|
|
|
|
Changelog for python-32bit-2.7.13-27.12.1.x86_64.rpm :
Tue Sep 25 14:00:00 2018 Matěj Cepl - Apply \"CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch\" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802]
Thu Jun 7 14:00:00 2018 psimonsAATTsuse.com - Apply \"CVE-2017-18207.patch\" to add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this check, attackers could cause a denial of service (divide-by-zero error and application crash) via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207]
Tue Mar 13 13:00:00 2018 psimonsAATTsuse.com - Apply \"python-2.7.14-CVE-2017-1000158.patch\" to prevent integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution. [bsc#1068664, CVE-2017-1000158] - Apply \"python-2.7.14-CVE-2018-1000030-1.patch\" and \"python-2.7.14-CVE-2018-1000030-2.patch\" to remedy a bug that would crash the Python interpreter when multiple threads used the same I/O stream concurrently. This issue is not classified as a security vulnerability due to the fact that an attacker must be able to run code, however in some situations -- such as function as a service -- this vulnerability can potentially be used by an attacker to violate a trust boundary. [bsc#1079300, CVE-2018-1000030]
Wed Mar 1 13:00:00 2017 jmatejekAATTsuse.com - update for SLE (bsc#1027282) - removed obsolete python-2.7-urllib2-localnet-ssl.patch - refreshed python-2.7.9-sles-disable-verification-by-default.patch to work with PEP493-compatibe config. Variable \"PYTHONHTTPSVERIFY\" is now recognized and setting it to 1 will enable strict TLS checking, while setting to 0 will disable checking. The default behavior depends on whether a policy file (typically from python-strict-tls-check package) is present: if it is, the policy decides what happens, empty policy file means upstream policy. If not present, checking is disabled by default.
Tue Jan 3 13:00:00 2017 jmatejekAATTsuse.com - update to 2.7.13 * dozens of bugfixes, see NEWS for details * updated cipher lists for openssl wrapper, support openssl >= 1.1.0 * properly fix HTTPoxy (CVE-2016-1000110) * profile-opt build now applies PGO to modules as well - update python-2.7.10-overflow_check.patch with python-2.7.13-overflow_check.patch, incorporating upstream changes - add \"-fwrapv\" to optflags explicitly because upstream code still relies on it in many places
Fri Dec 2 13:00:00 2016 jmatejekAATTsuse.com - provide python2- * symbols, for support of new packages built as python2-foo
Thu Jun 30 14:00:00 2016 jmatejekAATTsuse.com - update to 2.7.12 * dozens of bugfixes, see NEWS for details * fixes multiple security issues: CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) CVE-2016-5636 zipimporter heap overflow (bsc#985177) CVE-2016-5699 httplib header injection (bsc#985348) (this one is actually fixed since 2.7.10)
Thu Aug 13 14:00:00 2015 jmatejekAATTsuse.com - add missing ssl.pyc and ssl.pyo to package - implement python-strict-tls-checks subpackage * when present, Python will perform TLS certificate checking by default. it is possible to remove the package to turn off the checks for compatibility with legacy scripts. * as discussed in fate#318300
Thu May 14 14:00:00 2015 jmatejekAATTsuse.com - for SLE 12 SP1, disable SSL verification-by-default for backwards compatibility (python-2.7.9-sles-disable-verification-by-default.patch)
Wed Feb 25 13:00:00 2015 jmatejekAATTsuse.com - python-2.7.9-ssl_ca_path.patch - reintroduce support for CA directory path
Fri Dec 12 13:00:00 2014 jmatejekAATTsuse.com - update to 2.7.9
Sat Oct 18 14:00:00 2014 crrodriguezAATTopensuse.org - Only pkgconfig(x11) is required for build,not xorg-x11-devel.
Tue Sep 30 14:00:00 2014 jmatejekAATTsuse.com - update to 2.7.8 * bugfix-only release, dozens of bugs fixed
Fri Jun 20 14:00:00 2014 jmatejekAATTsuse.com - update to 2.7.7 * bugfix-only release, over a hundred bugs fixed
Fri Mar 14 13:00:00 2014 andreas.stiegerAATTgmx.de - Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, adding python-2.7.6-sqlite-3.8.4-tests.patch
Thu Nov 21 13:00:00 2013 jmatejekAATTsuse.com - update to 2.7.6
Thu Sep 19 14:00:00 2013 crrodriguezAATTopensuse.org - build with -DOPENSSL_LOAD_CONF so python honours the system\'s openSSL configuration if any, allowing it to benefit from openssl ENGINE functionality.
Mon Aug 26 14:00:00 2013 lnusselAATTsuse.de - update python-2.7.3-ssl_ca_path.patch patch to load default verify locations if no ca_certs file is specified (bnc#827982, bnc#836739)
Fri Aug 16 14:00:00 2013 jmatejekAATTsuse.com - handle NULL bytes in certain fields of SSL certificates (CVE-2013-4238, bnc#834601)
Tue Jul 9 14:00:00 2013 jengelhAATTinai.de - Add python-bsddb6.diff to support building against libdb-6.0
Wed Jun 5 14:00:00 2013 schwabAATTsuse.de - Reenable testsuite on arm
Thu May 30 14:00:00 2013 jmatejekAATTsuse.com - switch to xz archive
Tue May 28 14:00:00 2013 speilickeAATTsuse.com - Update to version 2.7.5: + bugfix-only release + fixes several important regressions introduced in 2.7.4 + Issue #15535: Fixed regression in the pickling of named tuples by removing the __dict__ property introduced in 2.7.4. + Issue #17857: Prevent build failures with pre-3.5.0 versions of sqlite3, such as was shipped with Centos 5 and Mac OS X 10.4. + Issue #17703: Fix a regression where an illegal use of Py_DECREF() after interpreter finalization can cause a crash. + Issue #16447: Fixed potential segmentation fault when setting __name__ on a class. + Issue #17610: Don\'t rely on non-standard behavior of the C qsort() function. 12 See http://hg.python.org/cpython/file/ab05e7dd2788/Misc/NEWS for more
Thu May 9 14:00:00 2013 jmatejekAATTsuse.com - update to 2.7.4 * bugfix-only release
Fri Apr 5 14:00:00 2013 idonmezAATTsuse.com - Add Source URL, see https://en.opensuse.org/SourceUrls
Mon Feb 25 13:00:00 2013 jmatejekAATTsuse.com - fix pythonstart failing on $HOME-less users (bnc#804978)
Sun Aug 12 14:00:00 2012 idonmezAATTsuse.com - python & python-base Release numbers can differ, take that into account. See bnc#766778 comment 12.
Tue Jun 26 14:00:00 2012 dvaleevAATTsuse.com - Fix failing test_dbm on ppc64
Thu May 17 14:00:00 2012 jfunkAATTfunktronics.ca - Support directory-based certificate stores with the ca_certs parameter of SSL functions [bnc#761501]
Tue May 15 14:00:00 2012 jmatejekAATTsuse.com - enabled some tests
Thu Dec 8 13:00:00 2011 jmatejekAATTsuse.com - %python_version now correctly refers to %tarversion
Thu Dec 1 13:00:00 2011 saschpeAATTsuse.de - Spec file cleanup: * Run spec-cleaner * Remove outdated %clean section, AutoReqProv and authors from descr. - Fix license to Python-2.0 (also SPDX style)
Wed Nov 30 13:00:00 2011 cooloAATTsuse.com - add automake as buildrequire to avoid implicit dependency
Fri Sep 16 14:00:00 2011 jmatejekAATTsuse.com - dropped newslist.py from demos because of bad license (bnc#718009)
Sun Jul 10 14:00:00 2011 roAATTsuse.de - update to 2.7.2: * Bug fix only release, see http://hg.python.org/cpython/raw-file/eb3c9b74884c/Misc/NEWS for details - introduce a pre_checkin.sh file that synchronizes patches between python and python-base - rediff patches for 2.7.2 - replace kernel3 patch with the upstream solution
Tue May 24 14:00:00 2011 jmatejekAATTnovell.com - updated to 2.7.1 * bugfix-only release
Wed May 4 14:00:00 2011 jmatejekAATTnovell.com - added \"fix-parallel-make\" patch to python main package as well, because build process is the same
Thu Feb 17 13:00:00 2011 pthAATTsuse.de - Prefix DATE and TIME with PY_BUILD_ and COMPILER with PYTHON_ as to not break external code (bnc#673071).
Tue Aug 31 14:00:00 2010 cristian.rodriguezAATTopensuse.org - Provide \"fake\" build enviroment information * build date replaced by source tarball modify date * compiler string replaced by \"GCC\" * This is intended to avoid republishing the packages over and over again.
Thu Aug 26 14:00:00 2010 jmatejekAATTnovell.com - update to 2.7 * see changes in python-base.changes - cleaned up the spec and patches
Fri Jul 2 14:00:00 2010 jengelhAATTmedozas.de - add patch from http://bugs.python.org/issue6029 - use %_smp_mflags
Wed Apr 7 14:00:00 2010 matejcikAATTsuse.cz - update to 2.6.5
Wed Feb 3 13:00:00 2010 jengelhAATTmedozas.de - exclude dl.so from SPARC64 (not built like on x86_64)
Fri Jan 29 13:00:00 2010 matejcikAATTsuse.cz - enabled ipv6 in configure (bnc#572673)
Wed Dec 23 13:00:00 2009 ajAATTsuse.de - Apply patches with fuzz=0
Wed Dec 2 13:00:00 2009 cooloAATTnovell.com - update patch again
Wed Nov 4 13:00:00 2009 matejcikAATTsuse.cz - readline shouldn\'t append space after completion (bnc#551715, python bug 5833)
Tue Nov 3 13:00:00 2009 cooloAATTnovell.com - updated patches to apply with fuzz=0
Tue Sep 8 14:00:00 2009 maxAATTsuse.de - removed blt from BuildRequires so that it can be dropped.
Fri Sep 4 14:00:00 2009 matejcikAATTsuse.cz - added patch for potential SSL hangup during handshake (bnc#525295)
Wed Jul 29 14:00:00 2009 matejcikAATTsuse.cz - renamed multilib patch to reflect the changes
Thu Jul 16 14:00:00 2009 cooloAATTnovell.com - disable as-needed to fix build
Mon Apr 27 14:00:00 2009 matejcikAATTsuse.cz - update to 2.6.2 * bugfix-only release for 2.6 series
|
|
|