|
|
|
|
Changelog for libpython2_7-1_0-32bit-2.7.14-lp151.10.3.1.x86_64.rpm :
* Wed Jul 03 2019 Matej Cepl - bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) and getting Lib/urlparse.py and tests in sync with the latest upstream state. Upstream gh#python/cpython#13812 * Mon Apr 08 2019 Matej Cepl - bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch removing unnecessary (and potentially harmful) URL scheme local-file://. * Fri Mar 29 2019 Matej Cepl - bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``AATT``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised. Upstream commits e37ef41 and 507bd8c. * Sat Jan 19 2019 mceplAATTsuse.com- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746. An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. * Wed Sep 26 2018 Matěj Cepl - Apply \"CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch\" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802] * Tue Feb 20 2018 bwiedemannAATTsuse.com- Add python-sorted_tar.patch (boo#1081750) * Mon Feb 05 2018 normandAATTlinux.vnet.ibm.com- exclude test_socket & test_subprocess for PowerPC boo#1078485 (same ref as previous change) * Fri Feb 02 2018 normandAATTlinux.vnet.ibm.com- Add python-skip_random_failing_tests.patch bypass boo#1078485 and exclude many tests for PowerPC * Tue Jan 30 2018 tchvatalAATTsuse.com- Add patch python-fix-shebang.patch to fix bsc#1078326 * Fri Dec 22 2017 jmatejekAATTsuse.com- exclude test_regrtest for s390, where it does not segfault as it should (fixes bsc#1073269)- fix segfault while creating weakref - bsc#1073748, bpo#29347 (this is actually fixed by the 2.7.14 update; mentioning this for purposes of bugfix tracking) * Mon Nov 20 2017 jmatejekAATTsuse.com- update to 2.7.14 * dozens of bugfixes, see NEWS for details * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664) * fixed segfaults with dict mutated during search * fixed possible free-after-use problems with buffer objects with custom indexing * fixed urllib.splithost to correctly parse fragments (bpo-30500)- drop upstreamed python-2.7.13-overflow_check.patch- drop unneeded python-2.7.12-makeopcode.patch- drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch * Thu Nov 02 2017 mpluskalAATTsuse.com- Call python2 instead of python in macros * Thu Aug 17 2017 kukukAATTsuse.de- Add libnsl-devel build requires for glibc obsoleting libnsl * Mon May 15 2017 jmatejekAATTsuse.com- obsolete/provide python-argparse and provide python2-argparse, because the argparse module is available from python 2.7 up * Fri Feb 24 2017 bwiedemannAATTsuse.com- Add reproducible.patch to allow reproducible builds of various python packages like python-amqp Upstream: https://github.com/python/cpython/pull/296 * Tue Jan 03 2017 jmatejekAATTsuse.com- update to 2.7.13 * dozens of bugfixes, see NEWS for details * updated cipher lists for openssl wrapper, support openssl >= 1.1.0 * properly fix HTTPoxy (CVE-2016-1000110) * profile-opt build now applies PGO to modules as well- update python-2.7.10-overflow_check.patch with python-2.7.13-overflow_check.patch, incorporating upstream changes- add \"-fwrapv\" to optflags explicitly because upstream code still relies on it in many places * Fri Dec 02 2016 jmatejekAATTsuse.com- provide python2- * symbols, for support of new packages built as python2-foo- rename macros.python to macros.python2 accordingly- require python-rpm-macros package, drop macro definitions from macros.python2 * Thu Jun 30 2016 jmatejekAATTsuse.com- update to 2.7.12 * dozens of bugfixes, see NEWS for details * fixes multiple security issues: CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) CVE-2016-5636 zipimporter heap overflow (bsc#985177) CVE-2016-5699 httplib header injection (bsc#985348) (this one is actually fixed since 2.7.10)- removed upstreamed python-2.7.7-mhlib-linkcount.patch- refreshed multilib patch- python-2.7.12-makeopcode.patch - run newly-built python interpreter to make opcodes, in order not to require pre-built python- update LD_LIBRARY_PATH to use $PWD instead of \".\" because the test process escapes to its own directory- modify shebang-fixing scriptlet to ignore makeopcodetargets.py * Fri Jan 29 2016 rguentherAATTsuse.com- Add python-2.7.10-overflow_check.patch to fix broken overflow checks. [bnc#964182] * Mon Sep 14 2015 jmatejekAATTsuse.com- copy strict-tls-checks subpackage from SLE to retain future compatibility (not built in openSUSE)- do this properly to fix bnc#945401 * Wed Sep 09 2015 dimstarAATTopensuse.org- Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1. * Wed Jun 10 2015 dmuellerAATTsuse.com- add __python2 compatibility macro (used by Fedora) * Sun May 24 2015 michaelAATTstroeder.com- update to 2.7.10- removed obsolete python-2.7-urllib2-localnet-ssl.patch * Tue May 19 2015 schwabAATTsuse.de- Reenable test_posix on aarch64 * Sun Dec 21 2014 schwabAATTsuse.de- python-2.7.4-aarch64.patch: Remove obsolete patch- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64 * Fri Dec 12 2014 jmatejekAATTsuse.com- update to 2.7.9 * contains full backport of ssl module from Python 3.4 (PEP466) * HTTPS certificate validation enabled by default (PEP476) * SSLv3 disabled by default (bnc#901715) * backported ensurepip module (PEP477) * fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 * dozens of minor bugfixes- dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch- dropped patch python-2.7.3-ssl_ca_path.patch because we don\'t need it with ssl module from Python 3- libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well- python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional \"import ssl\" from test_urllib2_localnet that caused it to fail without ssl * Wed Oct 22 2014 dmuellerAATTsuse.com- skip test_thread in qemu_linux_user mode
|
|
|