4a7548ec68
- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED!
...
- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
partially reverting CVE-2023-27043-email-parsing-errors.patch,
because of the regression in gh#python/cpython#106669.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=374
2023-08-11 18:04:06 +00:00
8e5f3115ae
Preliminary WIP state
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=373
2023-07-13 21:50:15 +00:00
3095c8247c
- Fix the application of the python-2.7.17-switch-off-failing-SSL-tests.patch.
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=369
2023-06-07 15:44:38 +00:00
55461311b5
Remove silly comment in the changelog
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=366
2023-06-06 10:29:31 +00:00
78634bafca
Accepting request 1089783 from home:Andreas_Schwab:Factory
...
- python-2.7.5-multilib.patch: Update for riscv64
- Don't fail if _ctypes or dl extension was not built
OBS-URL: https://build.opensuse.org/request/show/1089783
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=364
2023-05-30 11:53:04 +00:00
1108b564fe
- The condition around libnsl-devel BuildRequires is NOT
...
switching off NIS support on SLE < 15, support for NIS used to
be in the glibc itself. Partial revert of sr#1061583.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=362
2023-05-29 18:52:32 +00:00
c0fecb5ffe
- Add PygmentsBridge-trime_doctest_flags.patch to allow build of
...
the documentation even with the current Sphinx. (SUSE-ONLY
PATCH, DO NOT SEND UPSTREAM!)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=360
2023-05-24 20:56:16 +00:00
cd31207dec
Forgot to run pre_checkin.sh
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=359
2023-05-24 18:54:17 +00:00
74c4b15a95
Accepting request 1085043 from home:dimstar:Factory
...
- Add _multibuild to define 2nd spec file as additional flavor.
Eliminates the need for source package links in OBS.
OBS-URL: https://build.opensuse.org/request/show/1085043
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=356
2023-05-05 13:32:20 +00:00
f552945ee9
- Why in the world we download from HTTP?
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=355
2023-04-30 18:18:35 +00:00
d52e9cd8c4
- Enable --with-system-ffi for non-standard architectures.
...
- SLE-12 builds nis.so as well.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=352
2023-03-29 10:23:12 +00:00
9f86e564da
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
...
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=344
2023-03-01 22:01:21 +00:00
ea48fe2e7a
Accepting request 1061583 from home:kukuk:branches:devel:languages:python:Factory
...
- Disable NIS for new products, it's deprecated and gets removed
- Disable NIS for new products, it's deprecated and gets removed
OBS-URL: https://build.opensuse.org/request/show/1061583
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=341
2023-01-27 16:14:53 +00:00
2a9d6402e8
- Add skip_unverified_test.patch because apparently switching off
...
SSL verification doesn't work on older SLE.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=339
2023-01-19 08:45:16 +00:00
6a9d569c25
- Restore python-2.7.9-sles-disable-verification-by-default.patch
...
for SLE-12.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=337
2022-11-22 20:56:11 +00:00
3f9f4e7cb7
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
...
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=334
2022-11-09 19:07:01 +00:00
eb3f10bd75
Accepting request 1003076 from home:bmwiedemann:branches:devel:languages:python:Factory
...
- Add bpo34990-2038-problem-compileall.patch making compileall.py
compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
backport of fix to Python 2.7.
OBS-URL: https://build.opensuse.org/request/show/1003076
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=332
2022-09-15 07:46:07 +00:00
Steve Kowalik
de85457a6c
- Add patch CVE-2021-28861-double-slash-path.patch:
...
* BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=330
2022-09-07 04:48:27 +00:00
da24c1af97
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
...
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=326
2022-06-09 16:47:44 +00:00
3edb04a7cd
Accepting request 962755 from home:msmeissn:branches:devel:languages:python:Factory
...
- python-2.7.9-sles-disable-verification-by-default.patch: remove
as it by default now always does strict enforcement anyway and it
is 2022.
OBS-URL: https://build.opensuse.org/request/show/962755
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=322
2022-03-18 17:01:12 +00:00
2dad11ae4d
- Recover again proper value of %python2_package_prefix
...
(bsc#1175619).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=320
2022-03-02 00:59:44 +00:00
f6d8c1bb6a
Fix changelogs
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=319
2022-02-26 20:11:49 +00:00
dc8a4b385b
- Update bundled pip wheel to the latest SLE version patched
...
against bsc#1186819 (CVE-2021-3572).
- Run pre_checkin.sh as well (so other than python-base
changelogs are synced as well).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=318
2022-02-26 12:44:02 +00:00
9442b9b6ab
- BuildRequire rpm-build-python: The provider to inject python(abi)
...
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=317
2022-02-18 11:02:04 +00:00
a2b1f34add
- Older SLE versions should use old OpenSSL.
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=316
2022-02-18 10:52:31 +00:00
510e372768
Forgot to run pre_checkin.sh
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=313
2022-02-09 16:55:07 +00:00
68c3ceb48d
- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,
...
bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib
not trust the PASV response.
- build against openssl 1.1.x (incompatible with openssl 3.0x)
for now.
- on sle12, python2 modules will still be called python-xxxx until EOL,
for newer SLE versions they will be python2-xxxx
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=310
2022-02-06 07:47:48 +00:00
556d0713a6
Accepting request 936021 from home:dirkmueller:Factory
...
- build against openssl 1.1.x (incompatible with openssl 3.0x) for now
OBS-URL: https://build.opensuse.org/request/show/936021
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=309
2021-12-06 15:16:14 +00:00
a1e48140c5
Accepting request 925378 from home:dimstar:Factory
...
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
OBS-URL: https://build.opensuse.org/request/show/925378
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=307
2021-10-15 13:31:18 +00:00
971ad33422
- Remove upstreamed patches:
...
- CVE-2019-18348-CRLF_injection_via_host_part.patch
- python-2.7.14-CVE-2017-1000158.patch
- CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
- CVE-2018-1061-DOS-via-regexp-difflib.patch
- CVE-2019-10160-netloc-port-regression.patch
- CVE-2019-16056-email-parse-addr.patch
- Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
Caller.
- Fixed possible leak in `PyArg_Parse` and similar
`PY_SSIZE_T_CLEAN` is not defined.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=306
2021-10-08 20:45:22 +00:00
97f5f8e975
- Modify Lib/ensurepip/__init__.py to contain the same version
...
numbers as are in reality the ones in the bundled wheels
(bsc#1187668).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=305
2021-10-04 21:15:18 +00:00
793c3bb790
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
...
(CVE-2019-20907, bpo#39017) avoiding possible infinite loop
in specifically crafted tarball.
Add recursion.tar as a testing tarball for the patch.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
(CVE-2020-26116, bpo#39603) no longer allowing special characters in
the method parameter of HTTPConnection.putrequest in httplib, stopping
injection of headers. Such characters now raise ValueError.
- bsc#1155094 (CVE-2019-18348) Disallow control characters in
hostnames in http.client. Such potentially malicious header
injection URLs now cause a InvalidURL to be raised.
- bsc#1109847 (CVE-2018-14647): add
CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
bpo-34623.
fixing bpo-35746 (CVE-2019-5010).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=304
2021-09-25 21:16:13 +00:00
7919fc45c1
Run pre_checkin.sh
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=303
2021-09-17 19:43:07 +00:00
de8c3896ee
Accepting request 914418 from home:fusionfuture:branches:devel:languages:python:Factory
...
- Renamed patch for assigned CVE:
* bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
(boo#1189241, CVE-2021-3737)
OBS-URL: https://build.opensuse.org/request/show/914418
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=299
2021-08-26 21:32:53 +00:00
e77cbb0e48
Accepting request 913777 from home:fusionfuture:branches:devel:languages:python:Factory
...
- Renamed patch for assigned CVE:
* bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
(boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
* sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
OBS-URL: https://build.opensuse.org/request/show/913777
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=298
2021-08-26 06:56:34 +00:00
8a27bf7896
Accepting request 911251 from home:fusionfuture:branches:devel:languages:python:Factory
...
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
request (bpo#43075, boo#1189287).
- Add missing security announcement to
bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
old: devel:languages:python:Factory/python
new: home:fusionfuture:branches:devel:languages:python:Factory/python rev None
Index: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
===================================================================
--- bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (revision 296)
+++ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (revision 3)
@@ -19,3 +19,8 @@
self.status = status
self.reason = reason.strip()
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2021-05-05-17-37-04.bpo-44022.bS3XJ9.rst
+@@ -0,0 +1,2 @@
++mod:`http.client` now avoids infinitely reading potential HTTP headers after a
++``100 Continue`` status response from the server.
Index: python-base.changes
===================================================================
--- python-base.changes (revision 296)
+++ python-base.changes (revision 3)
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
+
+- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
+ request (bpo#43075, boo#1189287).
+- Add missing security announcement to
+ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
+
+-------------------------------------------------------------------
Mon Aug 9 15:16:15 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
Index: python-base.spec
===================================================================
--- python-base.spec (revision 296)
+++ python-base.spec (revision 3)
@@ -105,6 +105,8 @@
Patch62: CVE-2021-23336-only-amp-as-query-sep.patch
# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
Patch63: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
+Patch64: bpo43075-fix-ReDoS-in-request.patch
# COMMON-PATCH-END
%define python_version %(echo %{tarversion} | head -c 3)
BuildRequires: automake
@@ -233,6 +235,7 @@
%patch61 -p1
%patch62 -p1
%patch63 -p1
+%patch64 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
Index: python-doc.changes
===================================================================
--- python-doc.changes (revision 296)
+++ python-doc.changes (revision 3)
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
+
+- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
+ request (bpo#43075, boo#1189287).
+- Add missing security announcement to
+ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
+
+-------------------------------------------------------------------
Mon Aug 9 15:16:15 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
Index: python-doc.spec
===================================================================
--- python-doc.spec (revision 296)
+++ python-doc.spec (revision 3)
@@ -107,6 +107,8 @@
Patch62: CVE-2021-23336-only-amp-as-query-sep.patch
# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
Patch63: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
+Patch64: bpo43075-fix-ReDoS-in-request.patch
# COMMON-PATCH-END
Provides: pyth_doc
Provides: pyth_ps
@@ -177,6 +179,7 @@
%patch61 -p1
%patch62 -p1
%patch63 -p1
+%patch64 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
Index: python.changes
===================================================================
--- python.changes (revision 296)
+++ python.changes (revision 3)
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
+
+- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
+ request (bpo#43075, boo#1189287).
+- Add missing security announcement to
+ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
+
+-------------------------------------------------------------------
Mon Aug 9 15:16:15 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
Index: python.spec
===================================================================
--- python.spec (revision 296)
+++ python.spec (revision 3)
@@ -107,6 +107,8 @@
Patch62: CVE-2021-23336-only-amp-as-query-sep.patch
# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
Patch63: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
+Patch64: bpo43075-fix-ReDoS-in-request.patch
# COMMON-PATCH-END
BuildRequires: automake
BuildRequires: db-devel
@@ -291,6 +293,7 @@
%patch61 -p1
%patch62 -p1
%patch63 -p1
+%patch64 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
Index: bpo43075-fix-ReDoS-in-request.patch
===================================================================
--- bpo43075-fix-ReDoS-in-request.patch (added)
+++ bpo43075-fix-ReDoS-in-request.patch (revision 3)
@@ -0,0 +1,15 @@
+--- a/Lib/urllib2.py
++++ b/Lib/urllib2.py
+@@ -856,7 +856,7 @@ class AbstractBasicAuthHandler:
+
+ # allow for double- and single-quoted realm values
+ # (single quotes are a violation of the RFC, but appear in the wild)
+- rx = re.compile('(?:[^,]*,)*[ \t]*([^ \t]+)[ \t]+'
++ rx = re.compile('(?:[^,]*,)*[ \t]*([^ \t,]+)[ \t]+'
+ 'realm=(["\']?)([^"\']*)\\2', re.I)
+
+ # XXX could pre-emptively send auth info already accepted (RFC 2617,
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2021-01-31-05-28-14.bpo-43075.DoAXqO.rst
+@@ -0,0 +1 @@
++Fix Regular Expression Denial of Service (ReDoS) vulnerability in :class:`urllib.request.AbstractBasicAuthHandler`. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.
OBS-URL: https://build.opensuse.org/request/show/911251
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=297
2021-08-10 12:55:29 +00:00
3cfc9f2646
Accepting request 911127 from home:fusionfuture:branches:devel:languages:python:Factory
...
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
which fixes http client infinite line reading (DoS) after a http
100 (bpo#44022, boo#1189241).
OBS-URL: https://build.opensuse.org/request/show/911127
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=296
2021-08-10 04:45:07 +00:00
767f0ce31a
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
...
use of semicolon as a query string separator (bpo#42967,
bsc#1182379, CVE-2021-23336).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=294
2021-02-26 22:02:43 +00:00
c021ec3bc1
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
...
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=292
2021-01-31 18:01:03 +00:00
a349f4646b
- (bsc#1180125) We really don't Require python-rpm-macros package.
...
Unnecessary dependency.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=290
2021-01-05 09:19:30 +00:00
05961d060d
Fix changes
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=288
2020-05-30 20:15:37 +00:00
d9c94c7ce3
Fix changes
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=287
2020-05-30 13:40:50 +00:00
d565063e61
Fix changes
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=286
2020-05-30 13:39:55 +00:00
ec904350ee
- Fix configure.ac for correct version of PYTHON_FO_REGEN
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=284
2020-05-30 12:23:29 +00:00
d32abf9b40
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=282
2020-04-27 07:04:57 +00:00
00983cacd3
- Update to 2.7.18, final release of Python 2. Ever.:
...
- Newline characters have been escaped when performing uu
encoding to prevent them from overflowing into to content
section of the encoded file. This prevents malicious or
accidental modification of data during the decoding process.
- Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch
by Ben Caller.
- Fixed line numbers and column offsets for AST nodes for calls
without arguments in decorators.
- Disallow control characters in hostnames in http.client,
addressing CVE-2019-18348. Such potentially malicious header
injection URLs now cause a InvalidURL to be raised.
- Fix urllib.urlretrieve failing on subsequent ftp transfers
from the same host.
- Fix problems identified by GCC's -Wstringop-truncation
warning.
- AddRefActCtx() was needlessly being checked for failure in
PC/dl_nt.c.
- Prevent failure of test_relative_path in test_py_compile on
macOS Catalina.
- Fixed possible leak in :c:func:`PyArg_Parse` and similar
functions for format units "es#" and "et#" when the macro
:c:macro:`PY_SSIZE_T_CLEAN` is not defined.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=281
2020-04-23 09:28:38 +00:00
4617f57e14
- Change to Requires: libpython%{so_version} == %{version}-%{release}
...
to python-base to keep both packages always synchronized (add
%{so_version}) (bsc#1162224).
- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug
"Python urrlib allowed an HTTP server to conduct Regular
Expression Denial of Service (ReDoS)" (bsc#1162367)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=278
2020-02-08 22:22:43 +00:00
Tomáš Chvátal
669bddb90e
- Provide python-testsuite from devel subkg to ease py2->py3
...
dependencies
- Provide python-testsuite from devel subkg to ease py2->py3
dependencies
- Provide python-testsuite from devel subkg to ease py2->py3
dependencies
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=273
2020-02-03 19:32:19 +00:00
54c4187a2a
- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
...
off tests coliding with the combination of modern Python and
ancient OpenSSL on SLE-12.
- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
off tests coliding with the combination of modern Python and
ancient OpenSSL on SLE-12.
- libnsl is required only on more recent SLEs and openSUSE, older
glibc supported NIS on its own.
- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
off tests coliding with the combination of modern Python and
ancient OpenSSL on SLE-12.
- libnsl is required only on more recent SLEs and openSUSE, older
glibc supported NIS on its own.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=272
2020-01-28 14:39:17 +00:00
Tomáš Chvátal
0d07048924
- Add provides in gdbm subpackage to provide dbm symbols. This
...
allows us to use %%{python_module dbm} as a dependency and have
it properly resolved for both python2 and python3
- Add provides in gdbm subpackage to provide dbm symbols. This
allows us to use %%{python_module dbm} as a dependency and have
it properly resolved for both python2 and python3
- Add provides in gdbm subpackage to provide dbm symbols. This
allows us to use %%{python_module dbm} as a dependency and have
it properly resolved for both python2 and python3
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=266
2020-01-02 10:35:17 +00:00
