SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python-base-2.7.13-27.15.4.i586.rpm :
Tue Sep 25 14:00:00 2018 mceplAATTsuse.com
- Apply \"CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch\" which
converts shutil._call_external_zip to use subprocess rather than
distutils.spawn. [bsc#1109663, CVE-2018-1000802]

Fri Jun 29 14:00:00 2018 mceplAATTsuse.com
- Apply \"CVE-2018-1061-DOS-via-regexp-difflib.patch\" to prevent
low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS
(CVE-2018-1061). Prior to this patch mail server\'s timestamp was
susceptible to catastrophic backtracking on long evil response from
the server. Also, it was susceptible to catastrophic backtracking,
which was a potential DOS vector.
[bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]

Thu Jun 7 14:00:00 2018 psimonsAATTsuse.com
- Apply \"CVE-2017-18207.patch\" to add a check to Lib/wave.py that
verifies that at least one channel is provided. Prior to this
check, attackers could cause a denial of service (divide-by-zero
error and application crash) via a crafted wav format audio file.
[bsc#1083507, CVE-2017-18207]

Tue May 29 14:00:00 2018 mceplAATTsuse.com
- Apply \"python-sorted_tar.patch\" (bsc#1086001)
sort tarfile output directory listing

Tue Mar 13 13:00:00 2018 psimonsAATTsuse.com
- Apply \"python-2.7.14-CVE-2017-1000158.patch\" to prevent integer
overflows in PyString_DecodeEscape that could have resulted in
heap-based buffer overflow attacks and possible arbitrary code
execution. [bsc#1068664, CVE-2017-1000158]
- Apply \"python-2.7.14-CVE-2018-1000030-1.patch\" and
\"python-2.7.14-CVE-2018-1000030-2.patch\" to remedy a bug that
would crash the Python interpreter when multiple threads used the
same I/O stream concurrently. This issue is not classified as a
security vulnerability due to the fact that an attacker must be
able to run code, however in some situations -- such as function
as a service -- this vulnerability can potentially be used by an
attacker to violate a trust boundary. [bsc#1079300,
CVE-2018-1000030]

Tue Feb 28 13:00:00 2017 jmatejekAATTsuse.com
- SLE package update (bsc#1027282)
- refresh python-2.7.5-multilib.patch
- dropped upstreamed patches:
python-fix-short-dh.patch
python-2.7.7-mhlib-linkcount.patch
python-2.7-urllib2-localnet-ssl.patch
CVE-2016-0772-smtplib-starttls.patch
CVE-2016-5699-http-header-injection.patch
CVE-2016-5636-zipimporter-overflow.patch
python-2.7-httpoxy.patch
- Add python-ncurses-6.0-accessors.patch: Fix build with
NCurses 6.0 and OPAQUE_WINDOW set to 1.
(dimstarAATTopensuse.org)

Tue Jan 3 13:00:00 2017 jmatejekAATTsuse.com
- update to 2.7.13

* dozens of bugfixes, see NEWS for details

* updated cipher lists for openssl wrapper, support openssl >= 1.1.0

* properly fix HTTPoxy (CVE-2016-1000110)

* profile-opt build now applies PGO to modules as well
- add python-2.7.13-overflow_check.patch, incorporating upstream changes
(bnc#964182)
- add \"-fwrapv\" to optflags explicitly because upstream code still
relies on it in many places

Fri Dec 2 13:00:00 2016 jmatejekAATTsuse.com
- provide python2-
* symbols, for support of new packages built as
python2-foo
- rename macros.python to macros.python2 accordingly
- require python-rpm-macros package, drop macro definitions from
macros.python2

Thu Jun 30 14:00:00 2016 jmatejekAATTsuse.com
- update to 2.7.12

* dozens of bugfixes, see NEWS for details

* fixes multiple security issues:
CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751)
CVE-2016-5636 zipimporter heap overflow (bsc#985177)
CVE-2016-5699 httplib header injection (bsc#985348)
(this one is actually fixed since 2.7.10)
- removed upstreamed python-2.7.7-mhlib-linkcount.patch
- refreshed multilib patch
- python-2.7.12-makeopcode.patch - run newly-built python interpreter
to make opcodes, in order not to require pre-built python
- update LD_LIBRARY_PATH to use $PWD instead of \".\" because the test
process escapes to its own directory
- modify shebang-fixing scriptlet to ignore makeopcodetargets.py

Fri Jun 17 14:00:00 2016 jmatejekAATTsuse.com
- CVE-2016-0772-smtplib-starttls.patch:
smtplib vulnerability opens startTLS stripping attack
(CVE-2016-0772, bsc#984751)
- CVE-2016-5636-zipimporter-overflow.patch:
heap overflow when importing malformed zip files
(CVE-2016-5636, bsc#985177)
- CVE-2016-5699-http-header-injection.patch:
incorrect validation of HTTP headers allow header injection
(CVE-2016-5699, bsc#985348)
- python-2.7-httpoxy.patch:
HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY
when REQUEST_METHOD is also set
(CVE-2016-1000110, bsc#989523)

Mon Sep 14 14:00:00 2015 jmatejekAATTsuse.com
- exclude tsl_check files from python-base to prevent file conflict
with python-strict-tls-checks package (bnc#945401)
- update SLE check to exclude Leap which also has version 1315,
just to be sure

Mon Jun 29 14:00:00 2015 meissnerAATTsuse.com
- python-fix-short-dh.patch: Bump DH parameters to 2048 bit
to fix logjam security issue. bsc#935856

Wed Jun 10 14:00:00 2015 dmuellerAATTsuse.com
- add __python2 compatibility macro (used by Fedora) (fate#318838)

Tue May 19 14:00:00 2015 schwabAATTsuse.de
- Reenable test_posix on aarch64

Sun Dec 21 13:00:00 2014 schwabAATTsuse.de
- python-2.7.4-aarch64.patch: Remove obsolete patch
- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for
aarch64

Fri Dec 12 13:00:00 2014 jmatejekAATTsuse.com
- update to 2.7.9

* contains full backport of ssl module from Python 3.4 (PEP466)

* HTTPS certificate validation enabled by default (PEP476)

* SSLv3 disabled by default (bnc#901715)

* backported ensurepip module (PEP477)

* fixes several missing CVEs from last release: CVE-2013-1752,
CVE-2013-1753

* dozens of minor bugfixes
- dropped upstreamed patches: python-2.7.6-poplib.patch,
smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch
- dropped patch python-2.7.3-ssl_ca_path.patch because we don\'t need it
with ssl module from Python 3
- libffi was upgraded upstream, seems to contain our changes,
so dropping libffi-ppc64le.diff as well
- python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional
\"import ssl\" from test_urllib2_localnet that caused it to fail without ssl

Wed Oct 22 14:00:00 2014 dmuellerAATTsuse.com
- skip test_thread in qemu_linux_user mode

Wed Oct 1 14:00:00 2014 jmatejekAATTsuse.com
- update to 2.7.8

* bugfix-only release, dozens of bugs fixed

* fixes CVE-2014-4650 directory traversal in CGIHTTPServer

* fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer()
- dropped upstreamed CVE-2014-4650-CGIHTTPserver-traversal.patch
- dropped upstreamed CVE-2014-7185-buffer-wraparound.patch

Wed Oct 1 14:00:00 2014 jmatejekAATTsuse.com
- CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow
in buffer()
(CVE-2014-7185, bnc#898572)

Wed Jul 23 14:00:00 2014 jmatejekAATTsuse.com
- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file
disclosure and directory traversal through URL-encoded characters
(CVE-2014-4650, bnc#885882)
- python-2.7.7-mhlib-linkcount.patch: remove link count optimizations
that are incorrect on btrfs (and possibly other filesystems)

Fri Jun 20 14:00:00 2014 jmatejekAATTsuse.com
- update to 2.7.7

* bugfix-only release, over a hundred bugs fixed

* backported hmac.compare_digest from python3, first step of PEP 466
- drop upstreamed patches:

* CVE-2014-1912-recvfrom_into.patch

* python-2.7.4-no-REUSEPORT.patch

* python-2.7.6-bdist-rpm.patch

* python-2.7.6-imaplib.patch

* python-2.7.6-sqlite-3.8.4-tests.patch
- refresh patches:

* python-2.7.3-ssl_ca_path.patch

* python-2.7.4-canonicalize2.patch

* xmlrpc_gzip_27.patch
- added python keyring and signature for the main tarball

Sat Mar 15 13:00:00 2014 schwabAATTsuse.de
- Use profile-opt only when profiling is enabled
- python-2.7.2-disable-tests-in-test_io.patch: removed, no longer needed
- update testsuite exclusion list:

* test_signal and test_posix fail due to qemu bugs

Fri Mar 14 13:00:00 2014 andreas.stiegerAATTgmx.de
- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests,
adding python-2.7.6-sqlite-3.8.4-tests.patch

Mon Feb 10 13:00:00 2014 jmatejekAATTsuse.com
- added patches for CVE-2013-1752 (bnc#856836) issues that are
missing in 2.7.6:
python-2.7.6-imaplib.patch
python-2.7.6-poplib.patch
smtplib_maxline-2.7.patch
- CVE-2013-1753 (bnc#856835) gzip decompression bomb in xmlrpc client:
xmlrpc_gzip_27.patch
- python-2.7.6-bdist-rpm.patch: fix broken \"setup.py bdist_rpm\" command
(bnc#857470, issue18045)
- multilib patch: add \"~/.local/lib64\" paths to search path
(bnc#637176)
- CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow
in socket.recvfrom_into (CVE-2014-1912, bnc#863741)

Tue Dec 10 13:00:00 2013 uweigandAATTde.ibm.com
- Add Obsoletes/Provides for python-ctypes.

Sat Dec 7 13:00:00 2013 matzAATTsuse.de
- Ignore uuid testcase in the testsuite, it relies on unreliable
ifconfig output.

Tue Dec 3 13:00:00 2013 mlsAATTsuse.de
- adapt python-2.7.5-multilib.patch for ppc64le

Tue Dec 3 13:00:00 2013 dvaleevAATTsuse.com
- adjust %files for ppc64le

Tue Dec 3 13:00:00 2013 matzAATTsuse.de
- Support for ppc64le in _ctypes libffi copy.
- added patches:

* libffi-ppc64le.diff

Tue Dec 3 13:00:00 2013 adrianAATTsuse.de
- add ppc64le rules
- avoid errors from source-validator

Thu Nov 21 13:00:00 2013 jmatejekAATTsuse.com
- update to 2.7.6

* bugfix-only release

* SSL-related fixes

* upstream fix for CVE-2013-4238

* upstream fixes for CVE-2013-1752
- removed upstreamed patch CVE-2013-4238_py27.patch
- reintroduce audioop.so as the problems with it seem to be fixed
(bnc#831442)

Thu Oct 10 14:00:00 2013 dmuellerAATTsuse.com
- exclude test_mmap under qemu_linux_user - emulation fails here
as the tests mmap address conflicts with qemu

Tue Jul 9 14:00:00 2013 jengelhAATTinai.de
- Add python-bsddb6.diff to support building against libdb-6.0

Sat Jul 6 14:00:00 2013 cooloAATTsuse.com
- have python-devel require python:
http://lists.opensuse.org/opensuse-factory/2013-06/msg00622.html

Sun Jun 30 14:00:00 2013 schwabAATTsuse.de
- Disable test_multiprocessing in QEmu build

Wed Jun 5 14:00:00 2013 schwabAATTsuse.de
- Disable test_asyncore in QEmu build
- Reenable testsuite on arm

Thu May 30 14:00:00 2013 jmatejekAATTsuse.com
- python-2.7.4-aarch64.patch: add missing bits of aarch64 support
- python-2.7.4-no-REUSEPORT.patch: disable test of
missing kernel functionality
- drop unnecessary patch: python-2.7.1-distutils_test_path.patch
- switch to xz archive

Tue May 28 14:00:00 2013 speilickeAATTsuse.com
- Update to version 2.7.5:
+ bugfix-only release
+ fixes several important regressions introduced in 2.7.4
+ Issue #15535: Fixed regression in the pickling of named tuples by
removing the __dict__ property introduced in 2.7.4.
+ Issue #17857: Prevent build failures with pre-3.5.0 versions of sqlite3,
such as was shipped with Centos 5 and Mac OS X 10.4.
+ Issue #17703: Fix a regression where an illegal use of Py_DECREF() after
interpreter finalization can cause a crash.
+ Issue #16447: Fixed potential segmentation fault when setting __name__ on a
class.
+ Issue #17610: Don\'t rely on non-standard behavior of the C qsort() function. 12
See http://hg.python.org/cpython/file/ab05e7dd2788/Misc/NEWS for more
- Drop upstreamed patches:
+ python-2.7.3-fix-dbm-64bit-bigendian.patch
+ python-test_structmembers.patch
- Rebased other patches

Mon May 13 14:00:00 2013 dmuellerAATTsuse.com
- add aarch64 to the list of 64-bit platforms

Thu May 9 14:00:00 2013 jmatejekAATTsuse.com
- update to 2.7.4

* bugfix-only release
- drop upstreamed patches:
pypirc-secure.diff
python-2.7.3-multiprocessing-join.patch
ctypes-libffi-aarch64.patch
- drop python-2.7rc2-configure.patch as it doesn\'t seem necessary anymore

Fri Apr 5 14:00:00 2013 idonmezAATTsuse.com
- Add Source URL, see https://en.opensuse.org/SourceUrls

Wed Feb 27 13:00:00 2013 schwabAATTsuse.de
- Add aarch64 to the list of lib64 platforms

Sat Feb 9 13:00:00 2013 schwabAATTsuse.de
- Add ctypes-libffi-aarch64.patch: import aarch64 support for libffi in
_ctypes module

Fri Feb 8 13:00:00 2013 jmatejekAATTsuse.com
- multiprocessing: thread joining itself (bnc#747794)
- gettext: fix cases where no bundle is found (bnc#794139)

Thu Oct 25 14:00:00 2012 cooloAATTsuse.com
- add explicit buildrequire on libbz2-devel

Mon Oct 15 14:00:00 2012 cooloAATTsuse.com
- buildrequire explicitly netcfg for the test suite

Mon Oct 8 14:00:00 2012 jmatejekAATTsuse.com
- remove distutils.cfg (bnc#658604)

* this changes default prefix for distutils to /usr

* see ML for details:
http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html

Fri Aug 3 14:00:00 2012 dimstarAATTopensuse.org
- Add python-bundle-lang.patch: gettext: If bindtextdomain is
instructed to look in the default location of translations, we
check additionally in locale-bundle. Fixes issues like bnc#617751

Tue Jul 31 14:00:00 2012 jmatejekAATTsuse.com
- all subpackages require python-base=%{version}-%{release} explicitly
(fixes bnc#766778 bug and similar that might arise in the future)

Tue Jun 26 14:00:00 2012 dvaleevAATTsuse.com
- Fix failing test_dbm on ppc64

Thu May 17 14:00:00 2012 jfunkAATTfunktronics.ca
- Support directory-based certificate stores with the ca_certs parameter of SSL
functions [bnc#761501]

Sat Apr 14 14:00:00 2012 dmuellerAATTsuse.com
- update to 2.7.3:

* no change
- remove static libpython.a from build to avoid packages
linking it statically

Wed Mar 28 14:00:00 2012 jmatejekAATTsuse.com
- update to 2.7.3rc2

* fixes several security issues:

* CVE-2012-0845, bnc#747125

* CVE-2012-1150, bnc#751718

* CVE-2011-4944, bnc#754447

* CVE-2011-3389
- fix for insecure .pypirc (CVE-2011-4944, bnc#754447)
!!important!!
- disabled test_unicode which segfaults on 64bits.
this should not happen, revisit in next RC!
!!important!!

Thu Feb 16 13:00:00 2012 dvaleevAATTsuse.com
- skip broken test_io test on ppc

Mon Dec 12 13:00:00 2011 toddrme2178AATTgmail.com
- Exclude /usr/bin/2to3 to prevent conflicts with python3-2to3

Thu Dec 8 13:00:00 2011 jmatejekAATTsuse.com
- %python_version now correctly refers to %tarversion

Mon Nov 28 13:00:00 2011 saschpeAATTsuse.de
- Spec file cleanup:

* Run spec-cleaner

* Remove outdated %clean section, AutoReqProv and authors from descr.
- Fix license to Python-2.0 (also SPDX style)

Fri Sep 30 14:00:00 2011 adrianAATTsuse.de
- fix build for arm by removing an old hack for arm, bz2.so is built now

Fri Aug 19 14:00:00 2011 dmuellerAATTsuse.de
- update to 2.7.2:

* Bug fix only release, see
http://hg.python.org/cpython/raw-file/eb3c9b74884c/Misc/NEWS
for details
- introduce a pre_checkin.sh file that synchronizes
patches between python and python-base
- rediff patches for 2.7.2
- replace kernel3 patch with the upstream solution

Fri Jul 22 14:00:00 2011 idonmezAATTnovell.com
- Copy Lib/plat-linux2 to Lix/plat-linux3 so that DLFCN module
is also available for linux3 systems bnc#707667

Sun Jul 10 14:00:00 2011 roAATTsuse.de
- fix build on factory: setup reports linux3 not linux2 now,
adapt checks

Tue May 31 14:00:00 2011 jmatejekAATTnovell.com
- added explicit requires to libpython-%version-%release
to prevent bugs like bnc#697251 reappearing

Tue May 24 14:00:00 2011 jmatejekAATTnovell.com
- update to 2.7.1

* bugfix-only release, see NEWS for details
- refreshed patches, dropped the upstreamed ones
- dropped acrequire patch, replacing it with build-time sed
- improved fix to bnc#673071 by defining the constants
only for files that require it (as is done in python3)

Mon May 2 14:00:00 2011 jmatejekAATTnovell.com
- fixed a security flaw where malicious sites could redirect
Python application from http to a local file
(CVE-2011-1521, bnc#682554)
- fixed race condition in Makefile which randomly failed
parallel builds ( http://bugs.python.org/issue10013 )

Thu Feb 17 13:00:00 2011 pthAATTsuse.de
- Prefix DATE and TIME with PY_BUILD_ and COMPILER with PYTHON_ as
to not break external code (bnc#673071).

Mon Jan 17 13:00:00 2011 cooloAATTnovell.com
- provide pyxml to avoid touching tons of packages

Thu Nov 18 13:00:00 2010 cooloAATTnovell.com
- add patch from http://psf.upfronthosting.co.za/roundup/tracker/issue9960
to fix build on ppc64

Fri Oct 1 14:00:00 2010 jmatejekAATTnovell.com
- moved unittest to python-base (it is a testing framework, not a
testsuite, so it clearly belongs into stdlib)
- fixed smtpd.py DoS (bnc#638233, CVE probably not assigned)

Tue Sep 21 14:00:00 2010 cooloAATTnovell.com
- fix baselibs.conf

Thu Aug 26 14:00:00 2010 suse-tuxAATTgmx.de
- fix for urllib2 (http://bugs.python.org/issue9639)

Thu Aug 26 14:00:00 2010 jmatejekAATTnovell.com
- fixed distutils test
- dropped autoconf version requirement (it builds just fine with other versions)

Thu Aug 26 14:00:00 2010 jmatejekAATTnovell.com
- update to version 2.7

* improved handling of numeric types

* deprecation warnings are now silent by default

* new argparse module for command line arguments

* many new features, see http://docs.python.org/dev/whatsnew/2.7.html
for complete list

*
*
* 2.7 is supposed to be the last version from the 2.x series,
so its (upstream) maintenance period will probably be longer than usual.
However, upstream development now focuses on 3.x series.
- cleaned up spec and patches

Fri Jul 2 14:00:00 2010 jengelhAATTmedozas.de
- add patch from http://bugs.python.org/issue6029
- use %_smp_mflags

Mon May 17 14:00:00 2010 matejcikAATTsuse.cz
- dropped audioop.so because of security vulnerabilities
(bnc#603255)

Wed Apr 7 14:00:00 2010 matejcikAATTsuse.cz
- update to 2.6.5 (rpm version 2.6.5)
- patched test_distutils to work

Thu Mar 11 13:00:00 2010 matejcikAATTsuse.cz
- update to 2.6.5rc2 (rpm version is 2.6.4.92)

* bugfix-only release
- removed fwrapv patch - no longer needed
- removed expat patches (this version also fixes expat vulnerabilities
from bnc#581765 )
- removed readline spacing patch - no longer needed
- removed https_proxy patch - no longer needed
- removed test_distutils patch - no longer needed
- disabled test_distutils because of spurious failure,

* TODO reenable at release

Thu Feb 4 13:00:00 2010 matejcikAATTsuse.cz
- removed precompiled exe files (as noted in bnc#577032)

Fri Jan 29 13:00:00 2010 matejcikAATTsuse.cz
- enabled ipv6 in configure (bnc#572673)

Wed Dec 23 13:00:00 2009 ajAATTsuse.de
- Apply patches with fuzz=0

Mon Dec 14 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as source

Wed Oct 28 13:00:00 2009 crrodriguezAATTopensuse.org
- python-devel Requires glibc-devel

Fri Sep 4 14:00:00 2009 matejcikAATTsuse.cz
- fixed potential DoS in python\'s copy of expat (bnc#534721)

Sun Aug 2 14:00:00 2009 jansimon.moellerAATTopensuse.org
- fix files section for ARM, as bz2.so isn\'t built on ARM.

Fri Jul 31 14:00:00 2009 matejcikAATTsuse.cz
- added /usr/lib/python2.6{,/site-packages} to the package even if
it is on lib64 arch
- added %python_sitelib and %python_sitearch for fedora compatibility

Thu Jul 30 14:00:00 2009 matejcikAATTsuse.cz
- fixed test in test_distutils suite that would generate a warning
when the log threshold was set too low by preceding tests

Wed Jul 29 14:00:00 2009 matejcikAATTsuse.cz
- support noarch python packages (modified multilib patch
to differentiate between purelib and platlib, added /usr/lib
to search path in all cases

Thu Jul 16 14:00:00 2009 cooloAATTnovell.com
- disable as-needed to fix build

Mon Apr 27 14:00:00 2009 matejcikAATTsuse.cz
- update to 2.6.2

* bugfix-only release for 2.6 series


  
ICM