de85457a6c
- Add patch CVE-2021-28861-double-slash-path.patch: * BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
Steve Kowalik2022-09-07 04:48:27 +00:00
d38335e738
Fix the patch to use Python 2-compatible unicode strings.
Matej Cepl2022-06-09 21:33:02 +00:00
da24c1af97
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module.
Matej Cepl2022-06-09 16:47:44 +00:00
dc8a4b385b
- Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). - Run pre_checkin.sh as well (so other than python-base changelogs are synced as well).
Matej Cepl2022-02-26 12:44:02 +00:00
9442b9b6ab
- BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation.
Matej Cepl2022-02-18 11:02:04 +00:00
a2b1f34add
- Older SLE versions should use old OpenSSL.
Matej Cepl2022-02-18 10:52:31 +00:00
68c3ceb48d
- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146, bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib not trust the PASV response.
Matej Cepl2022-02-06 07:47:48 +00:00
971ad33422
- Remove upstreamed patches: - CVE-2019-18348-CRLF_injection_via_host_part.patch - python-2.7.14-CVE-2017-1000158.patch - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch - CVE-2018-1061-DOS-via-regexp-difflib.patch - CVE-2019-10160-netloc-port-regression.patch - CVE-2019-16056-email-parse-addr.patch - Fixes a ReDoS vulnerability in http.cookiejar. Patch by Ben Caller. - Fixed possible leak in PyArg_Parse and similar PY_SSIZE_T_CLEAN is not defined.
Matej Cepl2021-10-08 20:45:22 +00:00
97f5f8e975
- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).
Matej Cepl2021-10-04 21:15:18 +00:00
793c3bb790
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch. - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). - Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211 (CVE-2020-26116, bpo#39603) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Such characters now raise ValueError. - bsc#1155094 (CVE-2019-18348) Disallow control characters in hostnames in http.client. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - bsc#1109847 (CVE-2018-14647): add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo-34623. fixing bpo-35746 (CVE-2019-5010).
Matej Cepl2021-09-25 21:16:13 +00:00
de8c3896ee
Accepting request 914418 from home:fusionfuture:branches:devel:languages:python:Factory
Matej Cepl2021-08-26 21:32:53 +00:00
e77cbb0e48
Accepting request 913777 from home:fusionfuture:branches:devel:languages:python:Factory
Matej Cepl2021-08-26 06:56:34 +00:00
65ab37fec4
Accepting request 911255 from devel:languages:python:Factory
Richard Brown
2021-08-18 06:55:20 +00:00
8a27bf7896
Accepting request 911251 from home:fusionfuture:branches:devel:languages:python:Factory
Matej Cepl2021-08-10 12:55:29 +00:00
3cfc9f2646
Accepting request 911127 from home:fusionfuture:branches:devel:languages:python:Factory
Matej Cepl2021-08-10 04:45:07 +00:00
9e4124b4d3
Accepting request 875546 from devel:languages:python:Factory
Richard Brown
2021-03-05 12:44:35 +00:00
767f0ce31a
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336).
Matej Cepl2021-02-26 22:02:43 +00:00
c021ec3bc1
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution.
Matej Cepl2021-01-31 18:01:03 +00:00
d32abf9b40
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
Matej Cepl2020-04-27 07:04:57 +00:00
00983cacd3
- Update to 2.7.18, final release of Python 2. Ever.: - Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. - Fixes a ReDoS vulnerability in :mod:http.cookiejar. Patch by Ben Caller. - Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host. - Fix problems identified by GCC's -Wstringop-truncation warning. - AddRefActCtx() was needlessly being checked for failure in PC/dl_nt.c. - Prevent failure of test_relative_path in test_py_compile on macOS Catalina. - Fixed possible leak in :c:func:PyArg_Parse and similar functions for format units "es#" and "et#" when the macro :c:macro:PY_SSIZE_T_CLEAN is not defined.
Matej Cepl2020-04-23 09:28:38 +00:00
4617f57e14
- Change to Requires: libpython%{so_version} == %{version}-%{release} to python-base to keep both packages always synchronized (add %{so_version}) (bsc#1162224).
Matej Cepl2020-02-08 22:22:43 +00:00
57a2c463f0
- Change to Requires: libpython%{so_version} == %{version}-%{release} to python-base to keep both packages always synchronized (add %{so_version}) (bsc#1162224).
Matej Cepl2020-02-08 21:33:28 +00:00
c010d2e825
- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug "Python urrlib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)" (bsc#1162367)
Matej Cepl2020-02-06 22:15:44 +00:00
669bddb90e
- Provide python-testsuite from devel subkg to ease py2->py3 dependencies
Tomáš Chvátal
2020-02-03 19:32:19 +00:00
54c4187a2a
- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch off tests coliding with the combination of modern Python and ancient OpenSSL on SLE-12.
Matej Cepl2020-01-28 14:39:17 +00:00
0601b7f8eb
Update from application of this repo to SLE-12
Matej Cepl2020-01-19 19:12:15 +00:00
0d07048924
- Add provides in gdbm subpackage to provide dbm symbols. This allows us to use %%{python_module dbm} as a dependency and have it properly resolved for both python2 and python3
Tomáš Chvátal
2020-01-02 10:35:17 +00:00
Steve Kowalik
Dominique Leuenberger
Matej Cepl
Richard Brown
Tomáš Chvátal