -------------------------------------------------------------------- -Thu Apr 10 14:52:48 CEST 2003 - mcihar@suse.cz - -- added DEFS to config/Makefile as it was in 2.2 - -------------------------------------------------------------------- -Wed Apr 02 14:50:29 CEST 2003 - mcihar@suse.cz - -- updated lib64 patch -- fixed list of built modules for 64-bit arches - -------------------------------------------------------------------- -Tue Apr 01 17:57:56 CEST 2003 - mcihar@suse.cz - -- updated to python 2.3 alpha 2 - - updated many builtins and modules - - new modules: bsddb, bz2, datetime, logging, optparse, sets, - textwrap, zipimport, - - some general things have changed: - - Hex/oct literals prefixed with a minus sign were handled - inconsistently. - - Package index and metadata for distutils. - - Encoding declarations - you can put a comment of the form - "# -*- coding: -*-" in the first or second line of a Python - source file to indicate the encoding (e.g. utf-8). - - Import from zipfiles. - - see Misc/NEWS in documentation or python website - - http://python.org/2.3/highlights.html for more details -- moved distutils into -devel package -- cleaned up specfile - -------------------------------------------------------------------- -Tue Apr 01 12:27:06 CEST 2003 - mcihar@suse.cz - -- removed RPM_BUILD_ROOT leftovers (bug #25963) - -------------------------------------------------------------------- -Thu Mar 6 12:05:53 CET 2003 - kukuk@suse.de - -- Provide/Obsolete python-tkinter - -------------------------------------------------------------------- -Tue Jan 28 17:51:45 CET 2003 - mcihar@suse.cz - -- idle symlink corrected for lib64 -- fixed LIBDEST path for distutils, closes #22322 - -------------------------------------------------------------------- -Fri Jan 10 13:39:51 CET 2003 - mcihar@suse.cz - -- fixed distutils for lib64 - -------------------------------------------------------------------- -Wed Dec 18 13:45:15 CET 2002 - mcihar@suse.cz - -- improved blt detection for tkinter -- build with detected version of tix -- enabled SIGFPE catching -- enabled signal module -- enabled C++ support - -------------------------------------------------------------------- -Fri Nov 29 16:16:57 CET 2002 - mcihar@suse.cz - -- enabled ipv6 support -- no apache is needed for building -- python-nothreads is not built anymore as is seems that mod_python - works correctly woth python 2.2.2 and threads -- Makefile also copied to config directory in rpm - -------------------------------------------------------------------- -Wed Nov 27 10:59:03 CET 2002 - adrian@suse.de - -- Makefile.pre* to config directory - (following the official spec file change) - -------------------------------------------------------------------- -Fri Nov 08 11:06:39 CET 2002 - mcihar@suse.cz - -- fixed bad source number for suse-start-python-mode.el - -------------------------------------------------------------------- -Thu Nov 07 11:37:34 CET 2002 - mcihar@suse.cz - -- fixed %files section for idle on lib64 arches - -------------------------------------------------------------------- -Wed Nov 06 10:35:50 CET 2002 - mcihar@suse.cz - -- included python-mode.el for emacs -- idle moved from demos to separate package -- merged tk and tkinter - -------------------------------------------------------------------- -Wed Oct 30 14:54:31 CET 2002 - mcihar@suse.cz - -- removed not needed l2h and tetex from neededforbuild - -------------------------------------------------------------------- -Wed Oct 30 11:31:44 CET 2002 - ro@suse.de - -- changed neededforbuild to - -------------------------------------------------------------------- -Wed Oct 23 14:36:10 CEST 2002 - mcihar@suse.cz - -- updated to 2.2.2 (bugfix release) -- moved python-korean into separate source package - -------------------------------------------------------------------- -Tue Sep 17 17:34:28 CEST 2002 - ro@suse.de - -- removed bogus self-provides - -------------------------------------------------------------------- -Tue Sep 10 13:52:26 CEST 2002 - kukuk@suse.de - -- Add provides for correct update - -------------------------------------------------------------------- -Thu Sep 5 12:14:45 CEST 2002 - ro@suse.de - -- remove l2h from neededforbuild (apparently no longer used) - -------------------------------------------------------------------- -Thu Aug 15 00:45:41 CEST 2002 - ro@suse.de - -- no fpectl.so on alpha - -------------------------------------------------------------------- -Tue Aug 13 12:45:33 CEST 2002 - uli@suse.de - -- rediffed lib64 patch - -------------------------------------------------------------------- -Thu Aug 8 07:57:25 CEST 2002 - vinil@suse.de - -- new version 2.2.1 -- new version of Korean codes 2.0.5 - and splitted to standalone package 'python-korean' -- get rid of Makefile.pre.in -- clean part added to spec - -------------------------------------------------------------------- -Sun Jul 28 09:27:46 CEST 2002 - kukuk@suse.de - -- removed termcap and tetex from neededforbuild (not used) - -------------------------------------------------------------------- -Fri Jul 26 22:03:54 CEST 2002 - adrian@suse.de - -- fix neededforbuild - -------------------------------------------------------------------- -Tue Jun 11 11:48:13 CEST 2002 - meissner@suse.de - -- add ppc64 to list of 64bit archs that don't compile 3 of the plugins. - -------------------------------------------------------------------- -Tue Jun 4 17:06:04 CEST 2002 - stepan@suse.de - -- change more locations of lib to %{_lib} on platforms - that need it. -- change Makefile to use install -d instead of mkdir - to solve trouble when installing in buildroots. - -------------------------------------------------------------------- -Mon Jun 3 13:21:07 CEST 2002 - stepan@suse.de - -- Change config/Makefile and config/Makefile.pre.in - to use %_lib instead of lib (fixes i.e. zope) - -------------------------------------------------------------------- -Fri May 17 15:08:18 CEST 2002 - sf@suse.de - -- changed site.py to detect the correct location (is needed at least for - postresql to build -- it still needs to be corrected, as only 64-bit excutable shlibs - have to reside in */lib64 - -------------------------------------------------------------------- -Wed May 15 12:01:45 CEST 2002 - coolo@suse.de - -- fixing file list for s390x - -------------------------------------------------------------------- -Tue May 14 23:50:05 CEST 2002 - ro@suse.de - -- use libdir -- try to get this working with lib64 - -------------------------------------------------------------------- -Mon May 6 17:12:49 CEST 2002 - schwab@suse.de - -- Build python library with -fPIC, for inclusion in shared library. - -------------------------------------------------------------------- -Wed Apr 17 15:48:52 CEST 2002 - schwab@suse.de - -- Fix detection of readline library (use -lncurses instead of -ltermcap). - -------------------------------------------------------------------- -Sat Mar 23 17:21:32 CET 2002 - ro@suse.de - -- changed neededforbuild to - -------------------------------------------------------------------- -Fri Feb 1 00:26:09 CET 2002 - ro@suse.de - -- changed neededforbuild to - -------------------------------------------------------------------- -Wed Jan 9 19:34:47 CET 2002 - rvasice@suse.cz - -- used correct Makefile.pre.in - -------------------------------------------------------------------- -Wed Jan 9 14:49:59 CET 2002 - rvasice@suse.cz - -- added Makefile.pre.in to enable build other python packages - -------------------------------------------------------------------- -Mon Jan 7 08:51:27 CET 2002 - rvasice@suse.cz - -- update to version 2.2 -- recreated modules list - -------------------------------------------------------------------- -Mon Dec 17 12:55:39 CET 2001 - ro@suse.de - -- fixed for gmp-4.x - -------------------------------------------------------------------- -Mon Sep 3 13:48:04 CEST 2001 - rvasice@suse.cz - -- added patch for Large File Support - -------------------------------------------------------------------- -Mon Aug 27 10:26:55 CEST 2001 - rvasice@suse.cz - -- removed conflicting file /etc/susehelp.d/pythonhtml.conf from - subpackage python-doc - -------------------------------------------------------------------- -Fri Aug 17 14:41:48 CEST 2001 - schwab@suse.de - -- Compile python library with -fPIC to allow inclusion in shared - libraries. -- Fix configure check for rl_completion_matches. -- Replace use of config.guess by %ifarch. - -------------------------------------------------------------------- -Mon Aug 13 12:51:39 CEST 2001 - ro@suse.de - -- added regex module (needed for yodl) -- filelist probably needs re-check - -------------------------------------------------------------------- -Mon Jul 30 11:34:35 CEST 2001 - rvasice@suse.cz - -- fix /usr/local path - -------------------------------------------------------------------- -Fri Jul 27 16:23:47 CEST 2001 - rvasice@suse.cz - -- update to version 2.1.1 - -------------------------------------------------------------------- -Tue May 8 02:15:19 CEST 2001 - mfabian@suse.de - -- bzip2 sources - -------------------------------------------------------------------- -Fri Apr 13 20:27:17 CEST 2001 - kukuk@suse.de - -- fix build with new readline library - -------------------------------------------------------------------- -Wed Apr 11 14:30:16 CEST 2001 - utuerk@suse.de - -- added pythonhtml.conf for susehelp - -------------------------------------------------------------------- -Fri Feb 23 16:24:25 CET 2001 - ro@suse.de - -- changed neededforbuild to - -------------------------------------------------------------------- -Fri Feb 23 00:10:25 CET 2001 - ro@suse.de - -- added readline/readline-devel to neededforbuild (split from bash) - -------------------------------------------------------------------- -Mon Jan 22 16:25:53 CET 2001 - kukuk@suse.de - -- Use -fPIC - -------------------------------------------------------------------- -Tue Jan 16 19:26:08 CET 2001 - schwab@suse.de - -- Compile python library with -fpic so that it can be included in a - shared library (for mod_python). - -------------------------------------------------------------------- -Mon Jan 15 13:00:09 CET 2001 - mt@suse.de - -- added uc-kr codec, thanks to Hwang, SangJin - -------------------------------------------------------------------- -Sun Dec 31 18:55:09 CET 2000 - schwab@suse.de - -- Fix filelist for ia64. - -------------------------------------------------------------------- -Mon Dec 18 17:18:37 CET 2000 - mt@suse.de - -- added sub-package python-nothreads for mod_python apache-module -- added Obsoletes for old 8.3 packages names - -------------------------------------------------------------------- -Wed Dec 6 18:04:55 CET 2000 - mt@suse.de - -- cleaned up pythons tk dependencies - -------------------------------------------------------------------- -Thu Nov 30 01:41:16 CET 2000 - ro@suse.de - -- fixed tix-link - -------------------------------------------------------------------- -Wed Nov 29 17:26:54 CET 2000 - ro@suse.de - -- changed neededforbuild to - -------------------------------------------------------------------- -Mon Nov 27 10:17:40 CET 2000 - mt@suse.de - -- changed libnetpb to libnetpbm in neededforbuild -- changed file-list in python-devel - -------------------------------------------------------------------- -Thu Nov 23 09:39:10 CET 2000 - mt@suse.de - -- added openssl-devel to neededforbuild - -------------------------------------------------------------------- -Wed Nov 22 10:11:15 CET 2000 - mt@suse.de - -- removed site-packages from Setup.in patch -- python-64bit.patch should be used on all 64bit platforms - -------------------------------------------------------------------- -Sun Nov 19 18:31:21 CET 2000 - mt@suse.de - -- updated to BeOpen-Python-2.0 - -------------------------------------------------------------------- -Fri Oct 27 14:34:14 CEST 2000 - kukuk@suse.de - -- Use long filenames -- Fix some paths -- Include - -------------------------------------------------------------------- -Thu Jul 6 01:14:30 CEST 2000 - mt@suse.de - -- added anydbm (whichdb.py) patch from www.tummy.com - -------------------------------------------------------------------- -Sat May 27 11:30:28 CEST 2000 - kukuk@suse.de - -- Use libtk8.3.so and libtcl8.3.so - -------------------------------------------------------------------- -Thu May 4 18:32:34 CEST 2000 - kukuk@suse.de - -- Fix filelist for new doc dir - -------------------------------------------------------------------- -Mon Mar 13 23:52:19 CET 2000 - ro@suse.de - -- fixed filelist for alpha - -------------------------------------------------------------------- -Wed Mar 1 18:17:20 CET 2000 - werner@suse.de - -- Fix config.guess selection - -------------------------------------------------------------------- -Wed Feb 16 15:13:47 CET 2000 - uli@suse.de - -- passing MANDIR to "make install libinstall" (seems like it gets - lost somewhere) - -------------------------------------------------------------------- -Wed Feb 16 00:25:30 CET 2000 - ro@suse.de - -- man to /usr/share using macro - -------------------------------------------------------------------- -Tue Feb 15 20:43:25 CET 2000 - mt@suse.de - -- stripped the python binary - -------------------------------------------------------------------- -Mon Oct 11 17:40:31 MEST 1999 - max@suse.de - -- ready for the new Tcl/Tk packages - -------------------------------------------------------------------- -Mon Sep 27 16:31:01 CEST 1999 - bs@suse.de - -- fixed requirements for sub packages - -------------------------------------------------------------------- -Mon Sep 20 18:25:03 CEST 1999 - ro@suse.de - -- added python_image_lib as requires to pyth_tk and as provides to pyth_tkl - -------------------------------------------------------------------- -Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de - -- ran old prepare_spec on spec file to switch to new prepare_spec. - -------------------------------------------------------------------- -Mon Jun 7 14:27:02 MEST 1999 - mt@suse.de - -- disabled pyth_dvi module in spec-file - -------------------------------------------------------------------- -Wed May 26 12:27:24 MEST 1999 - ro@suse.de - -- added libpng to neededforbuild - -------------------------------------------------------------------- -Wed May 26 12:06:13 MEST 1999 - ro@suse.de - -- added blt to neededforbuild - -------------------------------------------------------------------- -Tue May 25 16:00:31 MEST 1999 - mt@suse.de - -- new version 1.5.2 -- splited into sub-packages: pyth_doc, pyth_ps, pyth_pdf, - pyth_dvi, pyth_dmo, pyth_tk, pyth_tkl, pyth_cur, pythgdbm - to have better base-package compatibility to andrich.net. - -------------------------------------------------------------------- -Thu Mar 18 01:13:02 MET 1999 - ro@suse.de - -- don't set POSIXLY_CORRECT for second patch - -------------------------------------------------------------------- -Mon Jan 18 23:55:16 MET 1999 - ro@suse.de - -- added automake to neededforbuild -- alpha-fix: don't mix up dec-osf with linux-alpha - -------------------------------------------------------------------- -Tue Dec 1 23:50:20 MET 1998 - mt@suse.de - -- removed TkInter into a separate package - pyth_tk - to make it - possible to replace it with a PIL based TkInter (Python Imaging - Lib) and better package dependecies (not each app needs TkInter) -- removed Makefile.Linux - all build is done from spec file now -- more /usr/local path fixes - -------------------------------------------------------------------- -Fri Nov 6 15:37:40 MET 1998 - ro@suse.de - -- added automake to neededforbuild -- configure with threads - -------------------------------------------------------------------- -Thu Nov 5 09:53:54 MET 1998 - ro@suse.de - -- use db_185.h only for glibc-2.1 - -------------------------------------------------------------------- -Wed Sep 23 12:15:47 MEST 1998 - ro@suse.de - -- two hacks to compile for glibc: - Modules/bsddbmodule.c include db_185.h for glibc - Modules/mpzmodule.c gmp-mparam.h dont exist for glibc / use define - -------------------------------------------------------------------- -Sun Aug 23 13:15:31 MEST 1998 - ke@suse.de - -- Compress PostScript docu. - -------------------------------------------------------------------- -Mon Aug 17 12:47:42 MEST 1998 - mt@suse.de - -- linked readline- and curses-modules with ncurses - -------------------------------------------------------------------- -Fri Aug 7 21:47:11 MEST 1998 - mt@suse.de - -- python modules - file permissions changed (-x) - -------------------------------------------------------------------- -Sat Jul 11 12:57:01 MEST 1998 - bs@suse.de - -- fixed neededforbuild - -------------------------------------------------------------------- -Thu Jul 9 00:29:05 MEST 1998 - mt@suse.de - -- new revision 1.5.1 -- docu in a separate package (pyth_doc) -- Tkinter uses tk8.0/tcl8.0 now -- first attempt to make it "alpha ready" (spec- & dif-file) - -------------------------------------------------------------------- -Mon Mar 2 18:38:49 MET 1998 - ro@suse.de - -- fixed dependency to /usr/local/bin/python - -------------------------------------------------------------------- -Mon Feb 9 17:28:57 MET 1998 - ro@suse.de - -- added some in neededforbuild - -------------------------------------------------------------------- -Wed Feb 4 19:27:08 CET 1998 - mt@suse.de - -- new Version 1.5 with more features, html documentation and new modules - -------------------------------------------------------------------- -Mon Sep 15 14:57:42 CEST 1997 - mt@suse.de - -- added support for readline and (shared) modules: tkinter, dbm, gdbm, - syslog, ncurses, ... - see /usr/lib/python1.4/config/Setup for details - -------------------------------------------------------------------- -Thu Jun 5 17:57:42 CEST 1997 - mt@suse.de - -- new Version 1.4 -- a symlink (python -> python1.4) will be used instead of a hardlink - - ------------------------------------------------------------------- Fri Feb 18 11:00:25 UTC 2022 - Matej Cepl diff --git a/python.changes b/python.changes index 0d81dda..0c3851b 100644 --- a/python.changes +++ b/python.changes @@ -4,2520 +4,6 @@ Sat Feb 26 12:41:42 UTC 2022 - Matej Cepl - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). -------------------------------------------------------------------- -Sat Feb 26 12:41:26 UTC 2022 - Matej Cepl - -------------------------------------------------------------------- -Fri Feb 18 11:00:25 UTC 2022 - Matej Cepl - -- BuildRequire rpm-build-python: The provider to inject python(abi) - has been moved there. rpm-build pulls rpm-build-python - automatically in when building anything against python3-base, but - this implies that the initial build of python3-base does not - trigger the automatic installation. - -------------------------------------------------------------------- -Fri Feb 18 10:51:04 UTC 2022 - Matej Cepl - -- Older SLE versions should use old OpenSSL. - -------------------------------------------------------------------- -Wed Feb 9 16:49:52 UTC 2022 - Matej Cepl - -- Add CVE-2022-0391-urllib_parse-newline-parsing.patch - (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs - containing ASCII newline and tabs in urlparse. - -------------------------------------------------------------------- -Sun Feb 6 07:43:11 UTC 2022 - Matej Cepl - -- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146, - bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib - not trust the PASV response. - -------------------------------------------------------------------- -Mon Dec 6 13:48:27 UTC 2021 - Dirk Müller - -- build against openssl 1.1.x (incompatible with openssl 3.0x) - for now. - -------------------------------------------------------------------- -Tue Nov 2 08:09:03 UTC 2021 - Marcus Meissner - -- on sle12, python2 modules will still be called python-xxxx until EOL, - for newer SLE versions they will be python2-xxxx - -------------------------------------------------------------------- -Fri Oct 15 08:17:46 UTC 2021 - Dominique Leuenberger - -- BuildRequire rpm-build-python: The provider to inject python(abi) - has been moved there. rpm-build pulls rpm-build-python - automatically in when building anything against python3-base, but - this implies that the initial build of python3-base does not - trigger the automatic installation. - -------------------------------------------------------------------- -Tue Sep 21 14:54:40 UTC 2021 - Matej Cepl - -- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 - (CVE-2019-20907, bpo#39017) avoiding possible infinite loop - in specifically crafted tarball. - Add recursion.tar as a testing tarball for the patch. -- Provide the newest setuptools wheel (bsc#1176262, - CVE-2019-20916) in their correct form (bsc#1180686). -- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211 - (CVE-2020-26116, bpo#39603) no longer allowing special characters in - the method parameter of HTTPConnection.putrequest in httplib, stopping - injection of headers. Such characters now raise ValueError. - - -------------------------------------------------------------------- -Thu Aug 26 15:35:10 UTC 2021 - Fusion Future - -- Renamed patch for assigned CVE: - * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch -> - CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch - (boo#1189241, CVE-2021-3737) - -------------------------------------------------------------------- -Mon Aug 23 11:16:24 UTC 2021 - Fusion Future - -- Renamed patch for assigned CVE: - * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch - (boo#1189287, CVE-2021-3733) -- Fix python-doc build (bpo#35293): - * sphinx-update-removed-function.patch -- Update documentation formatting for Sphinx 3.0 (bpo#40204). - -------------------------------------------------------------------- -Tue Aug 10 12:39:28 UTC 2021 - Fusion Future - -- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in - request (bpo#43075, boo#1189287). -- Add missing security announcement to - bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch. - -------------------------------------------------------------------- -Mon Aug 9 15:16:15 UTC 2021 - Fusion Future - -- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch - which fixes http client infinite line reading (DoS) after a http - 100 (bpo#44022, boo#1189241). - -------------------------------------------------------------------- -Fri Jul 16 14:25:20 UTC 2021 - Matej Cepl - -- Modify Lib/ensurepip/__init__.py to contain the same version - numbers as are in reality the ones in the bundled wheels - (bsc#1187668). - -------------------------------------------------------------------- -Fri Feb 26 18:21:55 UTC 2021 - Matej Cepl - -- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids - use of semicolon as a query string separator (bpo#42967, - bsc#1182379, CVE-2021-23336). - -------------------------------------------------------------------- -Mon Jan 25 23:35:49 UTC 2021 - Matej Cepl - -- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing - bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in - _ctypes/callproc.c, which may lead to remote code execution. - -------------------------------------------------------------------- -Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl - -- (bsc#1180125) We really don't Require python-rpm-macros package. - Unnecessary dependency. - -------------------------------------------------------------------- -Sat May 30 12:19:40 UTC 2020 - Matej Cepl - -- Add patch configure_PYTHON_FOR_REGEN.patch which makes - configure.ac to consider the correct version of - PYTHON_FO_REGEN (bsc#1078326). - -------------------------------------------------------------------- -Mon Apr 27 06:56:55 UTC 2020 - Matej Cepl - -- Use python3-Sphinx on anything more recent than SLE-15 (inclusive). - -------------------------------------------------------------------- -Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl - -- Update to 2.7.18, final release of Python 2. Ever.: - - Newline characters have been escaped when performing uu - encoding to prevent them from overflowing into to content - section of the encoded file. This prevents malicious or - accidental modification of data during the decoding process. - - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben - Caller. - - Fixed line numbers and column offsets for AST nodes for calls - without arguments in decorators. - - bsc#1155094 (CVE-2019-18348) Disallow control characters in - hostnames in http.client. Such potentially malicious header - injection URLs now cause a InvalidURL to be raised. - - Fix urllib.urlretrieve failing on subsequent ftp transfers - from the same host. - - Fix problems identified by GCC's -Wstringop-truncation - warning. - - AddRefActCtx() was needlessly being checked for failure in - PC/dl_nt.c. - - Prevent failure of test_relative_path in test_py_compile on - macOS Catalina. - - Fixed possible leak in `PyArg_Parse` and similar - functions for format units "es#" and "et#" when the macro - `PY_SSIZE_T_CLEAN` is not defined. -- Remove upstreamed patches: - - CVE-2019-18348-CRLF_injection_via_host_part.patch - - python-2.7.14-CVE-2017-1000158.patch - - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch - - CVE-2018-1061-DOS-via-regexp-difflib.patch - - CVE-2019-10160-netloc-port-regression.patch - - CVE-2019-16056-email-parse-addr.patch - -------------------------------------------------------------------- -Sat Feb 8 23:29:28 CET 2020 - Matej Cepl - -- Add CVE-2019-9674-zip-bomb.patch to improve documentation - warning about dangers of zip-bombs and other security problems - with zipfile library. (bsc#1162825 CVE-2019-9674) - -------------------------------------------------------------------- -Sat Feb 8 22:30:51 CET 2020 - Matej Cepl - -- Change to Requires: libpython%{so_version} == %{version}-%{release} - to python-base to keep both packages always synchronized (add - %{so_version}) (bsc#1162224). - -------------------------------------------------------------------- -Thu Feb 6 23:14:47 CET 2020 - Matej Cepl - -- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug - "Python urrlib allowed an HTTP server to conduct Regular - Expression Denial of Service (ReDoS)" (bsc#1162367) - -------------------------------------------------------------------- -Mon Feb 3 19:30:31 UTC 2020 - Tomáš Chvátal - -- Provide python-testsuite from devel subkg to ease py2->py3 - dependencies - -------------------------------------------------------------------- -Mon Jan 27 16:47:56 CET 2020 - Matej Cepl - -- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch - off tests coliding with the combination of modern Python and - ancient OpenSSL on SLE-12. - -------------------------------------------------------------------- -Fri Jan 10 16:01:57 CET 2020 - Matej Cepl - -- libnsl is required only on more recent SLEs and openSUSE, older - glibc supported NIS on its own. - -------------------------------------------------------------------- -Thu Jan 2 10:34:17 UTC 2020 - Tomáš Chvátal - -- Add provides in gdbm subpackage to provide dbm symbols. This - allows us to use %%{python_module dbm} as a dependency and have - it properly resolved for both python2 and python3 - -------------------------------------------------------------------- -Thu Dec 19 08:47:01 UTC 2019 - Dominique Leuenberger - -- Drop appstream-glib BuildRequires and no longer call - appstream-util validate-relax: eliminate a build cycle between - as-glib and python. The only thing would would gain by calling - as-uril is catching if upstream breaks the appdata.xml file in a - future release. Considering py2 is dying, chances for a new - release, let alone one breaking the xml file, are slim. - -------------------------------------------------------------------- -Wed Dec 11 14:35:46 CET 2019 - Matej Cepl - -- Unify packages among openSUSE:Factory and SLE versions. - (bsc#1159035) ; add missing records to this changelog. -- Add idle.desktop and idle.appdata.xml to provide IDLE in menus - (bsc#1153830) - -------------------------------------------------------------------- -Wed Dec 4 18:12:17 CET 2019 - Matej Cepl - -- Add python2_split_startup Provide to make it possible to - conflict older packages by shared-python-startup. - -------------------------------------------------------------------- -Fri Nov 22 13:10:03 CET 2019 - Matej Cepl - -- Move /etc/pythonstart script to shared-python-startup - package. - -------------------------------------------------------------------- -Tue Nov 5 11:41:40 CET 2019 - Matej Cepl - -- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from - bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes - bsc#1149792 - -------------------------------------------------------------------- -Tue Nov 5 04:24:05 UTC 2019 - Steve Kowalik - -- Add adapted-from-F00251-change-user-install-location.patch fixing - pip/distutils to install into /usr/local. - -------------------------------------------------------------------- -Thu Oct 24 14:40:39 CEST 2019 - Matej Cepl - -- Update to 2.7.17: - - a bug fix release in the Python 2.7.x series. It is expected - to be the penultimate release for Python 2.7. -- Removed patches included upstream: - - CVE-2018-20852-cookie-domain-check.patch - - CVE-2019-16935-xmlrpc-doc-server_title.patch - - CVE-2019-9636-netloc-no-decompose-characters.patch - - CVE-2019-9947-no-ctrl-char-http.patch - - CVE-2019-9948-avoid_local-file.patch - - python-2.7.14-CVE-2018-1000030-1.patch - - python-2.7.14-CVE-2018-1000030-2.patch -- Renamed remove-static-libpython.diff and python-bsddb6.diff to - remove-static-libpython.patch and python-bsddb6.patch to unify - filenames. - -------------------------------------------------------------------- -Tue Oct 8 19:46:52 CEST 2019 - Matej Cepl - -- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing - bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in - python/Lib/DocXMLRPCServer.py - -------------------------------------------------------------------- -Wed Sep 25 13:25:33 UTC 2019 - Bernhard Wiedemann - -- Add bpo36302-sort-module-sources.patch (boo#1041090) - -------------------------------------------------------------------- -Mon Sep 16 15:57:54 CEST 2019 - Matej Cepl - -- Add CVE-2019-16056-email-parse-addr.patch fixing the email - module wrongly parses email addresses [bsc#1149955, - CVE-2019-16056] - -------------------------------------------------------------------- -Thu Jul 25 19:31:47 CEST 2019 - Matej Cepl - -- boo#1141853 (CVE-2018-20852) add - CVE-2018-20852-cookie-domain-check.patch fixing - http.cookiejar.DefaultPolicy.domain_return_ok which did not - correctly validate the domain: it could be tricked into sending - cookies to the wrong server. - -------------------------------------------------------------------- -Fri Jul 19 11:19:42 UTC 2019 - Tomáš Chvátal - -- Skip test_urllib2_localnet that randomly fails in OBS - -------------------------------------------------------------------- -Wed Jul 3 21:02:00 CEST 2019 - Matej Cepl - -- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch - which fixes regression introduced by the previous patch. - (CVE-2019-10160) - Upstream gh#python/cpython#13812 - -------------------------------------------------------------------- -Wed May 29 08:58:16 UTC 2019 - Martin Liška - -- Set _lto_cflags to nil as it will prevent to propage LTO - for Python modules that are built in a separate package. - -------------------------------------------------------------------- -Thu May 2 08:40:33 CEST 2019 - Matej Cepl - -- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch - Address the issue by disallowing URL paths with embedded - whitespace or control characters through into the underlying - http client request. Such potentially malicious header - injection URLs now cause a ValueError to be raised. - -------------------------------------------------------------------- -Mon Apr 8 22:40:01 CEST 2019 - Matej Cepl - -- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch - removing unnecessary (and potentially harmful) URL scheme - local-file://. - -------------------------------------------------------------------- -Mon Apr 8 21:13:48 CEST 2019 - Matej Cepl - -- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch - Characters in the netloc attribute that decompose under NFKC - normalization (as used by the IDNA encoding) into any of ``/``, - ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the - URL is decomposed before parsing, or is not a Unicode string, - no error will be raised (CVE-2019-9636). - Upstream commits e37ef41 and 507bd8c. - -------------------------------------------------------------------- -Thu Apr 4 22:28:24 CEST 2019 - Matej Cepl - -- (bsc#1111793) Update to 2.7.16: - * bugfix-only release: complete list of changes on - https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst - * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch - which are fully included in the tarball. - * Updated patches to apply cleanly: - CVE-2019-5010-null-defer-x509-cert-DOS.patch - bpo36160-init-sysconfig_vars.patch - do-not-use-non-ascii-in-test_ssl.patch - openssl-111-middlebox-compat.patch - openssl-111-ssl_options.patch - python-2.5.1-sqlite.patch - python-2.6-gettext-plurals.patch - python-2.7-dirs.patch - python-2.7.2-fix_date_time_compiler.patch - python-2.7.4-canonicalize2.patch - python-2.7.5-multilib.patch - python-2.7.9-ssl_ca_path.patch - python-bsddb6.diff - remove-static-libpython.patch - * Update python-2.7.5-multilib.patch to pass with new platlib - regime. - -------------------------------------------------------------------- -Fri Jan 25 16:53:50 CET 2019 - mcepl@suse.com - -- bsc#1109847 (CVE-2018-14647): add - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing - bpo-34623. - -------------------------------------------------------------------- -Fri Jan 25 16:02:21 CET 2019 - mcepl@suse.com - -- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch - PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance - of PyWeakReference struct and does not intialize wr_prev and - wr_next of new isntance. These pointers can have garbage and - point to random memory locations. - Python should not crash while destroying the isntance created - in the same interpreter function. As per my understanding, both - wr_prev and wr_next of PyWeakReference instance should be - initialized to NULL to avoid segfault. - -------------------------------------------------------------------- -Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com - -- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch - fixing bpo-35746 (CVE-2019-5010). - An exploitable denial-of-service vulnerability exists in the - X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. - A specially crafted X509 certificate can cause a NULL pointer - dereference, resulting in a denial of service. An attacker can - initiate or accept TLS connections using crafted certificates - to trigger this vulnerability. - -------------------------------------------------------------------- -Wed Dec 19 19:29:44 UTC 2018 - Todd R - -- Use upstream-recommended %{_rpmconfigdir}/macros.d directory - for the rpm macros. - -------------------------------------------------------------------- -Fri Oct 26 10:48:44 UTC 2018 - Tomáš Chvátal - -- Add patch openssl-111.patch to work with openssl-1.1.1 - (bsc#1113755) - -------------------------------------------------------------------- -Tue Sep 25 22:01:08 UTC 2018 - Matěj Cepl - -- Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which - converts shutil._call_external_zip to use subprocess rather than - distutils.spawn. [bsc#1109663, CVE-2018-1000802] - -------------------------------------------------------------------- -Fri Jun 29 10:24:27 UTC 2018 - mcepl@suse.com - -- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent - low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS - (CVE-2018-1061). Prior to this patch mail server's timestamp was - susceptible to catastrophic backtracking on long evil response from - the server. Also, it was susceptible to catastrophic backtracking, - which was a potential DOS vector. - [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060] - -------------------------------------------------------------------- -Thu Jun 7 17:04:40 UTC 2018 - psimons@suse.com - -- Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that - verifies that at least one channel is provided. Prior to this - check, attackers could cause a denial of service (divide-by-zero - error and application crash) via a crafted wav format audio file. - [bsc#1083507, CVE-2017-18207] - -------------------------------------------------------------------- -Tue May 29 12:42:22 UTC 2018 - mcepl@suse.com - -- Apply "python-sorted_tar.patch" (bsc#1086001, boo#1081750) - sort tarfile output directory listing - -------------------------------------------------------------------- -Mon May 21 18:41:43 UTC 2018 - michael@stroeder.com - -- update to 2.7.15 - * dozens of bugfixes, see NEWS for details -- removed obsolete patches: - * python-ncurses-6.0-accessors.patch - * python-fix-shebang.patch - * gcc8-miscompilation-fix.patch -- add patch from upstream: - * do-not-use-non-ascii-in-test_ssl.patch - -------------------------------------------------------------------- -Fri Apr 6 10:11:22 UTC 2018 - mliska@suse.cz - -- Add gcc8-miscompilation-fix.patch (boo#1084650). - -------------------------------------------------------------------- -Tue Mar 13 15:22:47 UTC 2018 - psimons@suse.com - -- Apply "python-2.7.14-CVE-2017-1000158.patch" to prevent integer - overflows in PyString_DecodeEscape that could have resulted in - heap-based buffer overflow attacks and possible arbitrary code - execution. [bsc#1068664, CVE-2017-1000158] - -------------------------------------------------------------------- -Mon Feb 5 16:01:59 UTC 2018 - normand@linux.vnet.ibm.com - -- exclude test_socket & test_subprocess for PowerPC boo#1078485 - (same ref as previous change) - -------------------------------------------------------------------- -Fri Feb 2 09:21:24 UTC 2018 - normand@linux.vnet.ibm.com - -- Add python-skip_random_failing_tests.patch bypass boo#1078485 - and exclude many tests for PowerPC - -------------------------------------------------------------------- -Tue Jan 30 16:08:33 UTC 2018 - tchvatal@suse.com - -- Add patch python-fix-shebang.patch to fix bsc#1078326 - -------------------------------------------------------------------- -Fri Dec 22 16:49:38 UTC 2017 - jmatejek@suse.com - -- exclude test_regrtest for s390, where it does not segfault as it should - (fixes bsc#1073269) -- fix segfault while creating weakref - bsc#1073748, bpo#29347 - (this is actually fixed by the 2.7.14 update; mentioning this for purposes - of bugfix tracking) - -------------------------------------------------------------------- -Mon Nov 20 16:11:48 UTC 2017 - jmatejek@suse.com - -- update to 2.7.14 - * dozens of bugfixes, see NEWS for details - * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664) - * fixed segfaults with dict mutated during search - * fixed possible free-after-use problems with buffer objects with custom indexing - * fixed urllib.splithost to correctly parse fragments (bpo-30500) -- drop upstreamed python-2.7.13-overflow_check.patch -- drop unneeded python-2.7.12-makeopcode.patch -- drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch -- Apply "python-2.7.14-CVE-2018-1000030-1.patch" and - "python-2.7.14-CVE-2018-1000030-2.patch" to remedy a bug that - would crash the Python interpreter when multiple threads used the - same I/O stream concurrently. This issue is not classified as a - security vulnerability due to the fact that an attacker must be - able to run code, however in some situations -- such as function - as a service -- this vulnerability can potentially be used by an - attacker to violate a trust boundary. [bsc#1079300, - CVE-2018-1000030] - -------------------------------------------------------------------- -Thu Nov 2 16:53:42 UTC 2017 - mpluskal@suse.com - -- Call python2 instead of python in macros - -------------------------------------------------------------------- -Thu Sep 14 14:12:38 UTC 2017 - vcizek@suse.com - -- Fix test broken with OpenSSL 1.1 (bsc#1042670) - * add 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch - -------------------------------------------------------------------- -Mon Aug 28 13:28:46 UTC 2017 - jmatejek@suse.com - -- drop SUSE_ASNEEDED=0 as it is not needed anymore - -------------------------------------------------------------------- -Thu Aug 17 08:58:02 CEST 2017 - kukuk@suse.de - -- Add libnsl-devel build requires for glibc obsoleting libnsl - -------------------------------------------------------------------- -Mon May 15 14:03:01 UTC 2017 - jmatejek@suse.com - -- obsolete/provide python-argparse and provide python2-argparse, - because the argparse module is available from python 2.7 up - -------------------------------------------------------------------- -Tue Feb 28 16:16:40 UTC 2017 - jmatejek@suse.com - -- SLE package update (bsc#1027282) -- refresh python-2.7.5-multilib.patch -- dropped upstreamed patches: - python-fix-short-dh.patch - python-2.7.7-mhlib-linkcount.patch - python-2.7-urllib2-localnet-ssl.patch - CVE-2016-0772-smtplib-starttls.patch - CVE-2016-5699-http-header-injection.patch - CVE-2016-5636-zipimporter-overflow.patch - python-2.7-httpoxy.patch -- Add python-ncurses-6.0-accessors.patch: Fix build with - NCurses 6.0 and OPAQUE_WINDOW set to 1. - (dimstar@opensuse.org) - -------------------------------------------------------------------- -Fri Feb 24 17:08:25 UTC 2017 - bwiedemann@suse.com - -- Add reproducible.patch to allow reproducible builds of various - python packages like python-amqp - Upstream: https://github.com/python/cpython/pull/296 - -------------------------------------------------------------------- -Tue Jan 3 16:59:24 UTC 2017 - jmatejek@suse.com - -- update to 2.7.13 - * dozens of bugfixes, see NEWS for details - * updated cipher lists for openssl wrapper, support openssl >= 1.1.0 - * properly fix HTTPoxy (CVE-2016-1000110) - * profile-opt build now applies PGO to modules as well -- update python-2.7.10-overflow_check.patch - with python-2.7.13-overflow_check.patch, incorporating upstream changes - (bnc#964182) -- add "-fwrapv" to optflags explicitly because upstream code still - relies on it in many places - -------------------------------------------------------------------- -Fri Dec 2 15:32:59 UTC 2016 - jmatejek@suse.com - -- provide python2-* symbols, for support of new packages built as - python2-foo -- rename macros.python to macros.python2 accordingly -- require python-rpm-macros package, drop macro definitions from - macros.python2 - -------------------------------------------------------------------- -Mon Sep 26 14:06:25 UTC 2016 - jmatejek@suse.com - -- initial packaging of `python27` side-by-side variant (fate#321075, bsc#997436) -- renamed `python` to `python27` in package names and requires -- removed Provides and Obsoletes clauses -- dropped SLE12-only patch python-2.7.9-sles-disable-verification-by-default.patch, - companion sle_tls_checks_policy.py file and the python-strict-tls-checks subpackage -- dropped profile files -- removed /usr/bin/python and /usr/bin/python2, along with other unversioned - aliases -- rewrote macros file to enable stand-alone packages depending on py2.7 -- re-included downloaded version of HTML documentation - -------------------------------------------------------------------- -Thu Jun 30 09:23:05 UTC 2016 - jmatejek@suse.com - -- update to 2.7.12 - * dozens of bugfixes, see NEWS for details - * fixes multiple security issues: - CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) - CVE-2016-5636 zipimporter heap overflow (bsc#985177) - CVE-2016-5699 httplib header injection (bsc#985348) - (this one is actually fixed since 2.7.10) -- removed upstreamed python-2.7.7-mhlib-linkcount.patch -- refreshed multilib patch -- python-2.7.12-makeopcode.patch - run newly-built python interpreter - to make opcodes, in order not to require pre-built python -- update LD_LIBRARY_PATH to use $PWD instead of "." because the test - process escapes to its own directory -- modify shebang-fixing scriptlet to ignore makeopcodetargets.py - -------------------------------------------------------------------- -Fri Jun 17 12:33:23 UTC 2016 - jmatejek@suse.com - -- CVE-2016-0772-smtplib-starttls.patch: - smtplib vulnerability opens startTLS stripping attack - (CVE-2016-0772, bsc#984751) -- CVE-2016-5636-zipimporter-overflow.patch: - heap overflow when importing malformed zip files - (CVE-2016-5636, bsc#985177) -- CVE-2016-5699-http-header-injection.patch: - incorrect validation of HTTP headers allow header injection - (CVE-2016-5699, bsc#985348) -- python-2.7-httpoxy.patch: - HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY - when REQUEST_METHOD is also set - (CVE-2016-1000110, bsc#989523) - -------------------------------------------------------------------- -Fri Jan 29 13:03:40 UTC 2016 - rguenther@suse.com - -- Add python-2.7.10-overflow_check.patch to fix broken overflow checks. - [bnc#964182] - -------------------------------------------------------------------- -Mon Sep 14 15:04:43 UTC 2015 - jmatejek@suse.com - -- copy strict-tls-checks subpackage from SLE to retain future compatibility - (not built in openSUSE) -- do this properly to fix bnc#945401 -- update SLE check to exclude Leap which also has version 1315, - just to be sure - -------------------------------------------------------------------- -Wed Sep 9 12:19:01 UTC 2015 - dimstar@opensuse.org - -- Add python-ncurses-6.0-accessors.patch: Fix build with - NCurses 6.0 and OPAQUE_WINDOW set to 1. - -------------------------------------------------------------------- -Thu Aug 13 13:31:15 UTC 2015 - jmatejek@suse.com - -- add missing ssl.pyc and ssl.pyo to package -- implement python-strict-tls-checks subpackage - * when present, Python will perform TLS certificate checking by default. - it is possible to remove the package to turn off the checks - for compatibility with legacy scripts. - * as discussed in fate#318300 - * this is not built for openSUSE, but retained here in case we want - to build the package for a SLE system - -------------------------------------------------------------------- -Mon Jun 29 08:32:44 UTC 2015 - meissner@suse.com - -- python-fix-short-dh.patch: Bump DH parameters to 2048 bit - to fix logjam security issue. bsc#935856 - -------------------------------------------------------------------- -Wed Jun 10 11:19:58 UTC 2015 - dmueller@suse.com - -- add __python2 compatibility macro (used by Fedora) (fate#318838) - -------------------------------------------------------------------- -Sun May 24 14:36:37 UTC 2015 - michael@stroeder.com - -- update to 2.7.10 -- removed obsolete python-2.7-urllib2-localnet-ssl.patch - -------------------------------------------------------------------- -Tue May 19 11:18:12 UTC 2015 - schwab@suse.de - -- Reenable test_posix on aarch64 - -------------------------------------------------------------------- -Sun Dec 21 19:14:17 UTC 2014 - schwab@suse.de - -- python-2.7.4-aarch64.patch: Remove obsolete patch -- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for - aarch64 - -------------------------------------------------------------------- -Fri Dec 12 17:11:51 UTC 2014 - jmatejek@suse.com - -- update to 2.7.9 - * contains full backport of ssl module from Python 3.4 (PEP466) - * HTTPS certificate validation enabled by default (PEP476) - * SSLv3 disabled by default (bnc#901715) - * backported ensurepip module (PEP477) - * fixes several missing CVEs from last release: CVE-2013-1752, - CVE-2013-1753 - * dozens of minor bugfixes -- dropped upstreamed patches: python-2.7.6-poplib.patch, - smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch -- dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it - with ssl module from Python 3 -- libffi was upgraded upstream, seems to contain our changes, - so dropping libffi-ppc64le.diff as well -- python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional - "import ssl" from test_urllib2_localnet that caused it to fail without ssl - -------------------------------------------------------------------- -Wed Oct 22 13:30:24 UTC 2014 - dmueller@suse.com - -- skip test_thread in qemu_linux_user mode - -------------------------------------------------------------------- -Wed Oct 1 13:00:59 UTC 2014 - jmatejek@suse.com - -- CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow - in buffer() - (CVE-2014-7185, bnc#898572) - -------------------------------------------------------------------- -Tue Sep 30 15:06:15 UTC 2014 - jmatejek@suse.com - -- update to 2.7.8 - * bugfix-only release, dozens of bugs fixed - * fixes CVE-2014-4650 directory traversal in CGIHTTPServer - * fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer() -- dropped upstreamed CVE-2014-4650-CGIHTTPserver-traversal.patch -- dropped upstreamed CVE-2014-7185-buffer-wraparound.patch - -------------------------------------------------------------------- -Wed Jul 23 16:48:38 UTC 2014 - jmatejek@suse.com - -- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file - disclosure and directory traversal through URL-encoded characters - (CVE-2014-4650, bnc#885882) -- python-2.7.7-mhlib-linkcount.patch: remove link count optimizations - that are incorrect on btrfs (and possibly other filesystems) - -------------------------------------------------------------------- -Fri Jun 20 13:11:34 UTC 2014 - jmatejek@suse.com - -- update to 2.7.7 - * bugfix-only release, over a hundred bugs fixed - * backported hmac.compare_digest from python3, first step of PEP 466 -- drop upstreamed patches: - * CVE-2014-1912-recvfrom_into.patch - * python-2.7.4-no-REUSEPORT.patch - * python-2.7.6-bdist-rpm.patch - * python-2.7.6-imaplib.patch - * python-2.7.6-sqlite-3.8.4-tests.patch -- refresh patches: - * python-2.7.3-ssl_ca_path.patch - * python-2.7.4-canonicalize2.patch - * xmlrpc_gzip_27.patch -- added python keyring and signature for the main tarball - -------------------------------------------------------------------- -Sat Mar 15 08:05:41 UTC 2014 - schwab@suse.de - -- Use profile-opt only when profiling is enabled -- python-2.7.2-disable-tests-in-test_io.patch: removed, no longer needed -- update testsuite exclusion list: - * test_signal and test_posix fail due to qemu bugs - -------------------------------------------------------------------- -Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de - -- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, - adding python-2.7.6-sqlite-3.8.4-tests.patch - -------------------------------------------------------------------- -Mon Feb 10 14:24:52 UTC 2014 - jmatejek@suse.com - -- added patches for CVE-2013-1752 (bnc#856836) issues that are - missing in 2.7.6: - python-2.7.6-imaplib.patch - python-2.7.6-poplib.patch - smtplib_maxline-2.7.patch -- CVE-2013-1753 (bnc#856835) gzip decompression bomb in xmlrpc client: - xmlrpc_gzip_27.patch -- python-2.7.6-bdist-rpm.patch: fix broken "setup.py bdist_rpm" command - (bnc#857470, issue18045) -- multilib patch: add "~/.local/lib64" paths to search path - (bnc#637176) -- CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow - in socket.recvfrom_into (CVE-2014-1912, bnc#863741) - -------------------------------------------------------------------- -Tue Dec 10 16:56:02 UTC 2013 - uweigand@de.ibm.com - -- Add Obsoletes/Provides for python-ctypes. - -------------------------------------------------------------------- -Sat Dec 7 02:27:51 UTC 2013 - matz@suse.de - -- Ignore uuid testcase in the testsuite, it relies on unreliable - ifconfig output. - -------------------------------------------------------------------- -Tue Dec 3 20:03:08 CET 2013 - mls@suse.de - -- adapt python-2.7.5-multilib.patch for ppc64le - -------------------------------------------------------------------- -Tue Dec 3 17:30:26 UTC 2013 - dvaleev@suse.com - -- adjust %files for ppc64le - -------------------------------------------------------------------- -Tue Dec 3 17:05:45 UTC 2013 - matz@suse.de - -- Support for ppc64le in _ctypes libffi copy. - -- added patches: - * libffi-ppc64le.diff -------------------------------------------------------------------- -Tue Dec 3 09:44:28 UTC 2013 - adrian@suse.de - -- add ppc64le rules -- avoid errors from source-validator - -------------------------------------------------------------------- -Thu Nov 21 15:39:28 UTC 2013 - jmatejek@suse.com - -- update to 2.7.6 - * bugfix-only release - * SSL-related fixes - * upstream fix for CVE-2013-4238 - * upstream fixes for CVE-2013-1752 -- removed upstreamed patch CVE-2013-4238_py27.patch -- reintroduce audioop.so as the problems with it seem to be fixed - (bnc#831442) - -------------------------------------------------------------------- -Thu Oct 10 18:13:08 UTC 2013 - dmueller@suse.com - -- exclude test_mmap under qemu_linux_user - emulation fails here - as the tests mmap address conflicts with qemu - -------------------------------------------------------------------- -Mon Aug 26 13:55:35 UTC 2013 - lnussel@suse.de - -- update python-2.7.3-ssl_ca_path.patch patch to load default verify locations - if no ca_certs file is specified (bnc#827982, bnc#836739) - -------------------------------------------------------------------- -Fri Aug 16 11:25:49 UTC 2013 - jmatejek@suse.com - -- handle NULL bytes in certain fields of SSL certificates - (CVE-2013-4238, bnc#834601) - -------------------------------------------------------------------- -Tue Jul 9 07:55:50 UTC 2013 - jengelh@inai.de - -- Add python-bsddb6.diff to support building against libdb-6.0 - -------------------------------------------------------------------- -Sat Jul 6 17:17:11 UTC 2013 - coolo@suse.com - -- have python-devel require python: - http://lists.opensuse.org/opensuse-factory/2013-06/msg00622.html - -------------------------------------------------------------------- -Sun Jun 30 21:20:29 UTC 2013 - schwab@suse.de - -- Disable test_multiprocessing in QEmu build - -------------------------------------------------------------------- -Wed Jun 5 15:17:51 UTC 2013 - schwab@suse.de - -- Disable test_asyncore in QEmu build -- Reenable testsuite on arm - -------------------------------------------------------------------- -Thu May 30 16:40:16 UTC 2013 - jmatejek@suse.com - -- python-2.7.4-aarch64.patch: add missing bits of aarch64 support -- python-2.7.4-no-REUSEPORT.patch: disable test of - missing kernel functionality -- drop unnecessary patch: python-2.7.1-distutils_test_path.patch -- switch to xz archive - -------------------------------------------------------------------- -Tue May 28 08:42:49 UTC 2013 - speilicke@suse.com - -- Update to version 2.7.5: - + bugfix-only release - + fixes several important regressions introduced in 2.7.4 - + Issue #15535: Fixed regression in the pickling of named tuples by - removing the __dict__ property introduced in 2.7.4. - + Issue #17857: Prevent build failures with pre-3.5.0 versions of sqlite3, - such as was shipped with Centos 5 and Mac OS X 10.4. - + Issue #17703: Fix a regression where an illegal use of Py_DECREF() after - interpreter finalization can cause a crash. - + Issue #16447: Fixed potential segmentation fault when setting __name__ on a - class. - + Issue #17610: Don't rely on non-standard behavior of the C qsort() function. 12 - See http://hg.python.org/cpython/file/ab05e7dd2788/Misc/NEWS for more -- Drop upstreamed patches: - + python-2.7.3-fix-dbm-64bit-bigendian.patch - + python-test_structmembers.patch -- Rebased other patches - -------------------------------------------------------------------- -Mon May 13 09:24:29 UTC 2013 - dmueller@suse.com - -- add aarch64 to the list of 64-bit platforms - -------------------------------------------------------------------- -Thu May 9 16:11:23 UTC 2013 - jmatejek@suse.com - -- update to 2.7.4 - * bugfix-only release -- drop upstreamed patches: - pypirc-secure.diff - python-2.7.3-multiprocessing-join.patch - ctypes-libffi-aarch64.patch -- drop python-2.7rc2-configure.patch as it doesn't seem necessary anymore - -------------------------------------------------------------------- -Fri Apr 5 13:33:27 UTC 2013 - idonmez@suse.com - -- Add Source URL, see https://en.opensuse.org/SourceUrls - -------------------------------------------------------------------- -Wed Feb 27 17:04:32 UTC 2013 - schwab@suse.de - -- Add aarch64 to the list of lib64 platforms - -------------------------------------------------------------------- -Mon Feb 25 17:24:52 UTC 2013 - jmatejek@suse.com - -- fix pythonstart failing on $HOME-less users (bnc#804978) - -------------------------------------------------------------------- -Sat Feb 9 16:24:10 UTC 2013 - schwab@suse.de - -- Add ctypes-libffi-aarch64.patch: import aarch64 support for libffi in - _ctypes module - -------------------------------------------------------------------- -Fri Feb 8 14:49:45 UTC 2013 - jmatejek@suse.com - -- multiprocessing: thread joining itself (bnc#747794) -- gettext: fix cases where no bundle is found (bnc#794139) - -------------------------------------------------------------------- -Thu Oct 25 11:21:06 UTC 2012 - coolo@suse.com - -- add explicit buildrequire on libbz2-devel - -------------------------------------------------------------------- -Mon Oct 15 10:39:15 UTC 2012 - coolo@suse.com - -- buildrequire explicitly netcfg for the test suite - -------------------------------------------------------------------- -Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com - -- remove distutils.cfg (bnc#658604) - * this changes default prefix for distutils to /usr - * see ML for details: -http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html - -------------------------------------------------------------------- -Fri Aug 3 18:43:32 UTC 2012 - dimstar@opensuse.org - -- Add python-bundle-lang.patch: gettext: If bindtextdomain is - instructed to look in the default location of translations, we - check additionally in locale-bundle. Fixes issues like bnc#617751 - -------------------------------------------------------------------- -Tue Jul 31 12:36:04 UTC 2012 - jmatejek@suse.com - -- all subpackages require python-base=%{version}-%{release} explicitly - (fixes bnc#766778 bug and similar that might arise in the future) - -------------------------------------------------------------------- -Tue Jun 26 11:54:22 UTC 2012 - dvaleev@suse.com - -- Fix failing test_dbm on ppc64 - -------------------------------------------------------------------- -Thu May 17 17:49:31 UTC 2012 - jfunk@funktronics.ca - -- Support directory-based certificate stores with the ca_certs parameter of SSL - functions [bnc#761501] - -------------------------------------------------------------------- -Sat Apr 14 08:57:46 UTC 2012 - dmueller@suse.com - -- update to 2.7.3: - * no change -- remove static libpython.a from build to avoid packages - linking it statically - -------------------------------------------------------------------- -Wed Mar 28 18:19:18 UTC 2012 - jmatejek@suse.com - -- update to 2.7.3rc2 - * fixes several security issues: - * CVE-2012-0845, bnc#747125 - * CVE-2012-1150, bnc#751718 - * CVE-2011-4944, bnc#754447 - * CVE-2011-3389 -- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) - -!!important!! -- disabled test_unicode which segfaults on 64bits. - this should not happen, revisit in next RC! -!!important!! - -------------------------------------------------------------------- -Thu Feb 16 12:33:44 UTC 2012 - dvaleev@suse.com - -- skip broken test_io test on ppc - -------------------------------------------------------------------- -Mon Dec 12 13:39:57 UTC 2011 - toddrme2178@gmail.com - -- Exclude /usr/bin/2to3 to prevent conflicts with python3-2to3 - -------------------------------------------------------------------- -Thu Dec 8 13:31:01 UTC 2011 - jmatejek@suse.com - -- %python_version now correctly refers to %tarversion - -------------------------------------------------------------------- -Mon Nov 28 09:21:32 UTC 2011 - saschpe@suse.de - -- Spec file cleanup: - * Run spec-cleaner - * Remove outdated %clean section, AutoReqProv and authors from descr. -- Fix license to Python-2.0 (also SPDX style) - -------------------------------------------------------------------- -Fri Sep 30 09:08:59 UTC 2011 - adrian@suse.de - -- fix build for arm by removing an old hack for arm, bz2.so is built now - -------------------------------------------------------------------- -Fri Sep 16 16:21:44 UTC 2011 - jmatejek@suse.com - -- dropped newslist.py from demos because of bad license - (bnc#718009) - -------------------------------------------------------------------- -Fri Aug 19 22:37:42 CEST 2011 - dmueller@suse.de - -- update to 2.7.2: - * Bug fix only release, see - http://hg.python.org/cpython/raw-file/eb3c9b74884c/Misc/NEWS - for details -- introduce a pre_checkin.sh file that synchronizes - patches between python and python-base -- rediff patches for 2.7.2 -- replace kernel3 patch with the upstream solution - -------------------------------------------------------------------- -Fri Jul 22 13:03:49 UTC 2011 - idonmez@novell.com - -- Copy Lib/plat-linux2 to Lix/plat-linux3 so that DLFCN module - is also available for linux3 systems bnc#707667 - -------------------------------------------------------------------- -Mon Jul 11 01:59:56 CEST 2011 - ro@suse.de - -- fix build on factory: setup reports linux3 not linux2 now, - adapt checks - -------------------------------------------------------------------- -Tue May 31 17:58:30 UTC 2011 - jmatejek@novell.com - -- added explicit requires to libpython-%version-%release - to prevent bugs like bnc#697251 reappearing - -------------------------------------------------------------------- -Tue May 24 14:27:05 UTC 2011 - jmatejek@novell.com - -- update to 2.7.1 - * bugfix-only release, see NEWS for details -- refreshed patches, dropped the upstreamed ones -- dropped acrequire patch, replacing it with build-time sed -- improved fix to bnc#673071 by defining the constants - only for files that require it (as is done in python3) - -------------------------------------------------------------------- -Mon May 2 16:04:49 UTC 2011 - jmatejek@novell.com - -- fixed a security flaw where malicious sites could redirect - Python application from http to a local file - (CVE-2011-1521, bnc#682554) -- fixed race condition in Makefile which randomly failed - parallel builds ( http://bugs.python.org/issue10013 ) - -------------------------------------------------------------------- -Thu Feb 17 17:37:09 CET 2011 - pth@suse.de - -- Prefix DATE and TIME with PY_BUILD_ and COMPILER with PYTHON_ as - to not break external code (bnc#673071). - -------------------------------------------------------------------- -Mon Jan 17 09:42:20 UTC 2011 - coolo@novell.com - -- provide pyxml to avoid touching tons of packages - -------------------------------------------------------------------- -Thu Nov 18 08:23:34 UTC 2010 - coolo@novell.com - -- add patch from http://psf.upfronthosting.co.za/roundup/tracker/issue9960 - to fix build on ppc64 - -------------------------------------------------------------------- -Fri Oct 1 13:41:30 UTC 2010 - jmatejek@novell.com - -- moved unittest to python-base (it is a testing framework, not a - testsuite, so it clearly belongs into stdlib) -- fixed smtpd.py DoS (bnc#638233, CVE probably not assigned) - -------------------------------------------------------------------- -Tue Sep 21 10:07:43 UTC 2010 - coolo@novell.com - -- fix baselibs.conf - -------------------------------------------------------------------- -Thu Aug 26 15:13:49 UTC 2010 - suse-tux@gmx.de - -- fix for urllib2 (http://bugs.python.org/issue9639) - -------------------------------------------------------------------- -Thu Aug 26 13:45:19 UTC 2010 - jmatejek@novell.com - -- fixed distutils test -- dropped autoconf version requirement (it builds just fine with other versions) - -------------------------------------------------------------------- -Thu Aug 26 11:37:28 UTC 2010 - jmatejek@novell.com - -- update to version 2.7 - * improved handling of numeric types - * deprecation warnings are now silent by default - * new argparse module for command line arguments - * many new features, see http://docs.python.org/dev/whatsnew/2.7.html - for complete list -*** 2.7 is supposed to be the last version from the 2.x series, -so its (upstream) maintenance period will probably be longer than usual. -However, upstream development now focuses on 3.x series. - -- cleaned up spec and patches - -------------------------------------------------------------------- -Fri Jul 2 13:58:38 UTC 2010 - jengelh@medozas.de - -- add patch from http://bugs.python.org/issue6029 -- use %_smp_mflags - -------------------------------------------------------------------- -Mon May 17 17:07:33 CEST 2010 - matejcik@suse.cz - -- dropped audioop.so because of security vulnerabilities - (bnc#603255) - -------------------------------------------------------------------- -Wed Apr 7 20:35:26 CEST 2010 - matejcik@suse.cz - -- update to 2.6.5 (rpm version 2.6.5) -- patched test_distutils to work - -------------------------------------------------------------------- -Thu Mar 11 18:13:05 CET 2010 - matejcik@suse.cz - -- update to 2.6.5rc2 (rpm version is 2.6.4.92) - * bugfix-only release -- removed fwrapv patch - no longer needed -- removed expat patches (this version also fixes expat vulnerabilities - from bnc#581765 ) -- removed readline spacing patch - no longer needed -- removed https_proxy patch - no longer needed -- removed test_distutils patch - no longer needed -- disabled test_distutils because of spurious failure, - * TODO reenable at release - -------------------------------------------------------------------- -Thu Feb 4 20:46:03 CET 2010 - matejcik@suse.cz - -- removed precompiled exe files (as noted in bnc#577032) - -------------------------------------------------------------------- -Fri Jan 29 15:44:15 CET 2010 - matejcik@suse.cz - -- enabled ipv6 in configure (bnc#572673) - -------------------------------------------------------------------- -Wed Dec 23 08:36:29 UTC 2009 - aj@suse.de - -- Apply patches with fuzz=0 - -------------------------------------------------------------------- -Tue Dec 15 00:22:44 CET 2009 - jengelh@medozas.de - -- add baselibs.conf as source - -------------------------------------------------------------------- -Wed Nov 4 19:04:16 CET 2009 - matejcik@suse.cz - -- readline shouldn't append space after completion (bnc#551715, - python bug 5833) - -------------------------------------------------------------------- -Wed Oct 28 18:03:27 UTC 2009 - crrodriguez@opensuse.org - -- python-devel Requires glibc-devel - -------------------------------------------------------------------- -Fri Sep 4 20:16:42 CEST 2009 - matejcik@suse.cz - -- fixed potential DoS in python's copy of expat (bnc#534721) -- added patch for potential SSL hangup during handshake (bnc#525295) - -------------------------------------------------------------------- -Sun Aug 2 17:01:16 UTC 2009 - jansimon.moeller@opensuse.org - -- fix files section for ARM, as bz2.so isn't built on ARM. - -------------------------------------------------------------------- -Fri Jul 31 22:41:02 CEST 2009 - matejcik@suse.cz - -- added /usr/lib/python2.6{,/site-packages} to the package even if - it is on lib64 arch -- added %python_sitelib and %python_sitearch for fedora compatibility - -------------------------------------------------------------------- -Thu Jul 30 18:34:09 CEST 2009 - matejcik@suse.cz - -- fixed test in test_distutils suite that would generate a warning - when the log threshold was set too low by preceding tests - -------------------------------------------------------------------- -Wed Jul 29 16:09:32 CEST 2009 - matejcik@suse.cz - -- support noarch python packages (modified multilib patch - to differentiate between purelib and platlib, added /usr/lib - to search path in all cases - -------------------------------------------------------------------- -Thu Jul 16 10:11:27 CEST 2009 - coolo@novell.com - -- disable as-needed to fix build - -------------------------------------------------------------------- -Mon Apr 27 15:19:45 CEST 2009 - matejcik@suse.cz - -- update to 2.6.2 - * bugfix-only release for 2.6 series - -------------------------------------------------------------------- -Fri Feb 6 16:10:31 CET 2009 - matejcik@suse.cz - -- excluded pyconfig.h and Makefile and Setup from -devel subpackage - to prevent file conflicts of python-base and python-devel - -------------------------------------------------------------------- -Thu Jan 15 16:00:02 CET 2009 - matejcik@suse.cz - -- fixed gettext.py problem with empty plurals line (bnc#462375) - -------------------------------------------------------------------- -Wed Jan 7 12:34:56 CET 2009 - olh@suse.de - -- obsolete old -XXbit packages (bnc#437293) - -------------------------------------------------------------------- -Mon Dec 15 17:10:17 CET 2008 - matejcik@suse.cz - -- removed bsddb directory from python-base, reenabled in python - ( bnc#441088 ) - -------------------------------------------------------------------- -Mon Oct 20 15:18:30 CEST 2008 - matejcik@suse.cz - -- added libpython and python-base to baselibs.conf (bnc#432677) -- disabled test_smtplib for ia64 so that the package actually - gets built (bnc#436966) - -------------------------------------------------------------------- -Thu Oct 9 18:56:33 CEST 2008 - matejcik@suse.cz - -- update to 2.6 final (version name is 2.6.0 to make upgrade from - 2.6rc2 possible) -- replaced site.py hack with a .pth file to do the same thing - (cleaner solution that doesn't mess up documented behavior - and also fixes virtualenv, bnc#430761) -- enabled profile optimized build -- fixed %py_requires macro (bnc#346490) -- provide %name = 2.6 - -------------------------------------------------------------------- -Fri Sep 19 20:09:50 CEST 2008 - matejcik@suse.cz - -- moved tests to %check section -- update to 2.6rc2, removing the last remaining security patch -- included patch for https proxy support that resolves bnc#214983 - (in a proper way) and bnc#298378 -- included fix for socket.ssl() behavior regression, fixing - bnc#426563 - -------------------------------------------------------------------- -Wed Sep 17 22:09:12 CEST 2008 - matejcik@suse.cz - -- included /etc/rpm/macros.python to fix the split-caused breakage - -------------------------------------------------------------------- -Tue Sep 16 18:12:10 CEST 2008 - matejcik@suse.cz - -- applied bug-no-proxy patch from python#3879, which should improve - backwards compatibility (important i.e. for bzr) -- moved python-xml to a subpackage of this (brings no additional - dependencies, so it can as well stay) -- moved Makefile and pyconfig.h to python-base, removing the need - to have python-devel for installation -- improved compatibility with older distros for 11.0 -- moved ssl.py and sqlite3 module to python package - they won't work - without their respective binary modules anyway - -------------------------------------------------------------------- -Mon Sep 15 18:34:27 CEST 2008 - matejcik@suse.cz - -- updated to 2.6rc1 - bugfix-only pre-stable release -- renamed python-base-devel to python-devel as it should be -- removed macros from libpython package name - -------------------------------------------------------------------- -Fri Sep 12 14:46:00 CEST 2008 - matejcik@suse.cz - -- moved python-devel to a subpackage of this -- created libpython subpackage -- moved essential files from -devel to -base, so that distutils - should now be able to install without -devel package - -------------------------------------------------------------------- -Fri Sep 12 14:44:55 CEST 2008 - matejcik@suse.cz - -- split package, as per fate#305065 -- moved python-devel to be a subpackage of python-base -- minor fixes & packaging cleanups - -------------------------------------------------------------------- -Wed Sep 10 16:31:29 CEST 2008 - matejcik@suse.cz - -- fixed misapplied ssl-compat patch (caused segfaults when - opening SSL connections, bnc#425138 ) - -------------------------------------------------------------------- -Wed Sep 3 17:17:06 CEST 2008 - matejcik@suse.cz - -- updated to 2.6beta3 from BETA dist, summary of changes follows: - * patches update/cleanup - * removed failing tests (test_unicode, test_urllib2), those will - be reworked later to not fail - * fixed ncurses/panel.h include - * removed most security fixes, as they are already included in - this version - * removed imageop/rgbimg - (reasons: they only work in 32bit environment anyway, are - deprecated by upstream and have inherent security problems) - * fixed pythonstart script to trim history after 10000 lines - (bnc#399190) -- 2.6beta3 is mostly stable release of the 2.6 series, - package will be updated to 2.6 final as soon as it comes out - (in the beginning of October) - -------------------------------------------------------------------- -Wed Jul 30 20:35:02 CEST 2008 - matejcik@suse.cz - -- security fixes for issues mentioned in bnc#406051: - * CVE-2008-2315 - multiple integer overflows in basic types - * CVE-2008-2316 - partial hashing of huge data with hashlib - * CVE-2008-3142 - multiple buffer oveflows in unicode processing - * CVE-2008-3144 - possible integer over/underflow in mysnprintf - * buffer overflows in expandtabs() method (afaik no CVE assigned) -- also mentioned CVE-2008-3143 is already fixed in python 2.5.2 - -------------------------------------------------------------------- -Mon Jun 30 15:38:17 CEST 2008 - schwab@suse.de - -- Work around autoheader bug. - -------------------------------------------------------------------- -Fri Jun 13 10:07:02 CEST 2008 - schwab@suse.de - -- Fix configure script. - -------------------------------------------------------------------- -Thu Apr 24 19:37:14 CEST 2008 - matejcik@suse.cz - -- proper path for html documentation from python-doc, - help text mentioning python-doc package in pydoc - (bnc#380942) - -------------------------------------------------------------------- -Wed Apr 16 21:20:07 CEST 2008 - matejcik@suse.cz - -- PyString_FromStringAndSize now checks size parameter - (bnc#379534, CVE-2008-1721) - -------------------------------------------------------------------- -Tue Apr 15 09:14:29 CEST 2008 - adrian@suse.de - -- disable DNS lookup test when running in build service. - The XEN build hosts have no network. - -------------------------------------------------------------------- -Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - -- added baselibs.conf file to build xxbit packages - for multilib support - -------------------------------------------------------------------- -Mon Apr 7 13:59:29 CEST 2008 - schwab@suse.de - -- Limit virtual memory to avoid spurious testsuite failures. - -------------------------------------------------------------------- -Mon Mar 10 18:18:43 CET 2008 - matejcik@suse.cz - -- bnc#367853 turned out to be invalid, upstream is already on to - the real problem -- forcing -fwrapv to compiler flags until upstream has a solution - -------------------------------------------------------------------- -Wed Feb 27 18:08:58 CET 2008 - matejcik@suse.cz - -- update to 2.5.2 - - bugfix-only release, over 100 bugs fixed -- removed hppa patch (already included) -- disabled test_str until gcc issue bnc#367853 is resolved - -------------------------------------------------------------------- -Tue Nov 13 17:32:06 CET 2007 - matejcik@suse.cz - -- patched a bug in sqlite module that would cause segfault on - call to executescript() - -> TODO return and improve the patch - -------------------------------------------------------------------- -Mon Sep 3 17:57:43 CEST 2007 - matejcik@suse.cz - -- replaced fdupes oneliner with %fdupes macro -- added /usr/bin/python2 symlink (#307097) -- obsoletes python-elementtree and python-sqlite (#301182) - (obsoletes, but doesn't provide - the modules that obsolete those - packages are renamed and dependent packages need to be changed) - -------------------------------------------------------------------- -Fri Aug 24 16:42:12 CEST 2007 - bg@suse.de - -- fix build on hppa - -------------------------------------------------------------------- -Fri Aug 3 15:25:32 CEST 2007 - jmatejek@suse.cz - -- replaced duplicate files with hardlinks - -------------------------------------------------------------------- -Fri Jul 27 14:51:03 CEST 2007 - jmatejek@suse.cz - -- removed emacs python-mode and dependency on emacs - -------------------------------------------------------------------- -Fri Jun 8 16:33:09 CEST 2007 - jmatejek@suse.cz - -- revisited & explained failing tests -- applied EINTR recovery patch (#278622) -- experimental replacement of shebang strings, - removing dependency on /usr/bin/env - -------------------------------------------------------------------- -Thu May 24 18:47:20 CEST 2007 - jmatejek@suse.cz - -- update to 2.5.1 - - bugfix only release, over 150 bugs fixed - - fixes off-by-one memory leak in _localemodule.c - (#276889, CVE-2007-2052) -- unnecessary patches removed, minor build cleanup -- warns when attempting to use https proxy (#214983) - -------------------------------------------------------------------- -Tue May 22 01:13:28 CEST 2007 - ro@suse.de - -- make setup.py accept db-4.5 - -------------------------------------------------------------------- -Thu Mar 29 13:32:08 CEST 2007 - aj@suse.de - -- Add ncurses-devel to BuildRequires. - -------------------------------------------------------------------- -Sat Mar 24 18:16:08 CET 2007 - aj@suse.de - -- Add libbz2-devel to BuildRequires. - -------------------------------------------------------------------- -Fri Mar 23 15:10:09 CET 2007 - rguenther@suse.de - -- add gdbm-devel BuildRequires - -------------------------------------------------------------------- -Mon Jan 8 19:27:06 CET 2007 - cthiel@suse.de - -- fix sqlite3 support (#228733) - -------------------------------------------------------------------- -Tue Sep 19 18:20:07 CEST 2006 - jmatejek@suse.cz - -- update to 2.5 final, going into STABLE dist -- issue with lib/python/config is not caused by dirs patch - -------------------------------------------------------------------- -Wed Sep 13 19:07:35 CEST 2006 - jmatejek@suse.cz - -- update to 2.5c2 - - 2.5 final is expected next week -- removed testfiles.tar.bz2 from package due to copyright issues - (see #204867). Reminder: enable urlfetch or put it back (or both, - using Nosource) - -------------------------------------------------------------------- -Tue Sep 5 13:51:48 CEST 2006 - jmatejek@suse.cz - -- update to 2.5c1 -- many new features, see http://www.python.org/dev/peps/pep-0356/ -- 64bit indices issue will require changes of modules, see - http://www.python.org/dev/peps/pep-0353/ for transition guidelines -- non-backwards-compatible changes, see - http://docs.python.org/dev/whatsnew/section-other.html - (this link is expected to die, so just search for "what's new in 2.5") -- open issues in build process: - - sed'ing out /usr/local/bin/python from files causes build to fail - if not filtered by grep (see %prep section) - might be a bug in sed - - 2.3.3-dirs patch + --enable-shared + --libdir breaks build, - because "-L/usr/lib*/python2.5/config" is added instead of "-L." - Workaround in 2.5c1-dirs-fix, should be replaced soon - - test_file fails in autobuild, but is OK when building manually - - test_nis fails in autobuild, probably due to a misconfiguration - on autobuild servers - - it might be good to create python-sqlite3 subpackage - -------------------------------------------------------------------- -Mon Apr 24 20:08:30 CEST 2006 - jmatejek@suse.cz - -- update to 2.4.3 - - no big changes, bugfix-only release (about 50 bugs fixed) - -------------------------------------------------------------------- -Wed Mar 15 17:51:29 CET 2006 - jmatejek@suse.cz - -- moved -doc and -doc-pdf into separate noarch specfile - -------------------------------------------------------------------- -Mon Feb 27 18:05:56 CET 2006 - jmatejek@suse.cz - -- implemented /usr/local path schemes for bug #149809 - - python now recognizes packages in /usr/local/lib/python2.4 - - distutils install by default into /usr/local/lib/python2.4/site-packages - - on 64bit systems that is of course lib64 - -------------------------------------------------------------------- -Wed Jan 25 21:30:52 CET 2006 - mls@suse.de - -- converted neededforbuild to BuildRequires - -------------------------------------------------------------------- -Sat Jan 14 13:25:08 CET 2006 - kukuk@suse.de - -- Add gmp-devel to nfb - -------------------------------------------------------------------- -Mon Nov 28 19:10:03 CET 2005 - jmatejek@suse.cz - -- reenabled optimization on ppc64 - -------------------------------------------------------------------- -Fri Nov 11 16:59:11 CET 2005 - nadvornik@suse.cz - -- fixed another bug in canonicalize patch [#133267] - -------------------------------------------------------------------- -Wed Oct 5 15:53:01 CEST 2005 - jmatejek@suse.cz - -- update to 2.4.2 -- additional fixes to canonicalize patch, restored interactive mode - -------------------------------------------------------------------- -Mon Sep 26 15:40:20 CEST 2005 - jmatejek@suse.cz - -- replaced the previous patch with a new one - - it now tries to use canonical_file_name(), falling back to realpath() - and eventually readlink - - canonical_file_name() branch now sets the buffer length - -------------------------------------------------------------------- -Fri Sep 23 16:29:19 CEST 2005 - jmatejek@suse.cz - -- fixed to build with gcc's new buffer overflow checking - - added patch from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169046 - -------------------------------------------------------------------- -Fri Apr 22 17:04:38 CEST 2005 - schwab@suse.de - -- Always enable SSL bug workarounds. - -------------------------------------------------------------------- -Tue Apr 5 16:58:27 CEST 2005 - mcihar@suse.cz - -- update to 2.4.1 - -------------------------------------------------------------------- -Thu Mar 24 16:15:25 CET 2005 - uli@suse.de - -- fixed to build on ARM - -------------------------------------------------------------------- -Tue Mar 1 19:16:46 CET 2005 - mcihar@suse.cz - -- skip some test on ia64 for now - -------------------------------------------------------------------- -Tue Feb 8 16:43:56 CET 2005 - mcihar@suse.cz - -- mark configuration files as %config - -------------------------------------------------------------------- -Tue Feb 01 14:16:43 CET 2005 - mcihar@suse.cz - -- fix vulnerability in SimpleXMLRPCServer (bug #50321, CAN-2005-0089) - -------------------------------------------------------------------- -Tue Dec 28 16:43:47 CET 2004 - mcihar@suse.cz - -- disable bsddb tests, it fails probably on all 64-bit - -------------------------------------------------------------------- -Thu Dec 23 13:46:21 CET 2004 - mcihar@suse.cz - -- make lib64 installation also work on others than x86_64 - -------------------------------------------------------------------- -Mon Dec 20 17:51:29 CET 2004 - mcihar@suse.de - -- fixed build on ppc64 - - update multiarch patch - - do not test bsddb internals - - remove optimalisation from flags, it breaks at least math - -------------------------------------------------------------------- -Mon Dec 20 14:22:15 CET 2004 - mcihar@suse.cz - -- added extra files needed for some tests (codecmaps and unicode normalisation) -- enabled bsddb tests -- reenabled test_shelve, as it works now - -------------------------------------------------------------------- -Thu Dec 16 17:13:04 CET 2004 - mcihar@suse.cz - -- update db 4.3 patch -- fix bdist_rpm when spec file generates more than one rpm - -------------------------------------------------------------------- -Tue Dec 14 08:13:09 CET 2004 - bg@suse.de - -- disable tests for hppa - -------------------------------------------------------------------- -Mon Dec 06 12:30:59 CET 2004 - mcihar@suse.cz - -- fix bsddb module for current bsddb -- improved readline detection - -------------------------------------------------------------------- -Fri Dec 03 17:37:48 CET 2004 - mcihar@suse.cz - -- updated documentation to 2.4 - -------------------------------------------------------------------- -Wed Dec 01 18:07:17 CET 2004 - mcihar@suse.cz - -- don't use wctype functions from glibc, it breaks at some situations -- enable tests during compilation, removing currently known failures - -------------------------------------------------------------------- -Tue Nov 30 14:32:27 CET 2004 - mcihar@suse.cz - -- update to 2.4 final - -------------------------------------------------------------------- -Wed Nov 24 18:30:23 CET 2004 - mcihar@suse.cz - -- yet another ignore list update, ignore man and locale dirs - -------------------------------------------------------------------- -Wed Nov 24 15:15:46 CET 2004 - mcihar@suse.cz - -- ignore /etc and avoid infinite loop while generating directory list - -------------------------------------------------------------------- -Wed Nov 24 12:43:07 CET 2004 - mcihar@suse.cz - -- ignore one more directories in file list generating -- handle correctly headers path in file list generating -- handle extra_dir in file list generating -- use same way as mandrake to support lib64, at least it's a bit cleaner - solution than we had, so we now also have sys.lib -- audioop is now enabled on 64-bit - -------------------------------------------------------------------- -Tue Nov 23 16:25:15 CET 2004 - mcihar@suse.cz - -- updated to 2.4c1 (2.4 release candidate 1) -- dropped python-mpz package as it was dropped by upstream -- completely rewritten and much simplified rpm file list generation, if you - have problems with new version, please drop me a note -- install also /etc/profile.d/python.csh - -------------------------------------------------------------------- -Tue Aug 24 16:22:05 CEST 2004 - mcihar@suse.cz - -- updated README.SUSE -- added startup script, which enables saving of history and completion - for interactive usage - -------------------------------------------------------------------- -Thu May 27 15:25:20 CEST 2004 - mcihar@suse.cz - -- update to 2.3.4 final (no changes from rc 1) - -------------------------------------------------------------------- -Wed May 19 17:11:10 CEST 2004 - mcihar@suse.cz - -- update to 2.3.4 release candidate 1 (obsoletes some patches taken from cvs) -- forcing of large file support is not needed (for quite a long time) -- updated README.SUSE - -------------------------------------------------------------------- -Tue Mar 16 15:24:49 CET 2004 - mcihar@suse.cz - -- included some fixes from cvs: - - fix possible segfault in bsddb - - urllib2 supports non-anonymous ftp and absolute paths - - fixed GC problems in PyWeakref_NewRef - -------------------------------------------------------------------- -Thu Mar 11 18:36:16 CET 2004 - mcihar@suse.cz - -- fix readline with utf-8 (bug #34302) - -------------------------------------------------------------------- -Wed Mar 03 15:47:22 CET 2004 - mcihar@suse.cz - -- obsoletes python21 - -------------------------------------------------------------------- -Thu Feb 26 17:13:43 CET 2004 - mcihar@suse.cz - -- all subpackages depend on current python version - -------------------------------------------------------------------- -Thu Feb 19 13:11:04 CET 2004 - mcihar@suse.cz - -- fix Lib/email/Charset.py for use in some locales -- fix format string in zipimport module -- use system readline -- add more IPV6 socket options -- use sed instead of perl for replacing -- include LICENSE - -------------------------------------------------------------------- -Sat Jan 10 11:26:35 CET 2004 - adrian@suse.de - -- build as user - -------------------------------------------------------------------- -Mon Jan 05 11:24:09 CET 2004 - mcihar@suse.cz - -- updated to 2.3.3 (final) -- call %{run_ldconfig} in post and postun -- libpython.2.3.so symlink moved to devel package (bug #33779) - -------------------------------------------------------------------- -Fri Dec 12 14:33:36 CET 2003 - mcihar@suse.cz - -- updated to 2.3.3 (release candidate 1) - -------------------------------------------------------------------- -Tue Nov 18 12:41:20 CET 2003 - mcihar@suse.cz - -- use wchar_t functions from libc, this reduces size of interpreter - -------------------------------------------------------------------- -Mon Oct 27 13:19:52 CET 2003 - kukuk@suse.de - -- Remove useless Requires -- Remove not used packages from neededforbuild - -------------------------------------------------------------------- -Fri Oct 03 14:59:55 CEST 2003 - mcihar@suse.cz - -- updated to 2.3.2 - - A bug in autoconf that broke building on HP/UX systems is fixed. - - A bug in the Python configure script that meant os.fsync() was - never available is fixed. - -------------------------------------------------------------------- -Thu Oct 02 16:03:05 CEST 2003 - mcihar@suse.cz - -- force use of directories passed to configure script (-dirs.patch), bug #31947 - -------------------------------------------------------------------- -Mon Sep 29 13:57:18 CEST 2003 - mcihar@suse.cz - -- updated to 2.3.1, most of changes were alredy included in -cvs.patch -- not so verbose untaring - -------------------------------------------------------------------- -Thu Sep 11 14:31:48 CEST 2003 - mcihar@suse.cz - -- included fixes from cvs (branch release23-maint), this fixes some - memory leaks and other bugs (-cvs.patch) -- nicer output from pydoc (-pydoc.patch) -- cleaned up configure parameters -- compiling with -Wall - -------------------------------------------------------------------- -Wed Sep 10 18:39:00 CEST 2003 - mcihar@suse.cz - -- build as shared - -------------------------------------------------------------------- -Wed Sep 03 11:48:07 CEST 2003 - mcihar@suse.cz - -- python now obsoletes python-nothreads (bug #29907) - -------------------------------------------------------------------- -Thu Aug 14 13:23:50 CEST 2003 - mcihar@suse.cz - -- fixed symlinks to configuration files -- cleaned up spec file - -------------------------------------------------------------------- -Wed Aug 06 18:03:22 CEST 2003 - mcihar@suse.cz - -- updated lib64 patch - -------------------------------------------------------------------- -Tue Aug 05 13:17:20 CEST 2003 - mcihar@suse.cz - -- updated to final 2.3, some highlights: - * Python 2.3 is about 20-30% faster than Python 2.2.3 - * Brand new IDLE - * Some new or upgraded built-ins, includes better support for - unicode, new bool type... - * Lots of upgraded or new modules and packages. - * PYTHONINSPECT variabale that can cause python to behave as it - was executed with -i parameter. - -------------------------------------------------------------------- -Tue Jul 29 01:46:23 CEST 2003 - ro@suse.de - -- added tk-devel to neededforbuild - -------------------------------------------------------------------- -Thu Jun 26 22:57:28 CEST 2003 - mcihar@suse.cz - -- updated to cvs snapshot, mostly because of finally correct DESTDIR - support, to avoid buildroot leftovers - -------------------------------------------------------------------- -Tue Jun 24 12:32:23 CEST 2003 - mcihar@suse.cz - -- better excluding site-packages from generated dirlist - -------------------------------------------------------------------- -Tue Jun 17 15:37:51 CEST 2003 - mcihar@suse.cz - -- ignore site-packages and share directories for filelists -- include install dir if not site-packages in filelists - -------------------------------------------------------------------- -Tue Jun 17 10:20:09 CEST 2003 - mcihar@suse.cz - -- better handle mutliple level of install directories when - generating %dir entries - -------------------------------------------------------------------- -Mon Jun 16 17:25:08 CEST 2003 - mcihar@suse.cz - -- one more distutils patch update: - * fix generating of dirs in chrooted installs for install_data - * don't include directory for install_scripts - -------------------------------------------------------------------- -Mon Jun 16 15:55:20 CEST 2003 - mcihar@suse.cz - -- updated patch to work around problems with self defined get_outputs - -------------------------------------------------------------------- -Mon Jun 16 12:29:31 CEST 2003 - mcihar@suse.cz - -- modified distutils to allow generating complete file list for rpm - (including directories with %dir macro), to use this use - --record-rpm= instead of --record= - -------------------------------------------------------------------- -Thu Jun 05 09:23:32 CEST 2003 - mcihar@suse.cz - -- move documentation where it was in 2.2 versions -- fixed permissions for some scripts in devel package - -------------------------------------------------------------------- -Thu May 29 14:22:08 CEST 2003 - mcihar@suse.cz - -- cleaned up specfile -- make executable only files that should be - -------------------------------------------------------------------- -Mon May 19 19:01:43 CEST 2003 - mcihar@suse.cz - -- removed .cvsignore files - -------------------------------------------------------------------- -Tue Apr 29 13:26:02 CEST 2003 - mcihar@suse.cz - -- updated lib64 patch - -------------------------------------------------------------------- -Mon Apr 28 11:25:11 CEST 2003 - mcihar@suse.cz - -- updated to 2.3b1, some highlights: - - sum() builtin, adds a sequence of numbers, beats reduce(). - - csv module, reads comma-separated-value files (and more). - - timeit module, times code snippets. - - os.walk(), a generator slated to replace os.path.walk(). - - platform module, by Marc-Andre Lemburg, returns detailed platform - information. - -------------------------------------------------------------------- -Thu Apr 10 14:52:48 CEST 2003 - mcihar@suse.cz - -- added DEFS to config/Makefile as it was in 2.2 - -------------------------------------------------------------------- -Wed Apr 02 14:50:29 CEST 2003 - mcihar@suse.cz - -- updated lib64 patch -- fixed list of built modules for 64-bit arches - -------------------------------------------------------------------- -Tue Apr 01 17:57:56 CEST 2003 - mcihar@suse.cz - -- updated to python 2.3 alpha 2 - - updated many builtins and modules - - new modules: bsddb, bz2, datetime, logging, optparse, sets, - textwrap, zipimport, - - some general things have changed: - - Hex/oct literals prefixed with a minus sign were handled - inconsistently. - - Package index and metadata for distutils. - - Encoding declarations - you can put a comment of the form - "# -*- coding: -*-" in the first or second line of a Python - source file to indicate the encoding (e.g. utf-8). - - Import from zipfiles. - - see Misc/NEWS in documentation or python website - - http://python.org/2.3/highlights.html for more details -- moved distutils into -devel package -- cleaned up specfile - -------------------------------------------------------------------- -Tue Apr 01 12:27:06 CEST 2003 - mcihar@suse.cz - -- removed RPM_BUILD_ROOT leftovers (bug #25963) - -------------------------------------------------------------------- -Thu Mar 6 12:05:53 CET 2003 - kukuk@suse.de - -- Provide/Obsolete python-tkinter - -------------------------------------------------------------------- -Tue Jan 28 17:51:45 CET 2003 - mcihar@suse.cz - -- idle symlink corrected for lib64 -- fixed LIBDEST path for distutils, closes #22322 - -------------------------------------------------------------------- -Fri Jan 10 13:39:51 CET 2003 - mcihar@suse.cz - -- fixed distutils for lib64 - -------------------------------------------------------------------- -Wed Dec 18 13:45:15 CET 2002 - mcihar@suse.cz - -- improved blt detection for tkinter -- build with detected version of tix -- enabled SIGFPE catching -- enabled signal module -- enabled C++ support - -------------------------------------------------------------------- -Fri Nov 29 16:16:57 CET 2002 - mcihar@suse.cz - -- enabled ipv6 support -- no apache is needed for building -- python-nothreads is not built anymore as is seems that mod_python - works correctly woth python 2.2.2 and threads -- Makefile also copied to config directory in rpm - -------------------------------------------------------------------- -Wed Nov 27 10:59:03 CET 2002 - adrian@suse.de - -- Makefile.pre* to config directory - (following the official spec file change) - -------------------------------------------------------------------- -Fri Nov 08 11:06:39 CET 2002 - mcihar@suse.cz - -- fixed bad source number for suse-start-python-mode.el - -------------------------------------------------------------------- -Thu Nov 07 11:37:34 CET 2002 - mcihar@suse.cz - -- fixed %files section for idle on lib64 arches - -------------------------------------------------------------------- -Wed Nov 06 10:35:50 CET 2002 - mcihar@suse.cz - -- included python-mode.el for emacs -- idle moved from demos to separate package -- merged tk and tkinter - -------------------------------------------------------------------- -Wed Oct 30 14:54:31 CET 2002 - mcihar@suse.cz - -- removed not needed l2h and tetex from neededforbuild - -------------------------------------------------------------------- -Wed Oct 30 11:31:44 CET 2002 - ro@suse.de - -- changed neededforbuild to - -------------------------------------------------------------------- -Wed Oct 23 14:36:10 CEST 2002 - mcihar@suse.cz - -- updated to 2.2.2 (bugfix release) -- moved python-korean into separate source package - -------------------------------------------------------------------- -Tue Sep 17 17:34:28 CEST 2002 - ro@suse.de - -- removed bogus self-provides - -------------------------------------------------------------------- -Tue Sep 10 13:52:26 CEST 2002 - kukuk@suse.de - -- Add provides for correct update - -------------------------------------------------------------------- -Thu Sep 5 12:14:45 CEST 2002 - ro@suse.de - -- remove l2h from neededforbuild (apparently no longer used) - -------------------------------------------------------------------- -Thu Aug 15 00:45:41 CEST 2002 - ro@suse.de - -- no fpectl.so on alpha - -------------------------------------------------------------------- -Tue Aug 13 12:45:33 CEST 2002 - uli@suse.de - -- rediffed lib64 patch - -------------------------------------------------------------------- -Thu Aug 8 07:57:25 CEST 2002 - vinil@suse.de - -- new version 2.2.1 -- new version of Korean codes 2.0.5 - and splitted to standalone package 'python-korean' -- get rid of Makefile.pre.in -- clean part added to spec - -------------------------------------------------------------------- -Sun Jul 28 09:27:46 CEST 2002 - kukuk@suse.de - -- removed termcap and tetex from neededforbuild (not used) - -------------------------------------------------------------------- -Fri Jul 26 22:03:54 CEST 2002 - adrian@suse.de - -- fix neededforbuild - -------------------------------------------------------------------- -Tue Jun 11 11:48:13 CEST 2002 - meissner@suse.de - -- add ppc64 to list of 64bit archs that don't compile 3 of the plugins. - -------------------------------------------------------------------- -Tue Jun 4 17:06:04 CEST 2002 - stepan@suse.de - -- change more locations of lib to %{_lib} on platforms - that need it. -- change Makefile to use install -d instead of mkdir - to solve trouble when installing in buildroots. - -------------------------------------------------------------------- -Mon Jun 3 13:21:07 CEST 2002 - stepan@suse.de - -- Change config/Makefile and config/Makefile.pre.in - to use %_lib instead of lib (fixes i.e. zope) - -------------------------------------------------------------------- -Fri May 17 15:08:18 CEST 2002 - sf@suse.de - -- changed site.py to detect the correct location (is needed at least for - postresql to build -- it still needs to be corrected, as only 64-bit excutable shlibs - have to reside in */lib64 - -------------------------------------------------------------------- -Wed May 15 12:01:45 CEST 2002 - coolo@suse.de - -- fixing file list for s390x - -------------------------------------------------------------------- -Tue May 14 23:50:05 CEST 2002 - ro@suse.de - -- use libdir -- try to get this working with lib64 - -------------------------------------------------------------------- -Mon May 6 17:12:49 CEST 2002 - schwab@suse.de - -- Build python library with -fPIC, for inclusion in shared library. - -------------------------------------------------------------------- -Wed Apr 17 15:48:52 CEST 2002 - schwab@suse.de - -- Fix detection of readline library (use -lncurses instead of -ltermcap). - -------------------------------------------------------------------- -Sat Mar 23 17:21:32 CET 2002 - ro@suse.de - -- changed neededforbuild to - -------------------------------------------------------------------- -Fri Feb 1 00:26:09 CET 2002 - ro@suse.de - -- changed neededforbuild to - -------------------------------------------------------------------- -Wed Jan 9 19:34:47 CET 2002 - rvasice@suse.cz - -- used correct Makefile.pre.in - -------------------------------------------------------------------- -Wed Jan 9 14:49:59 CET 2002 - rvasice@suse.cz - -- added Makefile.pre.in to enable build other python packages - -------------------------------------------------------------------- -Mon Jan 7 08:51:27 CET 2002 - rvasice@suse.cz - -- update to version 2.2 -- recreated modules list - -------------------------------------------------------------------- -Mon Dec 17 12:55:39 CET 2001 - ro@suse.de - -- fixed for gmp-4.x - -------------------------------------------------------------------- -Mon Sep 3 13:48:04 CEST 2001 - rvasice@suse.cz - -- added patch for Large File Support - -------------------------------------------------------------------- -Mon Aug 27 10:26:55 CEST 2001 - rvasice@suse.cz - -- removed conflicting file /etc/susehelp.d/pythonhtml.conf from - subpackage python-doc - -------------------------------------------------------------------- -Fri Aug 17 14:41:48 CEST 2001 - schwab@suse.de - -- Compile python library with -fPIC to allow inclusion in shared - libraries. -- Fix configure check for rl_completion_matches. -- Replace use of config.guess by %ifarch. - -------------------------------------------------------------------- -Mon Aug 13 12:51:39 CEST 2001 - ro@suse.de - -- added regex module (needed for yodl) -- filelist probably needs re-check - -------------------------------------------------------------------- -Mon Jul 30 11:34:35 CEST 2001 - rvasice@suse.cz - -- fix /usr/local path - -------------------------------------------------------------------- -Fri Jul 27 16:23:47 CEST 2001 - rvasice@suse.cz - -- update to version 2.1.1 - -------------------------------------------------------------------- -Tue May 8 02:15:19 CEST 2001 - mfabian@suse.de - -- bzip2 sources - -------------------------------------------------------------------- -Fri Apr 13 20:27:17 CEST 2001 - kukuk@suse.de - -- fix build with new readline library - -------------------------------------------------------------------- -Wed Apr 11 14:30:16 CEST 2001 - utuerk@suse.de - -- added pythonhtml.conf for susehelp - -------------------------------------------------------------------- -Fri Feb 23 16:24:25 CET 2001 - ro@suse.de - -- changed neededforbuild to - -------------------------------------------------------------------- -Fri Feb 23 00:10:25 CET 2001 - ro@suse.de - -- added readline/readline-devel to neededforbuild (split from bash) - -------------------------------------------------------------------- -Mon Jan 22 16:25:53 CET 2001 - kukuk@suse.de - -- Use -fPIC - -------------------------------------------------------------------- -Tue Jan 16 19:26:08 CET 2001 - schwab@suse.de - -- Compile python library with -fpic so that it can be included in a - shared library (for mod_python). - -------------------------------------------------------------------- -Mon Jan 15 13:00:09 CET 2001 - mt@suse.de - -- added uc-kr codec, thanks to Hwang, SangJin - -------------------------------------------------------------------- -Sun Dec 31 18:55:09 CET 2000 - schwab@suse.de - -- Fix filelist for ia64. - -------------------------------------------------------------------- -Mon Dec 18 17:18:37 CET 2000 - mt@suse.de - -- added sub-package python-nothreads for mod_python apache-module -- added Obsoletes for old 8.3 packages names - -------------------------------------------------------------------- -Wed Dec 6 18:04:55 CET 2000 - mt@suse.de - -- cleaned up pythons tk dependencies - -------------------------------------------------------------------- -Thu Nov 30 01:41:16 CET 2000 - ro@suse.de - -- fixed tix-link - -------------------------------------------------------------------- -Wed Nov 29 17:26:54 CET 2000 - ro@suse.de - -- changed neededforbuild to - -------------------------------------------------------------------- -Mon Nov 27 10:17:40 CET 2000 - mt@suse.de - -- changed libnetpb to libnetpbm in neededforbuild -- changed file-list in python-devel - -------------------------------------------------------------------- -Thu Nov 23 09:39:10 CET 2000 - mt@suse.de - -- added openssl-devel to neededforbuild - -------------------------------------------------------------------- -Wed Nov 22 10:11:15 CET 2000 - mt@suse.de - -- removed site-packages from Setup.in patch -- python-64bit.patch should be used on all 64bit platforms - -------------------------------------------------------------------- -Sun Nov 19 18:31:21 CET 2000 - mt@suse.de - -- updated to BeOpen-Python-2.0 - -------------------------------------------------------------------- -Fri Oct 27 14:34:14 CEST 2000 - kukuk@suse.de - -- Use long filenames -- Fix some paths -- Include - -------------------------------------------------------------------- -Thu Jul 6 01:14:30 CEST 2000 - mt@suse.de - -- added anydbm (whichdb.py) patch from www.tummy.com - -------------------------------------------------------------------- -Sat May 27 11:30:28 CEST 2000 - kukuk@suse.de - -- Use libtk8.3.so and libtcl8.3.so - -------------------------------------------------------------------- -Thu May 4 18:32:34 CEST 2000 - kukuk@suse.de - -- Fix filelist for new doc dir - -------------------------------------------------------------------- -Mon Mar 13 23:52:19 CET 2000 - ro@suse.de - -- fixed filelist for alpha - -------------------------------------------------------------------- -Wed Mar 1 18:17:20 CET 2000 - werner@suse.de - -- Fix config.guess selection - -------------------------------------------------------------------- -Wed Feb 16 15:13:47 CET 2000 - uli@suse.de - -- passing MANDIR to "make install libinstall" (seems like it gets - lost somewhere) - -------------------------------------------------------------------- -Wed Feb 16 00:25:30 CET 2000 - ro@suse.de - -- man to /usr/share using macro - -------------------------------------------------------------------- -Tue Feb 15 20:43:25 CET 2000 - mt@suse.de - -- stripped the python binary - -------------------------------------------------------------------- -Mon Oct 11 17:40:31 MEST 1999 - max@suse.de - -- ready for the new Tcl/Tk packages - -------------------------------------------------------------------- -Mon Sep 27 16:31:01 CEST 1999 - bs@suse.de - -- fixed requirements for sub packages - -------------------------------------------------------------------- -Mon Sep 20 18:25:03 CEST 1999 - ro@suse.de - -- added python_image_lib as requires to pyth_tk and as provides to pyth_tkl - -------------------------------------------------------------------- -Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de - -- ran old prepare_spec on spec file to switch to new prepare_spec. - -------------------------------------------------------------------- -Mon Jun 7 14:27:02 MEST 1999 - mt@suse.de - -- disabled pyth_dvi module in spec-file - -------------------------------------------------------------------- -Wed May 26 12:27:24 MEST 1999 - ro@suse.de - -- added libpng to neededforbuild - -------------------------------------------------------------------- -Wed May 26 12:06:13 MEST 1999 - ro@suse.de - -- added blt to neededforbuild - -------------------------------------------------------------------- -Tue May 25 16:00:31 MEST 1999 - mt@suse.de - -- new version 1.5.2 -- splited into sub-packages: pyth_doc, pyth_ps, pyth_pdf, - pyth_dvi, pyth_dmo, pyth_tk, pyth_tkl, pyth_cur, pythgdbm - to have better base-package compatibility to andrich.net. - -------------------------------------------------------------------- -Thu Mar 18 01:13:02 MET 1999 - ro@suse.de - -- don't set POSIXLY_CORRECT for second patch - -------------------------------------------------------------------- -Mon Jan 18 23:55:16 MET 1999 - ro@suse.de - -- added automake to neededforbuild -- alpha-fix: don't mix up dec-osf with linux-alpha - -------------------------------------------------------------------- -Tue Dec 1 23:50:20 MET 1998 - mt@suse.de - -- removed TkInter into a separate package - pyth_tk - to make it - possible to replace it with a PIL based TkInter (Python Imaging - Lib) and better package dependecies (not each app needs TkInter) -- removed Makefile.Linux - all build is done from spec file now -- more /usr/local path fixes - -------------------------------------------------------------------- -Fri Nov 6 15:37:40 MET 1998 - ro@suse.de - -- added automake to neededforbuild -- configure with threads - -------------------------------------------------------------------- -Thu Nov 5 09:53:54 MET 1998 - ro@suse.de - -- use db_185.h only for glibc-2.1 - -------------------------------------------------------------------- -Wed Sep 23 12:15:47 MEST 1998 - ro@suse.de - -- two hacks to compile for glibc: - Modules/bsddbmodule.c include db_185.h for glibc - Modules/mpzmodule.c gmp-mparam.h dont exist for glibc / use define - -------------------------------------------------------------------- -Sun Aug 23 13:15:31 MEST 1998 - ke@suse.de - -- Compress PostScript docu. - -------------------------------------------------------------------- -Mon Aug 17 12:47:42 MEST 1998 - mt@suse.de - -- linked readline- and curses-modules with ncurses - -------------------------------------------------------------------- -Fri Aug 7 21:47:11 MEST 1998 - mt@suse.de - -- python modules - file permissions changed (-x) - -------------------------------------------------------------------- -Sat Jul 11 12:57:01 MEST 1998 - bs@suse.de - -- fixed neededforbuild - -------------------------------------------------------------------- -Thu Jul 9 00:29:05 MEST 1998 - mt@suse.de - -- new revision 1.5.1 -- docu in a separate package (pyth_doc) -- Tkinter uses tk8.0/tcl8.0 now -- first attempt to make it "alpha ready" (spec- & dif-file) - -------------------------------------------------------------------- -Mon Mar 2 18:38:49 MET 1998 - ro@suse.de - -- fixed dependency to /usr/local/bin/python - -------------------------------------------------------------------- -Mon Feb 9 17:28:57 MET 1998 - ro@suse.de - -- added some in neededforbuild - -------------------------------------------------------------------- -Wed Feb 4 19:27:08 CET 1998 - mt@suse.de - -- new Version 1.5 with more features, html documentation and new modules - -------------------------------------------------------------------- -Mon Sep 15 14:57:42 CEST 1997 - mt@suse.de - -- added support for readline and (shared) modules: tkinter, dbm, gdbm, - syslog, ncurses, ... - see /usr/lib/python1.4/config/Setup for details - -------------------------------------------------------------------- -Thu Jun 5 17:57:42 CEST 1997 - mt@suse.de - -- new Version 1.4 -- a symlink (python -> python1.4) will be used instead of a hardlink - - ------------------------------------------------------------------- Fri Feb 18 11:00:25 UTC 2022 - Matej Cepl