SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libpython3_4m1_0-3.4.6-25.23.1.x86_64.rpm :
Mon Jan 21 13:00:00 2019 mceplAATTsuse.com
- bsc#1120644 add CVE-2018-20406-pickle_LONG_BINPUT.patch fixing bpo#34656
Modules/_pickle.c in Python before 3.7.1 has an integer overflow via
a large LONG_BINPUT value that is mishandled during a \"resize to twice
the size\" attempt. This issue might cause memory exhaustion, but is
only relevant if the pickle format is used for serializing tens or
hundreds of gigabytes of data.

Sat Jan 19 13:00:00 2019 mceplAATTsuse.com
- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch
fixing bpo-35746.
An exploitable denial-of-service vulnerability exists in the
X509 certificate parser of Python.org Python 2.7.11 / 3.7.2.
A specially crafted X509 certificate can cause a NULL pointer
dereference, resulting in a denial of service. An attacker can
initiate or accept TLS connections using crafted certificates
to trigger this vulnerability.

Mon Sep 3 14:00:00 2018 mceplAATTsuse.com
- Add -fwrapv to OPTS, which is default for python3 anyway
See for example https://github.com/zopefoundation/persistent/issues/86
for bugs which are caused by avoiding it. (bsc#1107030)

Fri Jun 29 14:00:00 2018 mceplAATTsuse.com
- Apply \"CVE-2018-1061-DOS-via-regexp-difflib.patch\" to prevent
low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS
(CVE-2018-1061). Prior to this patch mail server\'s timestamp was
susceptible to catastrophic backtracking on long evil response from
the server. Also, it was susceptible to catastrophic backtracking,
which was a potential DOS vector.
[bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]

Fri Jun 29 14:00:00 2018 mceplAATTsuse.com
- Apply \"python-sorted_tar.patch\" (bsc#1086001)
sort tarfile output directory listing

Tue Mar 13 13:00:00 2018 psimonsAATTsuse.com
- Apply \"python-3.6-CVE-2017-18207.patch\" to add a check to
Lib/wave.py that verifies that at least one channel is provided.
Prior to this check, attackers could cause a denial of service
(divide-by-zero error and application crash) via a crafted wav
format audio file. [bsc#1083507, CVE-2017-18207]

Wed Mar 1 13:00:00 2017 jmatejekAATTsuse.com
- update to 3.4.6 (bsc#1027282):

* fixed potential crash in PyUnicode_AsDecodedObject() in debug build

* fixed possible DoS and arbitrary execution in gettext plurals

* fix possible use of uninitialized memory in operator.methodcaller

* fix possible Py_DECREF on unowned object in _sre

* fix possible integer overflow in _csv module

* prevent HTTPoxy attack (CVE-2016-1000110)

* fix selectors incorrectly retaining invalid fds
- drop upstreamed python-3.4-CVE-2016-1000110-fix.patch

Mon Aug 8 14:00:00 2016 jmatejekAATTsuse.com
- rename rpmlintrc to python3-rpmlintrc (applied change from 13.2)
- drop python-fix-short-dh.patch and dh2048.pem, this is now fixed
upstream
- drop disabled libffi-ppc64le.diff completely
- reverse order of lowercase-proxies and HTTPoxy patches in order
to fix documented behavior
- drop upstreamed werror-declaration-after-statement.patch

Sun Aug 7 14:00:00 2016 hpjAATTurpla.net
- fix python3-urllib-prefer-lowercase-proxies.patch

Sat Aug 6 14:00:00 2016 hpjAATTurpla.net
- apply fix for CVE-2016-1000110 - CGIHandler: sets environmental
variable based on user supplied Proxy request header:
python-3.4-CVE-2016-1000110-fix.patch
(fixes bsc#989523, CVE-2016-1000110)
- refresh python3-urllib-prefer-lowercase-proxies.patch

Sun Jul 3 14:00:00 2016 hpjAATTurpla.net
- update to 3.4.5
check: https://docs.python.org/3.4/whatsnew/changelog.html
(fixes bsc#984751, CVE-2016-0772)
(fixes bsc#985177, CVE-2016-5636)
(fixes bsc#985348, CVE-2016-5699)

Wed Jun 15 14:00:00 2016 hpjAATTurpla.net
- apply upstream patch python3-urllib-prefer-lowercase-proxies.patch
in order to make urllib proxy var handling behave as usual on POSIX

Tue Jun 14 14:00:00 2016 hpjAATTurpla.net
- Due to being fixed upstream (differently), removed outdated patch
CVE-2014-4650-CGIHTTPServer-traversal.patch (bsc#983582)

Sat May 7 14:00:00 2016 hpjAATTurpla.net
- update to 3.4.4
check: https://docs.python.org/3.4/whatsnew/changelog.html
- all necessary patches refreshed
- adjusted Python-3.3.0b2-multilib.patch
- disabled libffi-ppc64le.diff: horribly deviated
- fix a new multilib issue in configure.ac with $LIBPL
(target of python3 config)
- disabled more tests, that require ssl

Fri Oct 23 14:00:00 2015 jmatejekAATTsuse.com
- Issue #21121: Don\'t force 3rd party C extensions to be built with
- Werror=declaration-after-statement.
(werror-declaration-after-statement.patch, bsc#951166)

Tue Sep 22 14:00:00 2015 dmuellerAATTsuse.com
- add python-2.7-libffi-aarch64.patch to fix incorrect FFI on aarch64

Thu Sep 17 14:00:00 2015 meissnerAATTsuse.com
- python-fix-short-dh.patch,dh2048.pem:
Bump DH parameters to 2048 bit to fix logjam security issue. bsc#935856

Wed Jul 23 14:00:00 2014 jmatejekAATTsuse.com
- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file
disclosure and directory traversal through URL-encoded characters
(CVE-2014-4650, bnc#885882)

Tue Jul 22 14:00:00 2014 jmatejekAATTsuse.com
- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons,
reinstate bundled copies of pip and setuptools
(fixes bnc#885662)
- add more files as sources to silence the validator

Wed May 21 14:00:00 2014 jmatejekAATTsuse.com
- update to 3.4.1

* bugfix-only release, over 300 bugs fixed
- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch
- drop upstreamed CVE-2014-2667-mkdir.patch
- include Python release manager keyring and signature file
for the source archive (thus renumbering of source files)
(see https://www.python.org/download/#openpgp-public-keys )
- move ensurepip to python3, because it transitively requires ssl

Fri Apr 4 14:00:00 2014 jmatejekAATTsuse.com
- CVE-2014-2667-mkdir.patch: race condition with reseting umask
in os.makedirs
(CVE-2014-2667, bnc#871152)
- updated multilib patch to include ~/.local/lib64 (bnc#637176)

Wed Mar 26 13:00:00 2014 jmatejekAATTsuse.com
- raise timeout value for test_subprocess to 10s (might fix
intermittent build failures in OBS)

Mon Mar 24 13:00:00 2014 dmuellerAATTsuse.com
- remove blacklisting of test_posix on aarch64: qemu bug is fixed

Mon Mar 17 13:00:00 2014 jmatejekAATTsuse.com
- update to 3.4.0 final
- drop upstreamed python-3.4rc2-importlib.patch

Sun Mar 16 13:00:00 2014 schwabAATTsuse.de
- Only build with profile-opt if profiling is enabled
- Update test exclusion lists:

* test_ctypes no longer fails on arm

* test_io no longer fails on ppc
*

* test_multiprocessing has been split in multiple tests

* test_posix and test_signal fail due to qemu bugs

Fri Mar 14 13:00:00 2014 andreas.stiegerAATTgmx.de
- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests,
adding python-2.7.6-sqlite-3.8.4-tests.patch

Thu Feb 27 13:00:00 2014 jmatejekAATTsuse.com
- update to 3.4.0 rc2

* pre-release bugfixes

* improvements to asyncio library
- drop upstreamed tracemalloc_gcov.patch
- python-3.4rc2-importlib.patch fixes backwards-incompatibility
in the reworked importlib module that blocks build of vim

Fri Jan 17 13:00:00 2014 jmatejekAATTsuse.com
- initial commit of 3.4.0 beta 3

* new stdlib modules: pathlib, enum, statistics, tracemalloc

* asynchronous IO with new asyncio module

* introspection data for builtins

* subprocesses no longer inherit open file descriptors

* standardized metadata for packages

* internal hashing changed to SipHash

* new pickle protocol

* improved handling of codecs

* TLS 1.2 support

* major speed improvements for internal unicode handling

* many bugfixes and optimizations
- see porting guide at:
http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4
- moved several modules to -testsuite subpackage
- updated list of binary extensions, refreshed patches
- tracemalloc_gcov.patch fixes profile-based optimization build
- updated packages and pre_checkin.sh to use ~-version notation
for prereleases
- fix-shebangs part of build process moved to common %prep
- drop python-3.3.2-no-REUSEPORT.patch (upstreamed)
- update baselibs for new soname
- TODOs:

* require python-pip, make ensurepip work with zypper

Wed Dec 4 13:00:00 2013 matzAATTsuse.de
- add ppc64le (ELFv2) support for libffi copy for ctypes module
- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be
\"lib64\").
- added patches:

* libffi-ppc64le.diff

Tue Dec 3 13:00:00 2013 adrianAATTsuse.de
- add ppc64le rules

Fri Nov 22 13:00:00 2013 speilickeAATTsuse.com
- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch:
+ Disable global and distutils sysconfig comparison test, we deviate
from the default depending on optflags

Tue Nov 19 13:00:00 2013 jmatejekAATTsuse.com
- update to 3.3.3

* bugfix-only release

* many SSL-related fixes

* upstream fix for CVE-2013-4238

* upstream fixes for CVE-2013-1752
- move example module xxlimited to python3-testsuite
- remove --with-wide-unicode config option, it is now the default
(and only) choice
- don\'t touch anything between make and makeinstall
- drop python-3.2b2-buildtime-generate.patch - the issue was caused
by touching things between make and makeinstall
- link pycache entries for import_failed hooks properly

Thu Aug 8 14:00:00 2013 dvaleevAATTsuse.com
- Exclue test_faulthandler from tests on powerpc due to bnc#831629

Thu Jun 13 14:00:00 2013 jmatejekAATTsuse.com
- update to 3.3.2

* bugfix-only release

* fixes several regressions introduced in 3.3.1
- switch to xz compression
- move _lzma module to python3-base
- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT

Mon Apr 29 14:00:00 2013 schwabAATTsuse.de
- Readd missing bits from ctypes-libffi-aarch64.patch

Sat Apr 13 14:00:00 2013 idonmezAATTsuse.com
- Update to version 3.3.1

* Fix the –enable-profiling configure switch.

* In IDLE, close the replace dialog after it is used.
- Too many bugfixes to list here,
see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS
- Refresh Python-3.3.0b2-multilib.patch
- Refresh python-3.2b2-buildtime-generate.patch
- Drop upstream patches: ctypes-libffi-aarch64.patch,
python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch

Fri Apr 5 14:00:00 2013 idonmezAATTsuse.com
- Add Source URL, see https://en.opensuse.org/title=SourceUrls

Wed Apr 3 14:00:00 2013 jmatejekAATTsuse.com
- remove spurious modification of python-3.3.0b1-localpath.patch
that would force installation into /usr/local.
this fixes bnc#809831

Thu Mar 28 13:00:00 2013 jmatejekAATTsuse.com
- replace broken movetogetdents64.diff patch with a correct one
from upstream repo (python-3.3.0-getdents64.patch)

Fri Mar 1 13:00:00 2013 dmuellerAATTsuse.com
- add ctypes-libffi-aarch64.patch:

* import aarch64 support for libffi in _ctypes module
- add aarch64 to the list of lib64 based archs
- add movetogetdents64.diff:

* port to getdents64, as SYS_getdents is not implemented everywhere

Tue Feb 26 13:00:00 2013 saschpeAATTsuse.de
- /etc/rpm/macros.python3 is no %config, it is not meant to be changed
by users.
- Add rpmlintrc with some obvious filters

Mon Jan 28 13:00:00 2013 jmatejekAATTsuse.com
- update baselibs for new version of libpython3

Thu Nov 29 13:00:00 2012 jmatejekAATTsuse.com
- fix include path in macros (bnc#787526)
- implement failed import handlers for modules that live in
subpackages - e.g. \"import ssl\" will now throw a sensible error
message telling you to install \"python3\"

Wed Nov 28 13:00:00 2012 jmatejekAATTsuse.com
- merge python3-xml into python3
- merge python3-2to3 library into python3-base
and the 2to3 binary into python3-devel
(python3-devel is now in conflict with python-2to3, which
will be dropped)
- enable --with-system-expat for python3, making the xml modules
(and thus python3) depend on expat
- reconfigure tests to disable network and GUI resources, which
the upstream apparently thought is a good idea to enable by default.
this fixes build failures in Factory
- add lzma-devel to build the _lzma module
- moved %dynlib macro definition to common section

Mon Nov 5 13:00:00 2012 cooloAATTsuse.com
- buildrequire timezone for the test suite

Mon Oct 29 13:00:00 2012 dmuellerAATTsuse.com
- disable more checks for qemu builds as they use syscalls not
implemented yet

Thu Oct 25 14:00:00 2012 Rene.vanPaassenAATTgmail.com
- exclude test_math for SLE 11; math library fails on negative
gamma function values close to integers and 0, probably
due to imprecision in -lm on SLE_11_SP2.

Tue Oct 16 14:00:00 2012 cooloAATTsuse.com
- buildrequire libbz2-devel explicitly

Mon Oct 8 14:00:00 2012 jmatejekAATTsuse.com
- remove distutils.cfg (bnc#658604)

* this changes default prefix for distutils to /usr

* see ML for details:
http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html

Mon Oct 1 14:00:00 2012 idonmezAATTsuse.com
- Update to final 3.3.0 release

* See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS

Thu Sep 27 14:00:00 2012 idonmezAATTsuse.com
- Correct dependency for python3-testsuite,
python3-tkinter -> python3-tk

Thu Aug 23 14:00:00 2012 jmatejekAATTsuse.com
- update to 3.3.0 RC1

Fri Aug 3 14:00:00 2012 jmatejekAATTsuse.com
- update to 3.3.0 beta 1

* flexible string representation, no longer distinguishing
between wide and narrow Unicode builds

* importlib-based import system

* virtualenv support in core

* namespace packages

* explicit Unicode literals for easier porting

* key-sharing dict implementation reduces memory footprint
of OO code

* hash randomization on by default

* many other new bugfixes and features, check NEWS for details
- pre_checkin.sh now autofills various version strings in specs
- ship hashlib\'s fallback modules - those uselessly take up space
when real _hashlib.so from python3 is present, but the space wasted
is only 114kB and it provides python3-base with a working hashlib
module.
(also, this fixes bnc#743787)

Fri Jul 27 14:00:00 2012 dvaleevAATTsuse.com
- skip test_io on ppc
- drop test_io ppc patch

Thu Jun 28 14:00:00 2012 saschpeAATTsuse.de
- Satisfy source_validator by uncommenting an otherwise unused \"Patch\"
line

Fri May 18 14:00:00 2012 idonmezAATTsuse.com
- update to 3.2.3

* No changes since rc2

Thu Mar 29 14:00:00 2012 jmatejekAATTsuse.com
- update to 3.2.3rc2

* fixes several security issues:

* CVE-2012-0845, bnc#747125

* CVE-2012-1150, bnc#751718

* CVE-2011-4944, bnc#754447

* CVE-2011-3389, bnc#754677
- fix for insecure .pypirc (CVE-2011-4944, bnc#754447)
- disable test_gdb because it is broken by our gdb

Thu Feb 16 13:00:00 2012 dvaleevAATTsuse.com
- skip broken test_io test on ppc

Wed Jan 18 13:00:00 2012 jmatejekAATTsuse.com
- update to 3.2.2

* bugfix-only release

* reports \"linux2\" as sys.platform regardless of Linux kernel
- added pre_checkin.sh to copy common spec sections to python3.spec
- added PACKAGING-NOTES with some helpful info for packagers

Sun Dec 25 13:00:00 2011 idonmezAATTsuse.com
- Use system ffi, included one is broken see
http://bugs.python.org/issue11729 and
http://bugs.python.org/issue12081

Fri Dec 9 13:00:00 2011 jmatejekAATTsuse.com
- license.opensuse.org-compatible license headers

Fri Dec 2 13:00:00 2011 cooloAATTsuse.com
- add automake as buildrequire to avoid implicit dependency

Thu Nov 24 13:00:00 2011 agrafAATTsuse.com
- fix ARM build (exclude some test cases which break for us)

Tue Aug 16 14:00:00 2011 termimAATTgmail.com
- use sysconfig module to get py3_incdir, py3_abiflags,
py3_soflags, python3_sitelib and python3_sitearch

Mon Jul 18 14:00:00 2011 jmatejekAATTnovell.com
- update to 3.2.1

* bugfix-only release, no major changes
- fix build on linux3 platform
- remove upstreamed pybench patch
- install /usr/lib directories in all cases to prevent spurious
\"directory not owned\" in dependent packages

Wed Jun 15 14:00:00 2011 jmatejekAATTnovell.com
- replaced dynamic so version with manual so version, because
autobuild does not support autogeneration

Tue May 24 14:00:00 2011 jmatejekAATTnovell.com
- generate macros.python3 at compile-time with fixed values
- don\'t include bogus values in pyconfig.h, as they can break
third-party packages (bnc#673071)

Tue May 17 14:00:00 2011 jmatejekAATTnovell.com
- added Obsoletes: python3 < 3.1 so that the transition from
non-split to split packages goes smoothly

Fri May 13 14:00:00 2011 jmatejekAATTnovell.com
- fixed RPM macros to use python3 instead of python
- updated to build --with-wide-unicode (for compatibility with
fedora and our own python 2.x series)

Thu Apr 21 14:00:00 2011 termimAATTgmail.com
- fix python3-base build failure due to pybench.py crash by
python-3.2-pybench.patch
- move pyconfig.h from python3-devel to python3-base package to
make python3-base functional again

Wed Mar 23 13:00:00 2011 termimAATTgmail.com
- update to python 3.2

* stable ABI, ABI-tagged .so files

* concurrent.futures and many other new or upgraded modules

* PYC repository directories ( __pycache__ )

* python WSGI 1.0.1

* Unicode 6.0.0 support

* a great number of bugfixes and assorted improvements

Tue Feb 8 13:00:00 2011 matejcikAATTsuse.cz
- update to python 3.2 RC2
- renamed python3-demo to python3-tools, because the demo part
became much smaller than the tools part
- added rpm macros

Tue Jan 18 13:00:00 2011 jmatejekAATTnovell.com
- update to python 3.2 beta 2, see NEWS for details
- split off -base package with less dependencies, and a shlib-policy
compliant libpython3 package
- mostly rewritten the spec file with more detailed comments
- cleaned up lists of patches


  
ICM