7919fc45c1
Run pre_checkin.sh
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=303
2021-09-17 19:43:07 +00:00
40fb7b0f61
Add CVE-2019-18348 to changes
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=302
2021-09-17 19:42:42 +00:00
eab39a1bee
Fix python-doc.spec
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=301
2021-09-17 19:41:23 +00:00
af50cf637c
Add CVE-2019-18348 to changes
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=300
2021-09-17 19:38:46 +00:00
de8c3896ee
Accepting request 914418 from home:fusionfuture:branches:devel:languages:python:Factory
...
- Renamed patch for assigned CVE:
* bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
(boo#1189241, CVE-2021-3737)
OBS-URL: https://build.opensuse.org/request/show/914418
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=299
2021-08-26 21:32:53 +00:00
e77cbb0e48
Accepting request 913777 from home:fusionfuture:branches:devel:languages:python:Factory
...
- Renamed patch for assigned CVE:
* bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
(boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
* sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
OBS-URL: https://build.opensuse.org/request/show/913777
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=298
2021-08-26 06:56:34 +00:00
8a27bf7896
Accepting request 911251 from home:fusionfuture:branches:devel:languages:python:Factory
...
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
request (bpo#43075, boo#1189287).
- Add missing security announcement to
bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
old: devel:languages:python:Factory/python
new: home:fusionfuture:branches:devel:languages:python:Factory/python rev None
Index: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
===================================================================
--- bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (revision 296)
+++ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (revision 3)
@@ -19,3 +19,8 @@
self.status = status
self.reason = reason.strip()
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2021-05-05-17-37-04.bpo-44022.bS3XJ9.rst
+@@ -0,0 +1,2 @@
++mod:`http.client` now avoids infinitely reading potential HTTP headers after a
++``100 Continue`` status response from the server.
Index: python-base.changes
===================================================================
--- python-base.changes (revision 296)
+++ python-base.changes (revision 3)
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
+
+- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
+ request (bpo#43075, boo#1189287).
+- Add missing security announcement to
+ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
+
+-------------------------------------------------------------------
Mon Aug 9 15:16:15 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
Index: python-base.spec
===================================================================
--- python-base.spec (revision 296)
+++ python-base.spec (revision 3)
@@ -105,6 +105,8 @@
Patch62: CVE-2021-23336-only-amp-as-query-sep.patch
# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
Patch63: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
+Patch64: bpo43075-fix-ReDoS-in-request.patch
# COMMON-PATCH-END
%define python_version %(echo %{tarversion} | head -c 3)
BuildRequires: automake
@@ -233,6 +235,7 @@
%patch61 -p1
%patch62 -p1
%patch63 -p1
+%patch64 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
Index: python-doc.changes
===================================================================
--- python-doc.changes (revision 296)
+++ python-doc.changes (revision 3)
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
+
+- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
+ request (bpo#43075, boo#1189287).
+- Add missing security announcement to
+ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
+
+-------------------------------------------------------------------
Mon Aug 9 15:16:15 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
Index: python-doc.spec
===================================================================
--- python-doc.spec (revision 296)
+++ python-doc.spec (revision 3)
@@ -107,6 +107,8 @@
Patch62: CVE-2021-23336-only-amp-as-query-sep.patch
# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
Patch63: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
+Patch64: bpo43075-fix-ReDoS-in-request.patch
# COMMON-PATCH-END
Provides: pyth_doc
Provides: pyth_ps
@@ -177,6 +179,7 @@
%patch61 -p1
%patch62 -p1
%patch63 -p1
+%patch64 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
Index: python.changes
===================================================================
--- python.changes (revision 296)
+++ python.changes (revision 3)
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
+
+- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
+ request (bpo#43075, boo#1189287).
+- Add missing security announcement to
+ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
+
+-------------------------------------------------------------------
Mon Aug 9 15:16:15 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
Index: python.spec
===================================================================
--- python.spec (revision 296)
+++ python.spec (revision 3)
@@ -107,6 +107,8 @@
Patch62: CVE-2021-23336-only-amp-as-query-sep.patch
# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
Patch63: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
+Patch64: bpo43075-fix-ReDoS-in-request.patch
# COMMON-PATCH-END
BuildRequires: automake
BuildRequires: db-devel
@@ -291,6 +293,7 @@
%patch61 -p1
%patch62 -p1
%patch63 -p1
+%patch64 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
Index: bpo43075-fix-ReDoS-in-request.patch
===================================================================
--- bpo43075-fix-ReDoS-in-request.patch (added)
+++ bpo43075-fix-ReDoS-in-request.patch (revision 3)
@@ -0,0 +1,15 @@
+--- a/Lib/urllib2.py
++++ b/Lib/urllib2.py
+@@ -856,7 +856,7 @@ class AbstractBasicAuthHandler:
+
+ # allow for double- and single-quoted realm values
+ # (single quotes are a violation of the RFC, but appear in the wild)
+- rx = re.compile('(?:[^,]*,)*[ \t]*([^ \t]+)[ \t]+'
++ rx = re.compile('(?:[^,]*,)*[ \t]*([^ \t,]+)[ \t]+'
+ 'realm=(["\']?)([^"\']*)\\2', re.I)
+
+ # XXX could pre-emptively send auth info already accepted (RFC 2617,
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2021-01-31-05-28-14.bpo-43075.DoAXqO.rst
+@@ -0,0 +1 @@
++Fix Regular Expression Denial of Service (ReDoS) vulnerability in :class:`urllib.request.AbstractBasicAuthHandler`. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.
OBS-URL: https://build.opensuse.org/request/show/911251
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=297
2021-08-10 12:55:29 +00:00
3cfc9f2646
Accepting request 911127 from home:fusionfuture:branches:devel:languages:python:Factory
...
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
which fixes http client infinite line reading (DoS) after a http
100 (bpo#44022, boo#1189241).
OBS-URL: https://build.opensuse.org/request/show/911127
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=296
2021-08-10 04:45:07 +00:00
767f0ce31a
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
...
use of semicolon as a query string separator (bpo#42967,
bsc#1182379, CVE-2021-23336).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=294
2021-02-26 22:02:43 +00:00
c021ec3bc1
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
...
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=292
2021-01-31 18:01:03 +00:00
a349f4646b
- (bsc#1180125) We really don't Require python-rpm-macros package.
...
Unnecessary dependency.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=290
2021-01-05 09:19:30 +00:00
05961d060d
Fix changes
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=288
2020-05-30 20:15:37 +00:00
d9c94c7ce3
Fix changes
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=287
2020-05-30 13:40:50 +00:00
d565063e61
Fix changes
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=286
2020-05-30 13:39:55 +00:00
99cc3eb1fe
Fix changes
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=285
2020-05-30 12:27:03 +00:00
ec904350ee
- Fix configure.ac for correct version of PYTHON_FO_REGEN
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=284
2020-05-30 12:23:29 +00:00
d32abf9b40
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=282
2020-04-27 07:04:57 +00:00
00983cacd3
- Update to 2.7.18, final release of Python 2. Ever.:
...
- Newline characters have been escaped when performing uu
encoding to prevent them from overflowing into to content
section of the encoded file. This prevents malicious or
accidental modification of data during the decoding process.
- Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch
by Ben Caller.
- Fixed line numbers and column offsets for AST nodes for calls
without arguments in decorators.
- Disallow control characters in hostnames in http.client,
addressing CVE-2019-18348. Such potentially malicious header
injection URLs now cause a InvalidURL to be raised.
- Fix urllib.urlretrieve failing on subsequent ftp transfers
from the same host.
- Fix problems identified by GCC's -Wstringop-truncation
warning.
- AddRefActCtx() was needlessly being checked for failure in
PC/dl_nt.c.
- Prevent failure of test_relative_path in test_py_compile on
macOS Catalina.
- Fixed possible leak in :c:func:`PyArg_Parse` and similar
functions for format units "es#" and "et#" when the macro
:c:macro:`PY_SSIZE_T_CLEAN` is not defined.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=281
2020-04-23 09:28:38 +00:00
4269d11262
Fix changes
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=279
2020-02-08 22:30:56 +00:00
4617f57e14
- Change to Requires: libpython%{so_version} == %{version}-%{release}
...
to python-base to keep both packages always synchronized (add
%{so_version}) (bsc#1162224).
- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug
"Python urrlib allowed an HTTP server to conduct Regular
Expression Denial of Service (ReDoS)" (bsc#1162367)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=278
2020-02-08 22:22:43 +00:00
57a2c463f0
- Change to Requires: libpython%{so_version} == %{version}-%{release}
...
to python-base to keep both packages always synchronized (add
%{so_version}) (bsc#1162224).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=277
2020-02-08 21:33:28 +00:00
f814036fff
Reapply the patch
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=276
2020-02-06 22:59:43 +00:00
c010d2e825
- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug
...
"Python urrlib allowed an HTTP server to conduct Regular
Expression Denial of Service (ReDoS)" (bsc#1162367)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=275
2020-02-06 22:15:44 +00:00
Tomáš Chvátal
669bddb90e
- Provide python-testsuite from devel subkg to ease py2->py3
...
dependencies
- Provide python-testsuite from devel subkg to ease py2->py3
dependencies
- Provide python-testsuite from devel subkg to ease py2->py3
dependencies
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=273
2020-02-03 19:32:19 +00:00
54c4187a2a
- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
...
off tests coliding with the combination of modern Python and
ancient OpenSSL on SLE-12.
- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
off tests coliding with the combination of modern Python and
ancient OpenSSL on SLE-12.
- libnsl is required only on more recent SLEs and openSUSE, older
glibc supported NIS on its own.
- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
off tests coliding with the combination of modern Python and
ancient OpenSSL on SLE-12.
- libnsl is required only on more recent SLEs and openSUSE, older
glibc supported NIS on its own.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=272
2020-01-28 14:39:17 +00:00
0601b7f8eb
Update from application of this repo to SLE-12
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=271
2020-01-19 19:12:15 +00:00
af1a7b545a
- libnsl is required only on more recent SLEs and openSUSE, older
...
glibc supported NIS on its own.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=269
2020-01-10 16:04:59 +00:00
96f5f5bb74
Add GenericName to idle.desktop
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=268
2020-01-10 16:03:01 +00:00
Tomáš Chvátal
0d07048924
- Add provides in gdbm subpackage to provide dbm symbols. This
...
allows us to use %%{python_module dbm} as a dependency and have
it properly resolved for both python2 and python3
- Add provides in gdbm subpackage to provide dbm symbols. This
allows us to use %%{python_module dbm} as a dependency and have
it properly resolved for both python2 and python3
- Add provides in gdbm subpackage to provide dbm symbols. This
allows us to use %%{python_module dbm} as a dependency and have
it properly resolved for both python2 and python3
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=266
2020-01-02 10:35:17 +00:00
Tomáš Chvátal
47be35da99
Accepting request 758098 from home:dimstar:Factory
...
- Drop appstream-glib BuildRequires and no longer call
appstream-util validate-relax: eliminate a build cycle between
as-glib and python. The only thing would would gain by calling
as-uril is catching if upstream breaks the appdata.xml file in a
future release. Considering py2 is dying, chances for a new
release, let alone one breaking the xml file, are slim.
- Drop appstream-glib BuildRequires and no longer call
appstream-util validate-relax: eliminate a build cycle between
as-glib and python. The only thing would would gain by calling
as-uril is catching if upstream breaks the appdata.xml file in a
future release. Considering py2 is dying, chances for a new
release, let alone one breaking the xml file, are slim.
- Drop appstream-glib BuildRequires and no longer call
appstream-util validate-relax: eliminate a build cycle between
as-glib and python. The only thing would would gain by calling
as-uril is catching if upstream breaks the appdata.xml file in a
future release. Considering py2 is dying, chances for a new
release, let alone one breaking the xml file, are slim.
OBS-URL: https://build.opensuse.org/request/show/758098
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=264
2019-12-19 09:19:58 +00:00
729767d23c
add missing records to this changelog
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=263
2019-12-11 19:45:50 +00:00
7f4063f9b8
Accepting request 755898 from home:mcepl:branches:devel:languages:python:Factory
...
- Unify packages among openSUSE:Factory and SLE versions.
(bsc#1159035)
- Add idle.desktop and idle.appdata.xml to provide IDLE in menus
(bsc#1153830)
- Add python2_split_startup Provide to make it possible to
conflict older packages by shared-python-startup.
OBS-URL: https://build.opensuse.org/request/show/755898
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=262
2019-12-11 16:37:24 +00:00
2c21a466d3
Update changes.
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=260
2019-12-03 12:20:33 +00:00
48a7cf7411
Accepting request 753174 from home:mcepl:branches:devel:languages:python:Factory
...
- Move /etc/pythonstart script to shared-python-startup
package.
- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from
bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes
bsc#1149792
- python-2.7.14-CVE-2018-1000030-1.patch
- python-2.7.14-CVE-2018-1000030-2.patch
- Skip test_urllib2_localnet that randomly fails in OBS
- Set _lto_cflags to nil as it will prevent to propage LTO
for Python modules that are built in a separate package.
- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch
Address the issue by disallowing URL paths with embedded
whitespace or control characters through into the underlying
http client request. Such potentially malicious header
injection URLs now cause a ValueError to be raised.
- Update to 2.7.16:
* bugfix-only release: complete list of changes on
https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
* Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
which are fully included in the tarball.
* Updated patches to apply cleanly:
CVE-2019-5010-null-defer-x509-cert-DOS.patch
bpo36160-init-sysconfig_vars.patch
do-not-use-non-ascii-in-test_ssl.patch
openssl-111-middlebox-compat.patch
OBS-URL: https://build.opensuse.org/request/show/753174
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=259
2019-12-03 11:26:41 +00:00
9abff58a55
Testing S12merge
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=258
2019-11-12 14:04:49 +00:00
Tomáš Chvátal
00800c2a14
Accepting request 745290 from home:StevenK:branches:devel:languages:python:Factory
...
- Add adapted-from-F00251-change-user-install-location.patch fixing
pip/distutils to install into /usr/local.
OBS-URL: https://build.opensuse.org/request/show/745290
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=257
2019-11-05 07:55:07 +00:00
5167eaaa6a
Accepting request 742619 from home:mcepl:branches:devel:languages:python:Factory
...
- Update to 2.7.17:
- a bug fix release in the Python 2.7.x series. It is expected
to be the penultimate release for Python 2.7.
- Removed patches included upstream:
- CVE-2018-20852-cookie-domain-check.patch
- CVE-2019-16935-xmlrpc-doc-server_title.patch
- CVE-2019-9636-netloc-no-decompose-characters.patch
- CVE-2019-9947-no-ctrl-char-http.patch
- CVE-2019-9948-avoid_local-file.patch
OBS-URL: https://build.opensuse.org/request/show/742619
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=255
2019-10-24 14:12:02 +00:00
Tomáš Chvátal
f5ffed7eba
Accepting request 736435 from home:mcepl:branches:devel:languages:python:Factory
...
- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing
bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in
python/Lib/DocXMLRPCServer.py
OBS-URL: https://build.opensuse.org/request/show/736435
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=253
2019-10-09 10:17:50 +00:00
Tomáš Chvátal
e4bf1a5dfb
Accepting request 733188 from home:bmwiedemann:branches:devel:languages:python:Factory
...
Add bpo36302-sort-module-sources.patch (boo#1041090)
similar to SR 733152
OBS-URL: https://build.opensuse.org/request/show/733188
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=251
2019-09-25 15:35:20 +00:00
Tomáš Chvátal
8d87a05715
Accepting request 724264 from home:jayvdb:branches:devel:languages:python:Factory
...
Remove xrpm from subpackage tk description
OBS-URL: https://build.opensuse.org/request/show/724264
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=249
2019-08-18 07:24:48 +00:00
4a730b55c6
Accepting request 717086 from home:mcepl:branches:devel:languages:python:Factory
...
Add CVE patch.
OBS-URL: https://build.opensuse.org/request/show/717086
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=247
2019-07-19 12:54:06 +00:00
Tomáš Chvátal
f532ba5ac3
- Skip test_urllib2_localnet that randomly fails in OBS
...
- Skip test_urllib2_localnet that randomly fails in OBS
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=246
2019-07-19 11:20:26 +00:00
Tomáš Chvátal
9002c333c4
Accepting request 706251 from openSUSE:Factory:Staging:N
...
- Set _lto_cflags to nil as it will prevent to propage LTO
for Python modules that are built in a separate package.
- Set _lto_cflags to nil as it will prevent to propage LTO
for Python modules that are built in a separate package.
OBS-URL: https://build.opensuse.org/request/show/706251
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=244
2019-05-29 09:09:16 +00:00
2f5ed5b585
Accepting request 700428 from home:mcepl:branches:devel:languages:python:Factory
...
- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch
Address the issue by disallowing URL paths with embedded
whitespace or control characters through into the underlying
http client request. Such potentially malicious header
injection URLs now cause a ValueError to be raised.
OBS-URL: https://build.opensuse.org/request/show/700428
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=243
2019-05-03 15:46:24 +00:00
88ffffeead
Accepting request 692400 from home:mcepl:branches:devel:languages:python:Factory
...
- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch
removing unnecessary (and potentially harmful) URL scheme
local-file://.
- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
Characters in the netloc attribute that decompose under NFKC
normalization (as used by the IDNA encoding) into any of ``/``,
``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
URL is decomposed before parsing, or is not a Unicode string,
no error will be raised.
Upstream commits e37ef41 and 507bd8c.
- Update to 2.7.16:
* bugfix-only release: complete list of changes on
https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
* Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
which are fully included in the tarball.
* Updated patches to apply cleanly:
CVE-2019-5010-null-defer-x509-cert-DOS.patch
bpo36160-init-sysconfig_vars.patch
do-not-use-non-ascii-in-test_ssl.patch
openssl-111-middlebox-compat.patch
openssl-111-ssl_options.patch
python-2.5.1-sqlite.patch
python-2.6-gettext-plurals.patch
python-2.7-dirs.patch
python-2.7.2-fix_date_time_compiler.patch
python-2.7.4-canonicalize2.patch
python-2.7.5-multilib.patch
python-2.7.9-ssl_ca_path.patch
OBS-URL: https://build.opensuse.org/request/show/692400
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=241
2019-04-08 22:40:36 +00:00
c457f4f6ba
- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch
...
fixing bpo-35746.
An exploitable denial-of-service vulnerability exists in the
X509 certificate parser of Python.org Python 2.7.11 / 3.7.2.
A specially crafted X509 certificate can cause a NULL pointer
dereference, resulting in a denial of service. An attacker can
initiate or accept TLS connections using crafted certificates
to trigger this vulnerability.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=239
2019-01-20 01:08:59 +00:00
228d743281
Accepting request 660118 from home:TheBlackCat:branches:devel:languages:python:Factory
...
- Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros.
OBS-URL: https://build.opensuse.org/request/show/660118
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=237
2018-12-20 00:22:31 +00:00
Tomáš Chvátal
a74bb24131
Accepting request 645303 from home:vitezslav_cizek:branches:devel:languages:python:Factory
...
- Enable all the tests in %check
- Add more patches to successfully build with openssl 1.1.1
(bsc#1113755)
* openssl-111-middlebox-compat.patch
* openssl-111-ssl_options.patch
OBS-URL: https://build.opensuse.org/request/show/645303
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=235
2018-10-29 15:14:27 +00:00
Tomáš Chvátal
20d7b72031
- Add patch openssl-111.patch to work with openssl-1.1.1
...
- Add patch openssl-111.patch to work with openssl-1.1.1
- Add patch openssl-111.patch to work with openssl-1.1.1
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=234
2018-10-26 12:53:54 +00:00
9eba14b8c5
- Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which
...
converts shutil._call_external_zip to use subprocess rather than
distutils.spawn. [bsc#1109663, CVE-2018-1000802]
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=232
2018-09-27 14:11:14 +00:00
