rpm/python
SHA256
1
0
Fork 0
forked from pool/python
Code Pull Requests Activity

Testing S12merge

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=258
This commit is contained in:
Matej Cepl 2019-11-12 14:04:49 +00:00 committed by Git OBS Bridge
parent 00800c2a14
commit 9abff58a55
6 changed files with 180 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
CVE-2017-18207.patch Normal file
View File

@ -0,0 +1,22 @@
From ae0ed14794ced2c51c822fc6f0d3ca92064619dd Mon Sep 17 00:00:00 2001
From: BT123 <abcdyzhang@163.com>
Date: Fri, 17 Nov 2017 16:45:45 +0800
Subject: [PATCH] bug in wave.py
---
Lib/wave.py | 2 ++
1 file changed, 2 insertions(+)
Index: Python-2.7.13/Lib/wave.py
===================================================================
--- Python-2.7.13.orig/Lib/wave.py 2018-06-07 17:00:25.370728844 +0000
+++ Python-2.7.13/Lib/wave.py 2018-06-07 17:02:51.768202800 +0000
@@ -272,6 +272,8 @@ class Wave_read:
self._sampwidth = (sampwidth + 7) // 8
else:
raise Error, 'unknown format: %r' % (wFormatTag,)
+ if self._nchannels == 0:
+ raise Error, "The audio file in wav format should have at least one channel!"
self._framesize = self._nchannels * self._sampwidth
self._comptype = 'NONE'
self._compname = 'not compressed'

10
macros.python2
View File

@ -1,10 +1,8 @@
# legacy macros. commented but kept for the sake of possible recovery of their values
#%py_ver %(python -c "import sys; v=sys.version_info[:2]; print '%%d.%%d'%%v" 2>/dev/null || echo PYTHON-NOT-FOUND)
#%py_prefix %(python -c "import sys; print sys.prefix" 2>/dev/null || echo PYTHON-NOT-FOUND)
#%py_libdir %{py_prefix}/%{_lib}/python%{py_ver}
#%py_incdir %{py_prefix}/include/python%{py_ver}
#%py_sitedir %{py_libdir}/site-packages
#%__python2 /usr/bin/python2
%py_prefix %(python -c "import sys; print sys.prefix" 2>/dev/null || echo PYTHON-NOT-FOUND)
%py_libdir %{py_prefix}/%{_lib}/python%{py_ver}
%py_incdir %{py_prefix}/include/python%{py_ver}
%py_sitedir %{py_libdir}/site-packages
# these might be still in use somewhere
%py_compile(O) \

273
python-base.changes
View File

@ -1,11 +1,5 @@
-------------------------------------------------------------------
Tue Nov 5 04:24:05 UTC 2019 - Steve Kowalik <steven.kowalik@suse.com>
- Add adapted-from-F00251-change-user-install-location.patch fixing
pip/distutils to install into /usr/local.
-------------------------------------------------------------------
Thu Oct 24 14:40:39 CEST 2019 - Matej Cepl <mcepl@suse.com>
Tue Nov 12 14:11:27 CET 2019 - Matej Cepl <mcepl@suse.com>
- Update to 2.7.17:
- a bug fix release in the Python 2.7.x series. It is expected
@ -17,6 +11,15 @@ Thu Oct 24 14:40:39 CEST 2019 - Matej Cepl <mcepl@suse.com>
- CVE-2019-9947-no-ctrl-char-http.patch
- CVE-2019-9948-avoid_local-file.patch
- Readjusted CVE-2017-18207.patch (for its description, see
below).
-------------------------------------------------------------------
Tue Nov 5 04:24:05 UTC 2019 - Steve Kowalik <steven.kowalik@suse.com>
- Add adapted-from-F00251-change-user-install-location.patch fixing
pip/distutils to install into /usr/local.
-------------------------------------------------------------------
Tue Oct 8 19:46:52 CEST 2019 - Matej Cepl <mcepl@suse.com>
@ -30,7 +33,14 @@ Wed Sep 25 13:25:33 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
- Add bpo36302-sort-module-sources.patch (boo#1041090)
-------------------------------------------------------------------
Fri Jul 19 13:28:16 CEST 2019 - Matej Cepl <mcepl@suse.com>
Mon Sep 16 15:57:54 CEST 2019 - Matej Cepl <mcepl@suse.com>
- Add CVE-2019-16056-email-parse-addr.patch fixing the email
module wrongly parses email addresses [bsc#1149955,
CVE-2019-16056]
-------------------------------------------------------------------
Thu Jul 25 19:31:47 CEST 2019 - Matej Cepl <mcepl@suse.com>
- boo#1141853 (CVE-2018-20852) add
CVE-2018-20852-cookie-domain-check.patch fixing
@ -39,68 +49,49 @@ Fri Jul 19 13:28:16 CEST 2019 - Matej Cepl <mcepl@suse.com>
cookies to the wrong server.
-------------------------------------------------------------------
Fri Jul 19 11:19:42 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
Wed Jul 3 21:02:00 CEST 2019 - Matej Cepl <mcepl@suse.com>
- Skip test_urllib2_localnet that randomly fails in OBS
- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch
which fixes regression introduced by the previous patch.
(CVE-2019-10160)
Upstream gh#python/cpython#13812
-------------------------------------------------------------------
Wed May 29 08:58:16 UTC 2019 - Martin Liška <mliska@suse.cz>
- Set _lto_cflags to nil as it will prevent to propage LTO
for Python modules that are built in a separate package.
-------------------------------------------------------------------
Thu May 2 08:40:33 CEST 2019 - Matej Cepl <mcepl@suse.com>
- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch
Address the issue by disallowing URL paths with embedded
whitespace or control characters through into the underlying
http client request. Such potentially malicious header
injection URLs now cause a ValueError to be raised.
-------------------------------------------------------------------
Mon Apr 8 22:40:01 CEST 2019 - Matej Cepl <mcepl@suse.com>
Tue Apr 9 00:47:11 CEST 2019 - Matej Cepl <mcepl@suse.com>
- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch
removing unnecessary (and potentially harmful) URL scheme
local-file://.
-------------------------------------------------------------------
Mon Apr 8 21:13:48 CEST 2019 - Matej Cepl <mcepl@suse.com>
Tue Apr 9 00:46:36 CEST 2019 - Matej Cepl <mcepl@suse.com>
- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
Characters in the netloc attribute that decompose under NFKC
normalization (as used by the IDNA encoding) into any of ``/``,
``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
URL is decomposed before parsing, or is not a Unicode string,
no error will be raised.
no error will be raised (CVE-2019-9636).
Upstream commits e37ef41 and 507bd8c.
-------------------------------------------------------------------
Thu Apr 4 22:28:24 CEST 2019 - Matej Cepl <mcepl@suse.com>
Fri Jan 25 16:53:50 CET 2019 - mcepl@suse.com
- Update to 2.7.16:
* bugfix-only release: complete list of changes on
https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
* Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
which are fully included in the tarball.
* Updated patches to apply cleanly:
CVE-2019-5010-null-defer-x509-cert-DOS.patch
bpo36160-init-sysconfig_vars.patch
do-not-use-non-ascii-in-test_ssl.patch
openssl-111-middlebox-compat.patch
openssl-111-ssl_options.patch
python-2.5.1-sqlite.patch
python-2.6-gettext-plurals.patch
python-2.7-dirs.patch
python-2.7.2-fix_date_time_compiler.patch
python-2.7.4-canonicalize2.patch
python-2.7.5-multilib.patch
python-2.7.9-ssl_ca_path.patch
python-bsddb6.diff
remove-static-libpython.diff
* Update python-2.7.5-multilib.patch to pass with new platlib
regime.
- bsc#1109847: add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
fixing bpo-34623.
-------------------------------------------------------------------
Fri Jan 25 16:02:21 CET 2019 - mcepl@suse.com
- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch
PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance
of PyWeakReference struct and does not intialize wr_prev and
wr_next of new isntance. These pointers can have garbage and
point to random memory locations.
Python should not crash while destroying the isntance created
in the same interpreter function. As per my understanding, both
wr_prev and wr_next of PyWeakReference instance should be
initialized to NULL to avoid segfault.
-------------------------------------------------------------------
Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com
@ -114,17 +105,6 @@ Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com
initiate or accept TLS connections using crafted certificates
to trigger this vulnerability.
-------------------------------------------------------------------
Wed Dec 19 19:29:44 UTC 2018 - Todd R <toddrme2178@gmail.com>
- Use upstream-recommended %{_rpmconfigdir}/macros.d directory
for the rpm macros.
-------------------------------------------------------------------
Fri Oct 26 10:48:44 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
- Add patch openssl-111.patch to work with openssl-1.1.1
-------------------------------------------------------------------
Tue Sep 25 22:01:08 UTC 2018 - Matěj Cepl <mcepl@suse.com>
@ -133,88 +113,65 @@ Tue Sep 25 22:01:08 UTC 2018 - Matěj Cepl <mcepl@suse.com>
distutils.spawn. [bsc#1109663, CVE-2018-1000802]
-------------------------------------------------------------------
Mon May 21 18:41:43 UTC 2018 - michael@stroeder.com
Fri Jun 29 10:24:27 UTC 2018 - mcepl@suse.com
- update to 2.7.15
* dozens of bugfixes, see NEWS for details
- removed obsolete patches:
* python-ncurses-6.0-accessors.patch
* python-fix-shebang.patch
* gcc8-miscompilation-fix.patch
- add patch from upstream:
* do-not-use-non-ascii-in-test_ssl.patch
- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent
low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS
(CVE-2018-1061). Prior to this patch mail server's timestamp was
susceptible to catastrophic backtracking on long evil response from
the server. Also, it was susceptible to catastrophic backtracking,
which was a potential DOS vector.
[bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]
-------------------------------------------------------------------
Fri Apr 6 10:11:22 UTC 2018 - mliska@suse.cz
Thu Jun 7 17:04:40 UTC 2018 - psimons@suse.com
- Add gcc8-miscompilation-fix.patch (boo#1084650).
- Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that
verifies that at least one channel is provided. Prior to this
check, attackers could cause a denial of service (divide-by-zero
error and application crash) via a crafted wav format audio file.
[bsc#1083507, CVE-2017-18207]
-------------------------------------------------------------------
Tue Feb 20 13:14:27 UTC 2018 - bwiedemann@suse.com
Tue May 29 12:42:22 UTC 2018 - mcepl@suse.com
- Add python-sorted_tar.patch (boo#1081750)
- Apply "python-sorted_tar.patch" (bsc#1086001)
sort tarfile output directory listing
-------------------------------------------------------------------
Mon Feb 5 16:01:59 UTC 2018 - normand@linux.vnet.ibm.com
Tue Mar 13 15:22:47 UTC 2018 - psimons@suse.com
- exclude test_socket & test_subprocess for PowerPC boo#1078485
(same ref as previous change)
- Apply "python-2.7.14-CVE-2017-1000158.patch" to prevent integer
overflows in PyString_DecodeEscape that could have resulted in
heap-based buffer overflow attacks and possible arbitrary code
execution. [bsc#1068664, CVE-2017-1000158]
- Apply "python-2.7.14-CVE-2018-1000030-1.patch" and
"python-2.7.14-CVE-2018-1000030-2.patch" to remedy a bug that
would crash the Python interpreter when multiple threads used the
same I/O stream concurrently. This issue is not classified as a
security vulnerability due to the fact that an attacker must be
able to run code, however in some situations -- such as function
as a service -- this vulnerability can potentially be used by an
attacker to violate a trust boundary. [bsc#1079300,
CVE-2018-1000030]
-------------------------------------------------------------------
Fri Feb 2 09:21:24 UTC 2018 - normand@linux.vnet.ibm.com
Tue Feb 28 16:16:40 UTC 2017 - jmatejek@suse.com
- Add python-skip_random_failing_tests.patch bypass boo#1078485
and exclude many tests for PowerPC
-------------------------------------------------------------------
Tue Jan 30 16:08:33 UTC 2018 - tchvatal@suse.com
- Add patch python-fix-shebang.patch to fix bsc#1078326
-------------------------------------------------------------------
Fri Dec 22 16:49:38 UTC 2017 - jmatejek@suse.com
- exclude test_regrtest for s390, where it does not segfault as it should
(fixes bsc#1073269)
- fix segfault while creating weakref - bsc#1073748, bpo#29347
(this is actually fixed by the 2.7.14 update; mentioning this for purposes
of bugfix tracking)
-------------------------------------------------------------------
Mon Nov 20 16:11:48 UTC 2017 - jmatejek@suse.com
- update to 2.7.14
* dozens of bugfixes, see NEWS for details
* fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664)
* fixed segfaults with dict mutated during search
* fixed possible free-after-use problems with buffer objects with custom indexing
* fixed urllib.splithost to correctly parse fragments (bpo-30500)
- drop upstreamed python-2.7.13-overflow_check.patch
- drop unneeded python-2.7.12-makeopcode.patch
- drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch
-------------------------------------------------------------------
Thu Nov 2 16:53:42 UTC 2017 - mpluskal@suse.com
- Call python2 instead of python in macros
-------------------------------------------------------------------
Thu Aug 17 08:58:02 CEST 2017 - kukuk@suse.de
- Add libnsl-devel build requires for glibc obsoleting libnsl
-------------------------------------------------------------------
Mon May 15 14:03:01 UTC 2017 - jmatejek@suse.com
- obsolete/provide python-argparse and provide python2-argparse,
because the argparse module is available from python 2.7 up
-------------------------------------------------------------------
Fri Feb 24 17:08:25 UTC 2017 - bwiedemann@suse.com
- Add reproducible.patch to allow reproducible builds of various
python packages like python-amqp
Upstream: https://github.com/python/cpython/pull/296
- SLE package update (bsc#1027282)
- refresh python-2.7.5-multilib.patch
- dropped upstreamed patches:
python-fix-short-dh.patch
python-2.7.7-mhlib-linkcount.patch
python-2.7-urllib2-localnet-ssl.patch
CVE-2016-0772-smtplib-starttls.patch
CVE-2016-5699-http-header-injection.patch
CVE-2016-5636-zipimporter-overflow.patch
python-2.7-httpoxy.patch
- Add python-ncurses-6.0-accessors.patch: Fix build with
NCurses 6.0 and OPAQUE_WINDOW set to 1.
(dimstar@opensuse.org)
-------------------------------------------------------------------
Tue Jan 3 16:59:24 UTC 2017 - jmatejek@suse.com
@ -224,8 +181,8 @@ Tue Jan 3 16:59:24 UTC 2017 - jmatejek@suse.com
* updated cipher lists for openssl wrapper, support openssl >= 1.1.0
* properly fix HTTPoxy (CVE-2016-1000110)
* profile-opt build now applies PGO to modules as well
- update python-2.7.10-overflow_check.patch
with python-2.7.13-overflow_check.patch, incorporating upstream changes
- add python-2.7.13-overflow_check.patch, incorporating upstream changes
(bnc#964182)
- add "-fwrapv" to optflags explicitly because upstream code still
relies on it in many places
@ -257,34 +214,40 @@ Thu Jun 30 09:23:05 UTC 2016 - jmatejek@suse.com
- modify shebang-fixing scriptlet to ignore makeopcodetargets.py
-------------------------------------------------------------------
Fri Jan 29 13:03:40 UTC 2016 - rguenther@suse.com
Fri Jun 17 12:33:23 UTC 2016 - jmatejek@suse.com
- Add python-2.7.10-overflow_check.patch to fix broken overflow checks.
[bnc#964182]
- CVE-2016-0772-smtplib-starttls.patch:
smtplib vulnerability opens startTLS stripping attack
(CVE-2016-0772, bsc#984751)
- CVE-2016-5636-zipimporter-overflow.patch:
heap overflow when importing malformed zip files
(CVE-2016-5636, bsc#985177)
- CVE-2016-5699-http-header-injection.patch:
incorrect validation of HTTP headers allow header injection
(CVE-2016-5699, bsc#985348)
- python-2.7-httpoxy.patch:
HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY
when REQUEST_METHOD is also set
(CVE-2016-1000110, bsc#989523)
-------------------------------------------------------------------
Mon Sep 14 15:04:43 UTC 2015 - jmatejek@suse.com
Mon Sep 14 13:45:03 UTC 2015 - jmatejek@suse.com
- copy strict-tls-checks subpackage from SLE to retain future compatibility
(not built in openSUSE)
- do this properly to fix bnc#945401
- exclude tsl_check files from python-base to prevent file conflict
with python-strict-tls-checks package (bnc#945401)
- update SLE check to exclude Leap which also has version 1315,
just to be sure
-------------------------------------------------------------------
Wed Sep 9 12:19:01 UTC 2015 - dimstar@opensuse.org
Mon Jun 29 08:32:44 UTC 2015 - meissner@suse.com
- Add python-ncurses-6.0-accessors.patch: Fix build with
NCurses 6.0 and OPAQUE_WINDOW set to 1.
- python-fix-short-dh.patch: Bump DH parameters to 2048 bit
to fix logjam security issue. bsc#935856
-------------------------------------------------------------------
Wed Jun 10 11:19:58 UTC 2015 - dmueller@suse.com
- add __python2 compatibility macro (used by Fedora)
-------------------------------------------------------------------
Sun May 24 14:36:37 UTC 2015 - michael@stroeder.com
- update to 2.7.10
- removed obsolete python-2.7-urllib2-localnet-ssl.patch
- add __python2 compatibility macro (used by Fedora) (fate#318838)
-------------------------------------------------------------------
Tue May 19 11:18:12 UTC 2015 - schwab@suse.de
@ -324,13 +287,21 @@ Wed Oct 22 13:30:24 UTC 2014 - dmueller@suse.com
- skip test_thread in qemu_linux_user mode
-------------------------------------------------------------------
Tue Sep 30 15:06:15 UTC 2014 - jmatejek@suse.com
Wed Oct 1 13:00:59 UTC 2014 - jmatejek@suse.com
- update to 2.7.8
* bugfix-only release, dozens of bugs fixed
* fixes CVE-2014-4650 directory traversal in CGIHTTPServer
* fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer()
- dropped upstreamed CVE-2014-4650-CGIHTTPserver-traversal.patch
- dropped upstreamed CVE-2014-7185-buffer-wraparound.patch
-------------------------------------------------------------------
Wed Oct 1 13:00:59 UTC 2014 - jmatejek@suse.com
- CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow
in buffer()
(CVE-2014-7185, bnc#898572)
-------------------------------------------------------------------
Wed Jul 23 16:48:38 UTC 2014 - jmatejek@suse.com

8
python-base.spec
View File

@ -66,13 +66,16 @@ Patch47: openssl-111-middlebox-compat.patch
# PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE
Patch48: openssl-111-ssl_options.patch
# PATCH-FIX-UPSTREAM CVE-2019-5010-null-defer-x509-cert-DOS.patch bnc#1122191 mcepl@suse.com
# https://github.com/python/cpython/pull/11569
# gh#python/cpython#11569
# Fix segfault in ssl's cert parser
Patch49: CVE-2019-5010-null-defer-x509-cert-DOS.patch
# PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 mcepl@suse.com
# Initialize sysconfig variables in test_site.
Patch50: bpo36160-init-sysconfig_vars.patch
# PATCH-FIX-UPSTREAM https://github.com/python/cpython/pull/12341
# PATCH-FIX-UPSTREAM CVE-2017-18207.patch gh#python/cpython#4437 psimons@suse.com
# Add check for channels of wav file in Lib/wave.py
Patch51: CVE-2017-18207.patch
# PATCH-FIX-UPSTREAM gh#python/cpython#12341
Patch55: bpo36302-sort-module-sources.patch
# Fix installation in /usr/local (boo#1071941), adapted from Fedora
# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch
@ -191,6 +194,7 @@ other applications.
%patch48 -p1
%patch49 -p1
%patch50 -p1
%patch51 -p1
%patch55 -p1
%patch56 -p1

15
python-doc.spec
View File

@ -66,14 +66,23 @@ Patch47: openssl-111-middlebox-compat.patch
# PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE
Patch48: openssl-111-ssl_options.patch
# PATCH-FIX-UPSTREAM CVE-2019-5010-null-defer-x509-cert-DOS.patch bnc#1122191 mcepl@suse.com
# https://github.com/python/cpython/pull/11569
# gh#python/cpython#11569
# Fix segfault in ssl's cert parser
Patch49: CVE-2019-5010-null-defer-x509-cert-DOS.patch
# PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 mcepl@suse.com
# Initialize sysconfig variables in test_site.
Patch50: bpo36160-init-sysconfig_vars.patch
# PATCH-FIX-UPSTREAM https://github.com/python/cpython/pull/12341
# PATCH-FIX-UPSTREAM CVE-2017-18207.patch gh#python/cpython#4437 psimons@suse.com
# Add check for channels of wav file in Lib/wave.py
Patch51: CVE-2017-18207.patch
# PATCH-FIX-UPSTREAM gh#python/cpython#12341
Patch55: bpo36302-sort-module-sources.patch
# Fix installation in /usr/local (boo#1071941), adapted from Fedora
# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch
# Set values of prefix and exec_prefix in distutils install command
# to /usr/local if executable is /usr/bin/python* and RPM build
# is not detected to make pip and distutils install into separate location
Patch56: adapted-from-F00251-change-user-install-location.patch
# COMMON-PATCH-END
Provides: pyth_doc
Provides: pyth_ps
@ -131,7 +140,9 @@ Python, and Macintosh Module Reference in PDF format.
%patch48 -p1
%patch49 -p1
%patch50 -p1
%patch51 -p1
%patch55 -p1
%patch56 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac

15
python.spec
View File

@ -71,14 +71,23 @@ Patch47: openssl-111-middlebox-compat.patch
# PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE
Patch48: openssl-111-ssl_options.patch
# PATCH-FIX-UPSTREAM CVE-2019-5010-null-defer-x509-cert-DOS.patch bnc#1122191 mcepl@suse.com
# https://github.com/python/cpython/pull/11569
# gh#python/cpython#11569
# Fix segfault in ssl's cert parser
Patch49: CVE-2019-5010-null-defer-x509-cert-DOS.patch
# PATCH-FIX-UPSTREAM bpo36160-init-sysconfig_vars.patch gh#python/cpython#12131 mcepl@suse.com
# Initialize sysconfig variables in test_site.
Patch50: bpo36160-init-sysconfig_vars.patch
# PATCH-FIX-UPSTREAM https://github.com/python/cpython/pull/12341
# PATCH-FIX-UPSTREAM CVE-2017-18207.patch gh#python/cpython#4437 psimons@suse.com
# Add check for channels of wav file in Lib/wave.py
Patch51: CVE-2017-18207.patch
# PATCH-FIX-UPSTREAM gh#python/cpython#12341
Patch55: bpo36302-sort-module-sources.patch
# Fix installation in /usr/local (boo#1071941), adapted from Fedora
# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch
# Set values of prefix and exec_prefix in distutils install command
# to /usr/local if executable is /usr/bin/python* and RPM build
# is not detected to make pip and distutils install into separate location
Patch56: adapted-from-F00251-change-user-install-location.patch
# COMMON-PATCH-END
BuildRequires: automake
BuildRequires: db-devel
@ -236,7 +245,9 @@ that rely on earlier non-verification behavior.
%patch48 -p1
%patch49 -p1
%patch50 -p1
%patch51 -p1
%patch55 -p1
%patch56 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac