e4a0f3dd73
Fix libnsl-devel condition per review request.
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=358
2023-05-24 18:46:49 +00:00
74c4b15a95
Accepting request 1085043 from home:dimstar:Factory
...
- Add _multibuild to define 2nd spec file as additional flavor.
Eliminates the need for source package links in OBS.
OBS-URL: https://build.opensuse.org/request/show/1085043
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=356
2023-05-05 13:32:20 +00:00
f552945ee9
- Why in the world we download from HTTP?
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=355
2023-04-30 18:18:35 +00:00
b5b8f18a14
Run pre_checkin.sh
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=353
2023-03-29 11:48:36 +00:00
d52e9cd8c4
- Enable --with-system-ffi for non-standard architectures.
...
- SLE-12 builds nis.so as well.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=352
2023-03-29 10:23:12 +00:00
7e0f3cb088
- Enable --with-system-ffi for non-standard architectures.
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=350
2023-03-08 21:18:31 +00:00
97104e51ec
- SLE-12 builds nis.so as well.
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=348
2023-03-06 15:35:17 +00:00
735f57103b
SLE-12 builds nis.so as well.
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=347
2023-03-06 14:44:35 +00:00
b60b8e8937
Create isascii() shim for missing str.isascii().
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=345
2023-03-02 15:36:10 +00:00
9f86e564da
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
...
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=344
2023-03-01 22:01:21 +00:00
c21db0430f
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
...
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=343
2023-03-01 22:00:56 +00:00
ea48fe2e7a
Accepting request 1061583 from home:kukuk:branches:devel:languages:python:Factory
...
- Disable NIS for new products, it's deprecated and gets removed
- Disable NIS for new products, it's deprecated and gets removed
OBS-URL: https://build.opensuse.org/request/show/1061583
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=341
2023-01-27 16:14:53 +00:00
2a9d6402e8
- Add skip_unverified_test.patch because apparently switching off
...
SSL verification doesn't work on older SLE.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=339
2023-01-19 08:45:16 +00:00
6a9d569c25
- Restore python-2.7.9-sles-disable-verification-by-default.patch
...
for SLE-12.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=337
2022-11-22 20:56:11 +00:00
615a636d68
Adjust Patches
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=335
2022-11-10 14:35:05 +00:00
3f9f4e7cb7
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
...
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=334
2022-11-09 19:07:01 +00:00
eb3f10bd75
Accepting request 1003076 from home:bmwiedemann:branches:devel:languages:python:Factory
...
- Add bpo34990-2038-problem-compileall.patch making compileall.py
compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
backport of fix to Python 2.7.
OBS-URL: https://build.opensuse.org/request/show/1003076
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=332
2022-09-15 07:46:07 +00:00
Steve Kowalik
de85457a6c
- Add patch CVE-2021-28861-double-slash-path.patch:
...
* BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=330
2022-09-07 04:48:27 +00:00
9a59733bbe
Fix the patch
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=328
2022-06-09 22:53:53 +00:00
d38335e738
Fix the patch to use Python 2-compatible unicode strings.
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=327
2022-06-09 21:33:02 +00:00
da24c1af97
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
...
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=326
2022-06-09 16:47:44 +00:00
cadbcd01cd
Accepting request 978856 from home:marxin:branches:devel:languages:python:Factory
...
- Filter out executable-stack error that is triggered for i586
target.
OBS-URL: https://build.opensuse.org/request/show/978856
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=324
2022-05-24 08:29:21 +00:00
3edb04a7cd
Accepting request 962755 from home:msmeissn:branches:devel:languages:python:Factory
...
- python-2.7.9-sles-disable-verification-by-default.patch: remove
as it by default now always does strict enforcement anyway and it
is 2022.
OBS-URL: https://build.opensuse.org/request/show/962755
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=322
2022-03-18 17:01:12 +00:00
2dad11ae4d
- Recover again proper value of %python2_package_prefix
...
(bsc#1175619).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=320
2022-03-02 00:59:44 +00:00
f6d8c1bb6a
Fix changelogs
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=319
2022-02-26 20:11:49 +00:00
dc8a4b385b
- Update bundled pip wheel to the latest SLE version patched
...
against bsc#1186819 (CVE-2021-3572).
- Run pre_checkin.sh as well (so other than python-base
changelogs are synced as well).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=318
2022-02-26 12:44:02 +00:00
9442b9b6ab
- BuildRequire rpm-build-python: The provider to inject python(abi)
...
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=317
2022-02-18 11:02:04 +00:00
a2b1f34add
- Older SLE versions should use old OpenSSL.
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=316
2022-02-18 10:52:31 +00:00
5c19a933c4
Actually be py2k compatible
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=314
2022-02-09 17:44:12 +00:00
510e372768
Forgot to run pre_checkin.sh
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=313
2022-02-09 16:55:07 +00:00
e29abdcb89
- Add CVE-2022-0391-urllib_parse-newline-parsing.patch
...
(bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs
containing ASCII newline and tabs in urlparse.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=312
2022-02-09 16:52:05 +00:00
430843dcc5
Add What's New entry.
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=311
2022-02-06 08:01:12 +00:00
68c3ceb48d
- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,
...
bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib
not trust the PASV response.
- build against openssl 1.1.x (incompatible with openssl 3.0x)
for now.
- on sle12, python2 modules will still be called python-xxxx until EOL,
for newer SLE versions they will be python2-xxxx
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=310
2022-02-06 07:47:48 +00:00
556d0713a6
Accepting request 936021 from home:dirkmueller:Factory
...
- build against openssl 1.1.x (incompatible with openssl 3.0x) for now
OBS-URL: https://build.opensuse.org/request/show/936021
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=309
2021-12-06 15:16:14 +00:00
b580dedff6
Accepting request 928691 from home:msmeissn:branches:devel:languages:python:Factory
...
- on sle12, python2 modules will still be called python-xxxx until EOL,
for newer SLE versions they will be python2-xxxx
OBS-URL: https://build.opensuse.org/request/show/928691
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=308
2021-11-02 19:29:32 +00:00
a1e48140c5
Accepting request 925378 from home:dimstar:Factory
...
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
OBS-URL: https://build.opensuse.org/request/show/925378
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=307
2021-10-15 13:31:18 +00:00
971ad33422
- Remove upstreamed patches:
...
- CVE-2019-18348-CRLF_injection_via_host_part.patch
- python-2.7.14-CVE-2017-1000158.patch
- CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
- CVE-2018-1061-DOS-via-regexp-difflib.patch
- CVE-2019-10160-netloc-port-regression.patch
- CVE-2019-16056-email-parse-addr.patch
- Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
Caller.
- Fixed possible leak in `PyArg_Parse` and similar
`PY_SSIZE_T_CLEAN` is not defined.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=306
2021-10-08 20:45:22 +00:00
97f5f8e975
- Modify Lib/ensurepip/__init__.py to contain the same version
...
numbers as are in reality the ones in the bundled wheels
(bsc#1187668).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=305
2021-10-04 21:15:18 +00:00
793c3bb790
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
...
(CVE-2019-20907, bpo#39017) avoiding possible infinite loop
in specifically crafted tarball.
Add recursion.tar as a testing tarball for the patch.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
(CVE-2020-26116, bpo#39603) no longer allowing special characters in
the method parameter of HTTPConnection.putrequest in httplib, stopping
injection of headers. Such characters now raise ValueError.
- bsc#1155094 (CVE-2019-18348) Disallow control characters in
hostnames in http.client. Such potentially malicious header
injection URLs now cause a InvalidURL to be raised.
- bsc#1109847 (CVE-2018-14647): add
CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
bpo-34623.
fixing bpo-35746 (CVE-2019-5010).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=304
2021-09-25 21:16:13 +00:00
7919fc45c1
Run pre_checkin.sh
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=303
2021-09-17 19:43:07 +00:00
40fb7b0f61
Add CVE-2019-18348 to changes
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=302
2021-09-17 19:42:42 +00:00
eab39a1bee
Fix python-doc.spec
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=301
2021-09-17 19:41:23 +00:00
af50cf637c
Add CVE-2019-18348 to changes
...
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=300
2021-09-17 19:38:46 +00:00
de8c3896ee
Accepting request 914418 from home:fusionfuture:branches:devel:languages:python:Factory
...
- Renamed patch for assigned CVE:
* bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
(boo#1189241, CVE-2021-3737)
OBS-URL: https://build.opensuse.org/request/show/914418
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=299
2021-08-26 21:32:53 +00:00
e77cbb0e48
Accepting request 913777 from home:fusionfuture:branches:devel:languages:python:Factory
...
- Renamed patch for assigned CVE:
* bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
(boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
* sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
OBS-URL: https://build.opensuse.org/request/show/913777
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=298
2021-08-26 06:56:34 +00:00
8a27bf7896
Accepting request 911251 from home:fusionfuture:branches:devel:languages:python:Factory
...
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
request (bpo#43075, boo#1189287).
- Add missing security announcement to
bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
old: devel:languages:python:Factory/python
new: home:fusionfuture:branches:devel:languages:python:Factory/python rev None
Index: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
===================================================================
--- bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (revision 296)
+++ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (revision 3)
@@ -19,3 +19,8 @@
self.status = status
self.reason = reason.strip()
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2021-05-05-17-37-04.bpo-44022.bS3XJ9.rst
+@@ -0,0 +1,2 @@
++mod:`http.client` now avoids infinitely reading potential HTTP headers after a
++``100 Continue`` status response from the server.
Index: python-base.changes
===================================================================
--- python-base.changes (revision 296)
+++ python-base.changes (revision 3)
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
+
+- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
+ request (bpo#43075, boo#1189287).
+- Add missing security announcement to
+ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
+
+-------------------------------------------------------------------
Mon Aug 9 15:16:15 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
Index: python-base.spec
===================================================================
--- python-base.spec (revision 296)
+++ python-base.spec (revision 3)
@@ -105,6 +105,8 @@
Patch62: CVE-2021-23336-only-amp-as-query-sep.patch
# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
Patch63: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
+Patch64: bpo43075-fix-ReDoS-in-request.patch
# COMMON-PATCH-END
%define python_version %(echo %{tarversion} | head -c 3)
BuildRequires: automake
@@ -233,6 +235,7 @@
%patch61 -p1
%patch62 -p1
%patch63 -p1
+%patch64 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
Index: python-doc.changes
===================================================================
--- python-doc.changes (revision 296)
+++ python-doc.changes (revision 3)
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
+
+- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
+ request (bpo#43075, boo#1189287).
+- Add missing security announcement to
+ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
+
+-------------------------------------------------------------------
Mon Aug 9 15:16:15 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
Index: python-doc.spec
===================================================================
--- python-doc.spec (revision 296)
+++ python-doc.spec (revision 3)
@@ -107,6 +107,8 @@
Patch62: CVE-2021-23336-only-amp-as-query-sep.patch
# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
Patch63: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
+Patch64: bpo43075-fix-ReDoS-in-request.patch
# COMMON-PATCH-END
Provides: pyth_doc
Provides: pyth_ps
@@ -177,6 +179,7 @@
%patch61 -p1
%patch62 -p1
%patch63 -p1
+%patch64 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
Index: python.changes
===================================================================
--- python.changes (revision 296)
+++ python.changes (revision 3)
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
+
+- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
+ request (bpo#43075, boo#1189287).
+- Add missing security announcement to
+ bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
+
+-------------------------------------------------------------------
Mon Aug 9 15:16:15 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
Index: python.spec
===================================================================
--- python.spec (revision 296)
+++ python.spec (revision 3)
@@ -107,6 +107,8 @@
Patch62: CVE-2021-23336-only-amp-as-query-sep.patch
# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
Patch63: bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+# PATCH-FIX-UPSTREAM bpo43075-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
+Patch64: bpo43075-fix-ReDoS-in-request.patch
# COMMON-PATCH-END
BuildRequires: automake
BuildRequires: db-devel
@@ -291,6 +293,7 @@
%patch61 -p1
%patch62 -p1
%patch63 -p1
+%patch64 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
Index: bpo43075-fix-ReDoS-in-request.patch
===================================================================
--- bpo43075-fix-ReDoS-in-request.patch (added)
+++ bpo43075-fix-ReDoS-in-request.patch (revision 3)
@@ -0,0 +1,15 @@
+--- a/Lib/urllib2.py
++++ b/Lib/urllib2.py
+@@ -856,7 +856,7 @@ class AbstractBasicAuthHandler:
+
+ # allow for double- and single-quoted realm values
+ # (single quotes are a violation of the RFC, but appear in the wild)
+- rx = re.compile('(?:[^,]*,)*[ \t]*([^ \t]+)[ \t]+'
++ rx = re.compile('(?:[^,]*,)*[ \t]*([^ \t,]+)[ \t]+'
+ 'realm=(["\']?)([^"\']*)\\2', re.I)
+
+ # XXX could pre-emptively send auth info already accepted (RFC 2617,
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2021-01-31-05-28-14.bpo-43075.DoAXqO.rst
+@@ -0,0 +1 @@
++Fix Regular Expression Denial of Service (ReDoS) vulnerability in :class:`urllib.request.AbstractBasicAuthHandler`. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.
OBS-URL: https://build.opensuse.org/request/show/911251
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=297
2021-08-10 12:55:29 +00:00
3cfc9f2646
Accepting request 911127 from home:fusionfuture:branches:devel:languages:python:Factory
...
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
which fixes http client infinite line reading (DoS) after a http
100 (bpo#44022, boo#1189241).
OBS-URL: https://build.opensuse.org/request/show/911127
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=296
2021-08-10 04:45:07 +00:00
767f0ce31a
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
...
use of semicolon as a query string separator (bpo#42967,
bsc#1182379, CVE-2021-23336).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=294
2021-02-26 22:02:43 +00:00
c021ec3bc1
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
...
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=292
2021-01-31 18:01:03 +00:00
a349f4646b
- (bsc#1180125) We really don't Require python-rpm-macros package.
...
Unnecessary dependency.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=290
2021-01-05 09:19:30 +00:00
