SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python3-tools-3.6.9-lp151.6.4.1.i586.rpm :

* Tue Oct 22 2019 Matej Cepl - Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in python/Lib/DocXMLRPCServer.py
* Thu Sep 19 2019 Matej Cepl - Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes bsc#1149792- Add bpo36263-Fix_hashlib_scrypt.patch which works around bsc#1151490
* Mon Sep 16 2019 Matej Cepl - Add CVE-2019-16056-email-parse-addr.patch fixing the email module wrongly parses email addresses [bsc#1149955, CVE-2019-16056]
* Mon Sep 09 2019 Matej Cepl - jsc#PM-1350 bsc#1149121 Update python3 to the last version of the 3.6 line. This is just a bugfix release with no changes in functionality.- The following patches were included in the upstream release as so they can be removed in the package: - CVE-2018-20852-cookie-domain-check.patch - CVE-2019-5010-null-defer-x509-cert-DOS.patch - CVE-2019-10160-netloc-port-regression.patch - CVE-2019-9636-urlsplit-NFKC-norm.patch - CVE-2019-9947-no-ctrl-char-http.patch- Patch bpo23395-PyErr_SetInterrupt-signal.patch has been reapplied on the upstream base without changing any functionality.- Add patch aarch64-prolong-timeout.patch to fix failing test_utime_current_old test.
* Fri Jul 19 2019 Matej Cepl - boo#1141853 (CVE-2018-20852) add CVE-2018-20852-cookie-domain-check.patch fixing http.cookiejar.DefaultPolicy.domain_return_ok which did not correctly validate the domain: it could be tricked into sending cookies to the wrong server.
* Wed Jul 03 2019 Matej Cepl - bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) Upstream gh#python/cpython#13812
* Tue Jun 11 2019 Matej Cepl - bsc#1094814: Add bpo23395-PyErr_SetInterrupt-signal.patch to handle situation when the SIGINT signal is ignored or not handled
* Tue Apr 30 2019 Matej Cepl - Update to 3.6.8: - bugfixes only - removed patches (subsumed in the upstream tarball): - CVE-2018-20406-pickle_LONG_BINPUT.patch - refreshed patches: - CVE-2019-5010-null-defer-x509-cert-DOS.patch - CVE-2019-9636-urlsplit-NFKC-norm.patch - Python-3.0b1-record-rpm.patch - python-3.3.0b1-fix_date_time_compiler.patch - python-3.3.0b1-test-posix_fadvise.patch - python-3.3.3-skip-distutils-test_sysconfig_module.patch - python-3.6.0-multilib-new.patch - python3-sorted_tar.patch - subprocess-raise-timeout.patch - switch off LTO and PGO optimization (bsc#1133452)- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised.
* Tue Apr 09 2019 Matej Cepl - bsc#1129346: add CVE-2019-9636-urlsplit-NFKC-norm.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``AATT``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised. (CVE-2019-9636) Upstream gh#python/cpython#12224
* Mon Jan 21 2019 Matěj Cepl - bsc#1120644 add CVE-2018-20406-pickle_LONG_BINPUT.patch fixing bpo#34656 Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data.
* Sat Jan 19 2019 mceplAATTsuse.com- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746. An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
* Mon Sep 03 2018 Matěj Cepl - Add -fwrapv to OPTS, which is default for python3 anyway See for example https://github.com/zopefoundation/persistent/issues/86 for bugs which are caused by avoiding it. (bsc#1107030)
* Tue Apr 17 2018 tchvatalAATTsuse.com- As we run in main python package do not generate the pre_checkin from both now
* Mon Apr 16 2018 tchvatalAATTsuse.com- Move the tests from base to generic package wrt bsc#1088573
* We still fail the whole distro if python3 is not build
* The other archs than x86_64 took couple of hours to unblock build of other software, this way we work around the issue- Some tests are still run in -base for the LTO tweaking, but at least it is not run twice
* Sat Mar 31 2018 mimi.vxAATTgmail.com- update to 3.6.5
* bugfix release
* see Misc/NEWS for details- drop ctypes-pass-by-value.patch- drop fix-localeconv-encoding-for-LC_NUMERIC.patch- refresh python-3.6.0-multilib-new.patch
* Wed Mar 07 2018 adamAATTmizerski.pl- Created %so_major and %so_minor macros- Put Tools/gdb/libpython.py script into proper place and ship it with devel subpackage.
* Tue Feb 20 2018 schwabAATTsuse.de- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64
* Tue Feb 20 2018 bwiedemannAATTsuse.com- Add python3-sorted_tar.patch (boo#1081750)
* Wed Feb 07 2018 tchvatalAATTsuse.com- Add patch to fix glibc 2.27 fail bsc#1079761:
* fix-localeconv-encoding-for-LC_NUMERIC.patch
* Wed Jan 24 2018 jmatejekAATTsuse.com- move XML modules and python3-xml provide to python3-base (fixes bsc#1077230)- move ensurepip to base
* Thu Jan 18 2018 normandAATTlinux.vnet.ibm.com- Add skip_random_failing_tests.patch only for PowerPC
* Wed Jan 03 2018 jmatejekAATTsuse.com- update to 3.6.4
* bugfix release, over a hundred bugs fixed
* see Misc/NEWS for details- drop upstreamed python3-ncurses-6.0-accessors.patch- drop PYTHONSTARTUP hooks that cause spurious startup errors
* fixes bsc#1070738
* the relevant feature (REPL history) is now built into Python itself
* Sat Dec 02 2017 dimstarAATTopensuse.org- Install 2to3-%{python_version} executable (override defattr of the -tools package). 2to3 (unversioned) is a symlink and does not carry permissions (bsc#1070853).
* Thu Nov 16 2017 mimi.vxAATTgmail.com- move 2to3 to python3-tools package
* Wed Oct 11 2017 jmatejekAATTsuse.com- update to 3.6.3
* bugfix release, over a hundred bugs fixed
* see Misc/NEWS for details- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch
* Wed Sep 20 2017 dmuellerAATTsuse.com- drop python-2.7-libffi-aarch64.patch: this patches the intree copy of libffi which is unused/deleted in the line afterwards- fix build against system libffi: include flags weren\'t set so it actually used the in-tree libffi headers.
* Thu Sep 14 2017 vcizekAATTsuse.com- Fix test broken with OpenSSL 1.1 (bsc#1042670)
* add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch
* Thu Aug 31 2017 schwabAATTsuse.de- fix missing %{?armsuffix}
* Wed Aug 30 2017 jmatejekAATTsuse.com- distutils-reproducible-compile.patch: ensure distutils order files before compiling, which works around bsc#1049186
* Thu Aug 17 2017 kukukAATTsuse.de- Add libnsl-devel build requires for glibc obsoleting libnsl
* Thu Aug 03 2017 jmatejekAATTsuse.com- update to 3.6.2
* bugfix release, over a hundred bugs fixed
* see Misc/NEWS for details- drop upstreamed test-socket-aead-kernel49.patch- add Provides: python3-typing (fixes bsc#1050653)- drop duplicate Provides: python3
* Tue Jun 20 2017 asnAATTcryptomilk.org- Add missing link to python library in config dir (bsc#1040164)
* Thu Mar 23 2017 jmatejekAATTsuse.com- update to 3.6.1
* bugfix release, over a hundred bugs fixed
* never add import location\'s parent directory to sys.path
* switch to git for version control, build changes related to that
* fix \"failed to get random numbers\" on old kernels (bsc#1029902)
* several crashes and memory leaks corrected
* f-string are no longer accepted as docstrings
* Mon Mar 13 2017 jmatejekAATTsuse.com- prevent regenerating AST at build-time more robustly- add \"--without profileopt\" and \"--without testsuite\" options to python3-base to allow short circuiting when working on the package
* Sat Feb 25 2017 bwiedemannAATTsuse.com- Add 0001-allow-for-reproducible-builds-of-python-packages.patch upstream https://github.com/python/cpython/pull/296
* Wed Feb 08 2017 jmatejekAATTsuse.com- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch)- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent)
* Wed Jan 11 2017 jmatejekAATTsuse.com- update to 3.6.0
* PEP 498 Formated string literals
* PEP 515 Underscores in numeric literals
* PEP 526 Syntax for variable annotations
* PEP 525 Asynchronous generators
* PEP 530 Asynchronous comprehensions
* PEP 506 New \"secrets\" module for safe key generation
* less memory consumed by dicts
* dtrace and systemtap support
* improved asyncio module
* better defaults for ssl
* new hashing algorithms in hashlib
* bytecode format changed to allow more optimizations
* \"async\" and \"await\" are on track to be reserved words
* StopIteration from generators is deprecated
* support for openssl < 1.0.2 is deprecated
* os.urandom now blocks when getrandom() blocks
* huge number of new features, bugfixes and optimizations
* see https://docs.python.org/3.6/whatsnew/3.6.html for details- rework multilib patch: drop Python-3.5.0-multilib.patch, implement upstreamable python-3.6.0-multilib-new.patch- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch- finally drop python-2.6b1-canonicalize2.patch that was not applied in source and only kept around in case we needed it in the future. (which we don\'t, as it seems)- update import_failed map and baselibs- build ctypes against system libffi (buildrequire libffi-devel in python3-base)- add new key to keyring (signed by keys already in keyring)- introduced common configure section between python3 and python3-base- moved pyconfig.h and Makefile to devel subpackage as distutils no longer need it at runtime- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py because it is not used now- improve summaries and descriptions (fixes bsc#917607)- enabled Link-Time Optimization, see what happens- including skipped_tests.py in pre_checkin.sh run- run specs through spec-cleaner, rearrange sections
* Fri Apr 22 2016 jmatejekAATTsuse.com- move _hashlib and _ssl modules and tests to python3-base- recommend python3
* Mon Mar 07 2016 toddrme2178AATTgmail.com- Add Python-3.5.1-fix_lru_cache_copying.patch Fix copying the lru_cache() wrapper object. Fixes deep-copying lru_cache regression, which worked on previous versions of python but fails on python 3.5. This fixes a bunch of packages in devel:languages:python3. See: https://bugs.python.org/issue25447
* Wed Dec 09 2015 toddrme2178AATTgmail.com- update to 3.5.1
* bugfix-only release, dozens of bugs fixed- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch- \"Python3\" to \"Python 3\" in summary
* This seems cleaner and fixes and rpmlint warning
* Wed Oct 14 2015 toddrme2178AATTgmail.com- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch This fixes a build error for many packages that use the Python, C-API. This patch is already accepted upstream and is slated to appear in python 3.5.1.
* Tue Sep 29 2015 jmatejekAATTsuse.com- update to 3.5.0
* coroutines with async/await syntax
* matrix multiplication operator `AATT`
* unpacking generalizations
* new modules `typing` and `zipapp`
* type annotations
* .pyo files replaced by custom suffixes for optimization levels in __pycache__
* support for memory BIO in ssl module
* performance improvements in several modules
* and many more- removals and behavior changes
* deprecated `__version__` is removed
* support for .pyo files was removed
* system calls are auto-retried on EINTR
* bare generator expressions in function calls now cause SyntaxError (change \"f(x for x in i)\" to \"f((x for x in i))\" to fix)
* removed undocumented `format` member of private `PyMemoryViewObject` struct
* renamed `PyMemAllocator` to `PyMemAllocatorEx`- redefine %dynlib macro to reflect that modules now have arch+os as part of name- module `time` is now built-in- dropped upstreamed patches: python-3.4.1-fix-faulthandler.patch python-3.4.3-test-conditional-ssl.patch python-fix-short-dh.patch (also dropped dh2048.pem required for this patch)- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure with new gcc + ncurses
* Wed Sep 09 2015 dimstarAATTopensuse.org- Add python3-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1.
* Mon Aug 24 2015 jmatejekAATTsuse.com- improve import_failed hook to do the right thing when invoking missing modules with \"python3 -m modulename\" (boo#942751)
* Fri Jul 24 2015 fisiuAATTopensuse.org- Build with --enable-loadable-sqlite-extensions to make it works as geospatial database.
* Wed Jun 24 2015 meissnerAATTsuse.com- dh2048.pem: added generated 2048 dh parameter set to fix ssl test (bsc#935856)- python-fix-short-dh.patch: replace the 512 bits dh parameter set by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856)
* Tue May 19 2015 schwabAATTsuse.de- ctypes-libffi-aarch64.patch: remove upstreamed patch- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64
* Thu May 14 2015 jmatejekAATTsuse.com- python-3.4.3-test-conditional-ssl.patch - restore tests failing because test_urllib was unconditionally importing ssl (without really needing it)- restore functionality of multilib patch- drop libffi-ppc64le.diff because upstream completely changed everything yet again (sorry ppc64 folks :| )
* Fri May 01 2015 mailaenderAATTopensuse.org- Update to version 3.4.3- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch (bpo#21766)
* Wed Mar 25 2015 rguentherAATTsuse.com- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus faulthandler which fails with GCC 5.
* Sun Jan 11 2015 p.drouandAATTgmail.com- asyncio has been merged in python3 main package; provide and obsolete it- Remove obsolete AUTHORS section- Remove redundant %clean section
* Mon Oct 13 2014 jmatejekAATTsuse.com- add %python3_version rpm macro for Fedora compatibility- add missing argument in import_failed, rename Novell Bugzilla to SUSE Bugzilla
 
ICM