allows us to use %%{python_module dbm} as a dependency and have
it properly resolved for both python2 and python3
- Add provides in gdbm subpackage to provide dbm symbols. This
allows us to use %%{python_module dbm} as a dependency and have
it properly resolved for both python2 and python3
- Add provides in gdbm subpackage to provide dbm symbols. This
allows us to use %%{python_module dbm} as a dependency and have
it properly resolved for both python2 and python3
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=266
- Drop appstream-glib BuildRequires and no longer call
appstream-util validate-relax: eliminate a build cycle between
as-glib and python. The only thing would would gain by calling
as-uril is catching if upstream breaks the appdata.xml file in a
future release. Considering py2 is dying, chances for a new
release, let alone one breaking the xml file, are slim.
- Drop appstream-glib BuildRequires and no longer call
appstream-util validate-relax: eliminate a build cycle between
as-glib and python. The only thing would would gain by calling
as-uril is catching if upstream breaks the appdata.xml file in a
future release. Considering py2 is dying, chances for a new
release, let alone one breaking the xml file, are slim.
- Drop appstream-glib BuildRequires and no longer call
appstream-util validate-relax: eliminate a build cycle between
as-glib and python. The only thing would would gain by calling
as-uril is catching if upstream breaks the appdata.xml file in a
future release. Considering py2 is dying, chances for a new
release, let alone one breaking the xml file, are slim.
OBS-URL: https://build.opensuse.org/request/show/758098
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=264
- Move /etc/pythonstart script to shared-python-startup
package.
- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from
bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes
bsc#1149792
- python-2.7.14-CVE-2018-1000030-1.patch
- python-2.7.14-CVE-2018-1000030-2.patch
- Skip test_urllib2_localnet that randomly fails in OBS
- Set _lto_cflags to nil as it will prevent to propage LTO
for Python modules that are built in a separate package.
- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch
Address the issue by disallowing URL paths with embedded
whitespace or control characters through into the underlying
http client request. Such potentially malicious header
injection URLs now cause a ValueError to be raised.
- Update to 2.7.16:
* bugfix-only release: complete list of changes on
https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
* Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
which are fully included in the tarball.
* Updated patches to apply cleanly:
CVE-2019-5010-null-defer-x509-cert-DOS.patch
bpo36160-init-sysconfig_vars.patch
do-not-use-non-ascii-in-test_ssl.patch
openssl-111-middlebox-compat.patch
OBS-URL: https://build.opensuse.org/request/show/753174
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=259
- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch
removing unnecessary (and potentially harmful) URL scheme
local-file://.
- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
Characters in the netloc attribute that decompose under NFKC
normalization (as used by the IDNA encoding) into any of ``/``,
``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
URL is decomposed before parsing, or is not a Unicode string,
no error will be raised.
Upstream commits e37ef41 and 507bd8c.
- Update to 2.7.16:
* bugfix-only release: complete list of changes on
https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
* Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
which are fully included in the tarball.
* Updated patches to apply cleanly:
CVE-2019-5010-null-defer-x509-cert-DOS.patch
bpo36160-init-sysconfig_vars.patch
do-not-use-non-ascii-in-test_ssl.patch
openssl-111-middlebox-compat.patch
openssl-111-ssl_options.patch
python-2.5.1-sqlite.patch
python-2.6-gettext-plurals.patch
python-2.7-dirs.patch
python-2.7.2-fix_date_time_compiler.patch
python-2.7.4-canonicalize2.patch
python-2.7.5-multilib.patch
python-2.7.9-ssl_ca_path.patch
OBS-URL: https://build.opensuse.org/request/show/692400
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=241
fixing bpo-35746.
An exploitable denial-of-service vulnerability exists in the
X509 certificate parser of Python.org Python 2.7.11 / 3.7.2.
A specially crafted X509 certificate can cause a NULL pointer
dereference, resulting in a denial of service. An attacker can
initiate or accept TLS connections using crafted certificates
to trigger this vulnerability.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=239
- add patch from upstream:
* do-not-use-non-ascii-in-test_ssl.patch
* dozens of bugfixes, see NEWS for details
- add patch from upstream:
* do-not-use-non-ascii-in-test_ssl.patch
* dozens of bugfixes, see NEWS for details
- add patch from upstream:
* do-not-use-non-ascii-in-test_ssl.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=230
* dozens of bugfixes, see NEWS for details
* fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664)
* fixed segfaults with dict mutated during search
* fixed possible free-after-use problems with buffer objects with custom indexing
* fixed urllib.splithost to correctly parse fragments (bpo-30500)
- drop upstreamed python-2.7.13-overflow_check.patch
- drop unneeded python-2.7.12-makeopcode.patch
- drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch
- update to 2.7.14
* dozens of bugfixes, see NEWS for details
* fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664)
* fixed segfaults with dict mutated during search
* fixed possible free-after-use problems with buffer objects with custom indexing
* fixed urllib.splithost to correctly parse fragments (bpo-30500)
- drop upstreamed python-2.7.13-overflow_check.patch
- drop unneeded python-2.7.12-makeopcode.patch
- drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch
- update to 2.7.14
* dozens of bugfixes, see NEWS for details
* fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664)
* fixed segfaults with dict mutated during search
* fixed possible free-after-use problems with buffer objects with custom indexing
* fixed urllib.splithost to correctly parse fragments (bpo-30500)
- drop upstreamed python-2.7.13-overflow_check.patch
- drop unneeded python-2.7.12-makeopcode.patch
- drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=213
* dozens of bugfixes, see NEWS for details
* updated cipher lists for openssl wrapper, support openssl >= 1.1.0
* properly fix HTTPoxy (CVE-2016-1000110)
* profile-opt build now applies PGO to modules as well
- drop python-2.7.10-overflow_check.patch which is solved in upstream
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=199
python2-foo
- rename macros.python to macros.python2 accordingly
- require python-rpm-macros package, drop macro definitions from
macros.python2
- provide python2-* symbols, for support of new packages built as
python2-foo
- provide python2-* symbols, for support of new packages built as
python2-foo
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=198
