- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
OBS-URL: https://build.opensuse.org/request/show/925378
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=307
- CVE-2019-18348-CRLF_injection_via_host_part.patch
- python-2.7.14-CVE-2017-1000158.patch
- CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
- CVE-2018-1061-DOS-via-regexp-difflib.patch
- CVE-2019-10160-netloc-port-regression.patch
- CVE-2019-16056-email-parse-addr.patch
- Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
Caller.
- Fixed possible leak in `PyArg_Parse` and similar
`PY_SSIZE_T_CLEAN` is not defined.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=306
(CVE-2019-20907, bpo#39017) avoiding possible infinite loop
in specifically crafted tarball.
Add recursion.tar as a testing tarball for the patch.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
(CVE-2020-26116, bpo#39603) no longer allowing special characters in
the method parameter of HTTPConnection.putrequest in httplib, stopping
injection of headers. Such characters now raise ValueError.
- bsc#1155094 (CVE-2019-18348) Disallow control characters in
hostnames in http.client. Such potentially malicious header
injection URLs now cause a InvalidURL to be raised.
- bsc#1109847 (CVE-2018-14647): add
CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
bpo-34623.
fixing bpo-35746 (CVE-2019-5010).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=304
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
use of semicolon as a query string separator (bpo#42967,
bsc#1182379, CVE-2021-23336).
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
use of semicolon as a query string separator (bpo#42967,
bsc#1182379, CVE-2021-23336).
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
use of semicolon as a query string separator (bpo#42967,
bsc#1182379, CVE-2021-23336).
OBS-URL: https://build.opensuse.org/request/show/875546
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python?expand=0&rev=154
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
OBS-URL: https://build.opensuse.org/request/show/868217
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python?expand=0&rev=153
- Update to 2.7.18, final release of Python 2. Ever.:
- Newline characters have been escaped when performing uu
encoding to prevent them from overflowing into to content
section of the encoded file. This prevents malicious or
accidental modification of data during the decoding process.
- Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch
by Ben Caller.
- Fixed line numbers and column offsets for AST nodes for calls
without arguments in decorators.
- Disallow control characters in hostnames in http.client,
addressing CVE-2019-18348. Such potentially malicious header
injection URLs now cause a InvalidURL to be raised.
- Fix urllib.urlretrieve failing on subsequent ftp transfers
from the same host.
- Fix problems identified by GCC's -Wstringop-truncation
warning.
- AddRefActCtx() was needlessly being checked for failure in
PC/dl_nt.c.
- Prevent failure of test_relative_path in test_py_compile on
macOS Catalina.
- Fixed possible leak in :c:func:`PyArg_Parse` and similar
functions for format units "es#" and "et#" when the macro
:c:macro:`PY_SSIZE_T_CLEAN` is not defined.
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
OBS-URL: https://build.opensuse.org/request/show/798115
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python?expand=0&rev=150
- Newline characters have been escaped when performing uu
encoding to prevent them from overflowing into to content
section of the encoded file. This prevents malicious or
accidental modification of data during the decoding process.
- Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch
by Ben Caller.
- Fixed line numbers and column offsets for AST nodes for calls
without arguments in decorators.
- Disallow control characters in hostnames in http.client,
addressing CVE-2019-18348. Such potentially malicious header
injection URLs now cause a InvalidURL to be raised.
- Fix urllib.urlretrieve failing on subsequent ftp transfers
from the same host.
- Fix problems identified by GCC's -Wstringop-truncation
warning.
- AddRefActCtx() was needlessly being checked for failure in
PC/dl_nt.c.
- Prevent failure of test_relative_path in test_py_compile on
macOS Catalina.
- Fixed possible leak in :c:func:`PyArg_Parse` and similar
functions for format units "es#" and "et#" when the macro
:c:macro:`PY_SSIZE_T_CLEAN` is not defined.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=281
- Provide python-testsuite from devel subkg to ease py2->py3
dependencies
- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
off tests coliding with the combination of modern Python and
ancient OpenSSL on SLE-12.
- Provide python-testsuite from devel subkg to ease py2->py3
dependencies
- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
off tests coliding with the combination of modern Python and
ancient OpenSSL on SLE-12.
- libnsl is required only on more recent SLEs and openSUSE, older
glibc supported NIS on its own.
- Provide python-testsuite from devel subkg to ease py2->py3
dependencies
- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
off tests coliding with the combination of modern Python and
ancient OpenSSL on SLE-12.
- libnsl is required only on more recent SLEs and openSUSE, older
glibc supported NIS on its own.
OBS-URL: https://build.opensuse.org/request/show/769788
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python?expand=0&rev=148
off tests coliding with the combination of modern Python and
ancient OpenSSL on SLE-12.
- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
off tests coliding with the combination of modern Python and
ancient OpenSSL on SLE-12.
- libnsl is required only on more recent SLEs and openSUSE, older
glibc supported NIS on its own.
- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
off tests coliding with the combination of modern Python and
ancient OpenSSL on SLE-12.
- libnsl is required only on more recent SLEs and openSUSE, older
glibc supported NIS on its own.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=272
- Add provides in gdbm subpackage to provide dbm symbols. This
allows us to use %%{python_module dbm} as a dependency and have
it properly resolved for both python2 and python3
- Add provides in gdbm subpackage to provide dbm symbols. This
allows us to use %%{python_module dbm} as a dependency and have
it properly resolved for both python2 and python3
- Add provides in gdbm subpackage to provide dbm symbols. This
allows us to use %%{python_module dbm} as a dependency and have
it properly resolved for both python2 and python3
OBS-URL: https://build.opensuse.org/request/show/760397
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python?expand=0&rev=146
