rpm/python
SHA256
1
0
Fork 0
forked from pool/python
Code Pull Requests Activity

- Update to 2.7.18, final release of Python 2. Ever.:

Browse Source 
- Newline characters have been escaped when performing uu
    encoding to prevent them from overflowing into to content
    section of the encoded file. This prevents malicious or
    accidental modification of data during the decoding process.
  - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch
    by Ben Caller.
  - Fixed line numbers and column offsets for AST nodes for calls
    without arguments in decorators.
  - Disallow control characters in hostnames in http.client,
    addressing CVE-2019-18348. Such potentially malicious header
    injection URLs now cause a InvalidURL to be raised.
  - Fix urllib.urlretrieve failing on subsequent ftp transfers
    from the same host.
  - Fix problems identified by GCC's -Wstringop-truncation
    warning.
  - AddRefActCtx() was needlessly being checked for failure in
    PC/dl_nt.c.
  - Prevent failure of test_relative_path in test_py_compile on
    macOS Catalina.
  - Fixed possible leak in :c:func:`PyArg_Parse` and similar
    functions for format units "es#" and "et#" when the macro
    :c:macro:`PY_SSIZE_T_CLEAN` is not defined.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=281
This commit is contained in:
Matej Cepl
2020-04-23 09:28:38 +00:00
committed by Git OBS Bridge
parent 4269d11262
commit 00983cacd3
14 changed files with 123 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
python-base.changes
View File

@@ -1,3 +1,30 @@
-------------------------------------------------------------------
Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl <mcepl@suse.com>
- Update to 2.7.18, final release of Python 2. Ever.:
- Newline characters have been escaped when performing uu
encoding to prevent them from overflowing into to content
section of the encoded file. This prevents malicious or
accidental modification of data during the decoding process.
- Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch
by Ben Caller.
- Fixed line numbers and column offsets for AST nodes for calls
without arguments in decorators.
- Disallow control characters in hostnames in http.client,
addressing CVE-2019-18348. Such potentially malicious header
injection URLs now cause a InvalidURL to be raised.
- Fix urllib.urlretrieve failing on subsequent ftp transfers
from the same host.
- Fix problems identified by GCC's -Wstringop-truncation
warning.
- AddRefActCtx() was needlessly being checked for failure in
PC/dl_nt.c.
- Prevent failure of test_relative_path in test_py_compile on
macOS Catalina.
- Fixed possible leak in :c:func:`PyArg_Parse` and similar
functions for format units "es#" and "et#" when the macro
:c:macro:`PY_SSIZE_T_CLEAN` is not defined.
-------------------------------------------------------------------
Sat Feb 8 23:29:28 CET 2020 - Matej Cepl <mcepl@suse.com>