Changelog for
python3-tools-3.4.10-25.114.1.x86_64.rpm :
* Wed Mar 15 2023 mceplAATTsuse.com- Add bpo-44434-libgcc_s-for-pthread_cancel.patch which eliminates unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355).
* Wed Mar 01 2023 mceplAATTsuse.com- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters
* Mon Jan 09 2023 daniel.garciaAATTsuse.com- Add CVE-2022-40899-ReDos-cookiejar.patch to Fix REDoS in http.cookiejar (gh#python/cpython#17157, bsc#1206673, CVE-2022-40899)
* Wed Nov 09 2022 mceplAATTsuse.com- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names.
* Fri Sep 16 2022 mceplAATTsuse.com- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix CVE-2020-10735 (bsc#1203125) to limit amount of digits converting text to int and vice vera (potential for DoS). Originally by Victor Stinner of Red Hat.
* Fri Sep 02 2022 steven.kowalikAATTsuse.com- Add patch CVE-2021-28861-double-slash-path.patch:
* http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
* Thu Jun 09 2022 mceplAATTsuse.com- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module.- Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests on s390x.
* Wed May 25 2022 mceplAATTsuse.com- drop PYTHONSTARTUP hooks that cause spurious startup errors (bsc#1070738, bsc#1199441), as the relevant feature (REPL history) is now built into Python itself.
* Sat Feb 26 2022 mceplAATTsuse.com- Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572).
* Tue Feb 15 2022 mceplAATTsuse.com- Add CVE-2022-0391-urllib_parse-newline-parsing.patch (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs containing ASCII newline and tabs in urlparse.
* Sun Feb 06 2022 mceplAATTsuse.com- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146, bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib not trust the PASV response.
* Sat Sep 25 2021 mceplAATTsuse.com- Add CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch fixing ReDoS in urllib AbstractBasicAuthHandler (bsc#1189287, CVE-2021-3733, bpo#43075)
* Wed Sep 15 2021 mceplAATTsuse.com- Add CVE-2021-3737-infinite-loop-on-100-Continue.patch fixing bpo-44022 (bsc#1189241, CVE-2021-3737): http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server.
* Thu Aug 12 2021 mceplAATTsuse.com- Reorder and better documented patches related to bpo#30458 (also, for rechecking solution for bsc#1129071).- Refresh patches: - CVE-2019-10160-netloc-port-regression.patch - CVE-2019-18348-CRLF_injection_via_host_part.patch - CVE-2019-9947-no-ctrl-char-http.patch - CVE-2020-8492-urllib-ReDoS.patch - Python-3.3.0b2-multilib.patch - python-3.6-CVE-2017-18207.patch - python3-urllib-prefer-lowercase-proxies.patch - subprocess-raise-timeout.patch
* Fri Jul 16 2021 mceplAATTsuse.com- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).
* Wed May 12 2021 mceplAATTsuse.com- Add CVE-2020-27619-no-eval-http-content.patch fixing CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP.
* Sun May 02 2021 codeAATTbnavigator.de- Make sure to close the import_failed.map file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block.
* Wed Mar 10 2021 mceplAATTsuse.com- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336).
* Fri Jan 29 2021 mceplAATTsuse.com- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution.
* Sat Jan 23 2021 mceplAATTsuse.com- Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686).
* Tue Nov 24 2020 mceplAATTsuse.com- Replace bundled wheels for pip and setuptools with the updated ones (bsc#1176262 CVE-2019-20916).
* Mon Oct 19 2020 steven.kowalikAATTsuse.com- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211 (CVE-2020-26116, bpo#39603) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Such characters now raise ValueError.- Add update-ssl-certs.patch, which updates the SSL certificates shipped with the upstream tarball which have since expired.
* Fri Sep 11 2020 mceplAATTsuse.com- Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS.
* Fri Sep 11 2020 mceplAATTsuse.com- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised. (bnc#1130840)
* Thu Sep 10 2020 mceplAATTsuse.com- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in python/Lib/DocXMLRPCServer.py (bnc#1153238) This patch requires also bpo37614-race_test_docxmlrpc_srv_setup.patch (from bpo#37614), which avoids the race in the tested procedure (bsc#1174701).
* Mon Jul 20 2020 mceplAATTsuse.com- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch.
* Wed Mar 18 2020 mceplAATTsuse.com- Add CVE-2019-18348-CRLF_injection_via_host_part.patch to disallow control characters in hostnames in httplib, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094)
* Wed Mar 11 2020 mceplAATTsuse.com- Change name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894).- Add skip-failing-tests.patch to skip test_write_filtered_python_package test
* Sat Feb 08 2020 mceplAATTsuse.com- Add CVE-2019-9674-zip-bomb.patch to improve documentation warning about dangers of zip-bombs and other security problems with zipfile library. (bsc#1162825 CVE-2019-9674)- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug \"Python urrlib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)\" (bsc#1162367)
* Sat Feb 08 2020 mceplAATTsuse.com- Add Requires: libpython%{so_version} == %{version}-%{release} to python3-base to keep both packages always synchronized (bsc#1162224).
* Fri Dec 20 2019 mceplAATTsuse.com- Move idle subpackage build from python3-base to python3 (bsc#1159623). python3-idle introduces considerable extra dependencies and a build loop via rust/librsvg.- Correct installation of idle IDE icons: + idle.png is not the target directory + non-GNOME-specific icons belong into icons/hicolor- Add required Name key to idle3 desktop file- Unify
*.changes
* Fri Dec 13 2019 mceplAATTsuse.com- Update to 3.4.10 (jsc#SLE-9427, bsc#1159208) from 3.4.6: - Security: - bpo-36216: Changes urlsplit() to raise ValueError when the URL contains characters that decompose under IDNA encoding (NFKC-normalization) into characters that affect how the URL is parsed. - bpo-35121: Don’t send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with http.cookiejar.DefaultCookiePolicy policy. Patch by Karthikeyan Singaravelan. - bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco. - bpo-34791: The xml.sax and xml.dom.domreg no longer use environment variables to override parser implementations when sys.flags.ignore_environment is set by -E or -I arguments. - bpo-34623: CVE-2018-14647: The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat’s default CSPRNG. - bpo-33001: Minimal fix to prevent buffer overrun in os.symlink on Windows - bpo-32981: Regexes in difflib and poplib were vulnerable to catastrophic backtracking. These regexes formed potential DOS vectors (REDOS). They have been refactored. This resolves CVE-2018-1060 and CVE-2018-1061. Patch by Jamie Davis. - bpo-30657: Fixed possible integer overflow in PyBytes_DecodeEscape, CVE-2017-1000158. Original patch by Jay Bosamiya; rebased to Python 3 by Miro Hrončok. - bpo-30947: Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security fixes. - bpo-29169: Update zlib from 1.2.8 to 1.2.11 to get security fixes. - bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information. - bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt(). - bpo-26657: Fix directory traversal vulnerability with http.server on Windows. This fixes a regression that was introduced in 3.3.4rc1 and 3.4.0rc1. Based on patch by Philipp Hagemeister. - bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost(\'//127.0.0.1#AATTevil.com/\') now correctly returns the 127.0.0.1 host, instead of treating AATTevil.com as the host in an authentification (loginAATThost). - bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other invalid environment variables and command arguments. - Library: - bpo-35121: Don’t set cookie for a request when the request path is a prefix match of the cookie’s path attribute but doesn’t end with “/”. Patch by Karthikeyan Singaravelan. - bpo-33329: Fix multiprocessing regression on newer glibcs - bpo-32072: Fixed issues with binary plists: Fixed saving bytearrays. Identical objects will be saved only once. Equal references will be load as identical objects. Added support for saving and loading recursive data structures. - bpo-31170: expat: Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial characters for UTF-8 input (libexpat bug 115): https://github.com/libexpat/libexpat/issues/115 - bpo-30119: ftplib.FTP.putline() now throws ValueError on commands that contains CR or LF. Patch by Dong-hee Na. - bpo-27850: Remove 3DES from ssl module’s default cipher list to counter measure sweet32 attack (CVE-2016-2183). - Core and Builtins - bpo-26617: Fix crash when GC runs during weakref callbacks. - bpo-27945: Fixed various segfaults with dict when input collections are mutated during searching, inserting or comparing. Based on patches by Duane Griffin and Tim Mitchell. - Documentation - bpo-25008: Document smtpd.py as effectively deprecated and add a pointer to aiosmtpd, a third-party asyncio-based replacement. - Patches replaced by the upstream tarball: - CVE-2019-5010-null-defer-x509-cert-DOS.patch - CVE-2018-1061-DOS-via-regexp-difflib.patch - CVE-2018-20406-pickle_LONG_BINPUT.patch - CVE-2019-9636-urlsplit-NFKC-norm.patch - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch - CVE-2018-20852-cookie-domain-check.patch
* Thu Sep 26 2019 mceplAATTsuse.com- Add CVE-2018-20852-cookie-domain-check.patch prefix dot in domain for proper subdomain [bsc#1141853, CVE-2018-20852]
* Mon Sep 16 2019 mceplAATTsuse.com- Add CVE-2019-16056-email-parse-addr.patch fixing the email module wrongly parses email addresses [bsc#1149955, CVE-2019-16056]- Remove obsolete patch python-2.6b1-canonicalize2.patch
* Wed Jul 24 2019 mceplAATTsuse.com- Apply \"CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch\" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802]
* Wed Jul 24 2019 mceplAATTsuse.com- bsc#1109847: add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo#34623.
* Wed Jul 03 2019 mceplAATTsuse.com- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) Upstream gh#python/cpython#13812
* Tue Apr 09 2019 mceplAATTsuse.com- bsc#1129346: add CVE-2019-9636-urlsplit-NFKC-norm.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``AATT``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised. (CVE-2019-9636) Upstream gh#python/cpython#12224
* Mon Jan 21 2019 mceplAATTsuse.com- bsc#1120644 add CVE-2018-20406-pickle_LONG_BINPUT.patch fixing bpo#34656 Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data.
* Sat Jan 19 2019 mceplAATTsuse.com- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746. An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
* Mon Sep 03 2018 mceplAATTsuse.com- Add -fwrapv to OPTS, which is default for python3 anyway See for example https://github.com/zopefoundation/persistent/issues/86 for bugs which are caused by avoiding it. (bsc#1107030)
* Fri Jun 29 2018 mceplAATTsuse.com- Apply \"CVE-2018-1061-DOS-via-regexp-difflib.patch\" to prevent low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS (CVE-2018-1061). Prior to this patch mail server\'s timestamp was susceptible to catastrophic backtracking on long evil response from the server. Also, it was susceptible to catastrophic backtracking, which was a potential DOS vector. [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]
* Fri Jun 29 2018 mceplAATTsuse.com- Apply \"python-sorted_tar.patch\" (bsc#1086001) sort tarfile output directory listing
* Tue Mar 13 2018 psimonsAATTsuse.com- Apply \"python-3.6-CVE-2017-18207.patch\" to add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this check, attackers could cause a denial of service (divide-by-zero error and application crash) via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207]
* Wed Mar 01 2017 jmatejekAATTsuse.com- update to 3.4.6 (bsc#1027282):
* fixed potential crash in PyUnicode_AsDecodedObject() in debug build
* fixed possible DoS and arbitrary execution in gettext plurals
* fix possible use of uninitialized memory in operator.methodcaller
* fix possible Py_DECREF on unowned object in _sre
* fix possible integer overflow in _csv module
* prevent HTTPoxy attack (CVE-2016-1000110)
* fix selectors incorrectly retaining invalid fds- move _elementtree to python3.rpm to match its pyexpat dependency (bsc#1029377)- drop upstreamed python-3.4-CVE-2016-1000110-fix.patch
* Mon Aug 08 2016 jmatejekAATTsuse.com- rename rpmlintrc to python3-rpmlintrc (applied change from 13.2)- drop python-fix-short-dh.patch and dh2048.pem, this is now fixed upstream- drop disabled libffi-ppc64le.diff completely- reverse order of lowercase-proxies and HTTPoxy patches in order to fix documented behavior- drop upstreamed werror-declaration-after-statement.patch
* Sun Aug 07 2016 hpjAATTurpla.net- fix python3-urllib-prefer-lowercase-proxies.patch
* Sat Aug 06 2016 hpjAATTurpla.net- apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user supplied Proxy request header: python-3.4-CVE-2016-1000110-fix.patch (fixes bsc#989523, CVE-2016-1000110)- refresh python3-urllib-prefer-lowercase-proxies.patch
* Sun Jul 03 2016 hpjAATTurpla.net- update to 3.4.5 check: https://docs.python.org/3.4/whatsnew/changelog.html (fixes bsc#984751, CVE-2016-0772) (fixes bsc#985177, CVE-2016-5636) (fixes bsc#985348, CVE-2016-5699)
* Wed Jun 15 2016 hpjAATTurpla.net- apply upstream patch python3-urllib-prefer-lowercase-proxies.patch in order to make urllib proxy var handling behave as usual on POSIX
* Tue Jun 14 2016 hpjAATTurpla.net- Due to being fixed upstream (differently), removed outdated patch CVE-2014-4650-CGIHTTPServer-traversal.patch (bsc#983582)
* Sat May 07 2016 hpjAATTurpla.net- update to 3.4.4 check: https://docs.python.org/3.4/whatsnew/changelog.html- all necessary patches refreshed- adjusted Python-3.3.0b2-multilib.patch- disabled libffi-ppc64le.diff: horribly deviated- fix a new multilib issue in configure.ac with $LIBPL (target of python3 config)- disabled more tests, that require ssl
* Fri Oct 23 2015 jmatejekAATTsuse.com- Issue #21121: Don\'t force 3rd party C extensions to be built with - Werror=declaration-after-statement. (werror-declaration-after-statement.patch, bsc#951166)
* Tue Sep 22 2015 dmuellerAATTsuse.com- add python-2.7-libffi-aarch64.patch to fix incorrect FFI on aarch64
* Thu Sep 17 2015 meissnerAATTsuse.com- python-fix-short-dh.patch,dh2048.pem: Bump DH parameters to 2048 bit to fix logjam security issue. bsc#935856
* Wed Jul 23 2014 jmatejekAATTsuse.com- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file disclosure and directory traversal through URL-encoded characters (CVE-2014-4650, bnc#885882)
* Tue Jul 22 2014 jmatejekAATTsuse.com- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, reinstate bundled copies of pip and setuptools (fixes bnc#885662)- add more files as sources to silence the validator
* Wed May 21 2014 jmatejekAATTsuse.com- update to 3.4.1
* bugfix-only release, over 300 bugs fixed- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch- drop upstreamed CVE-2014-2667-mkdir.patch- include Python release manager keyring and signature file for the source archive (thus renumbering of source files) (see https://www.python.org/download/#openpgp-public-keys )- move ensurepip to python3, because it transitively requires ssl
* Fri Apr 04 2014 jmatejekAATTsuse.com- CVE-2014-2667-mkdir.patch: race condition with reseting umask in os.makedirs (CVE-2014-2667, bnc#871152)- updated multilib patch to include ~/.local/lib64 (bnc#637176)
* Wed Mar 26 2014 jmatejekAATTsuse.com- raise timeout value for test_subprocess to 10s (might fix intermittent build failures in OBS)
* Mon Mar 24 2014 dmuellerAATTsuse.com- remove blacklisting of test_posix on aarch64: qemu bug is fixed
* Mon Mar 17 2014 jmatejekAATTsuse.com- update to 3.4.0 final- drop upstreamed python-3.4rc2-importlib.patch
* Sun Mar 16 2014 schwabAATTsuse.de- Only build with profile-opt if profiling is enabled- Update test exclusion lists:
* test_ctypes no longer fails on arm
* test_io no longer fails on ppc
*
* test_multiprocessing has been split in multiple tests
* test_posix and test_signal fail due to qemu bugs
* Fri Mar 14 2014 andreas.stiegerAATTgmx.de- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, adding python-2.7.6-sqlite-3.8.4-tests.patch
* Thu Feb 27 2014 jmatejekAATTsuse.com- update to 3.4.0 rc2
* pre-release bugfixes
* improvements to asyncio library- drop upstreamed tracemalloc_gcov.patch- python-3.4rc2-importlib.patch fixes backwards-incompatibility in the reworked importlib module that blocks build of vim
* Fri Jan 17 2014 jmatejekAATTsuse.com- initial commit of 3.4.0 beta 3
* new stdlib modules: pathlib, enum, statistics, tracemalloc
* asynchronous IO with new asyncio module
* introspection data for builtins
* subprocesses no longer inherit open file descriptors
* standardized metadata for packages
* internal hashing changed to SipHash
* new pickle protocol
* improved handling of codecs
* TLS 1.2 support
* major speed improvements for internal unicode handling
* many bugfixes and optimizations- see porting guide at: http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4- moved several modules to -testsuite subpackage- updated list of binary extensions, refreshed patches- tracemalloc_gcov.patch fixes profile-based optimization build- updated packages and pre_checkin.sh to use ~-version notation for prereleases- fix-shebangs part of build process moved to common %prep- drop python-3.3.2-no-REUSEPORT.patch (upstreamed)- update baselibs for new soname- TODOs:
* require python-pip, make ensurepip work with zypper
* Wed Dec 04 2013 matzAATTsuse.de- add ppc64le (ELFv2) support for libffi copy for ctypes module- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be \"lib64\").- added patches:
* libffi-ppc64le.diff
* Tue Dec 03 2013 adrianAATTsuse.de- add ppc64le rules
* Fri Nov 22 2013 speilickeAATTsuse.com- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + Disable global and distutils sysconfig comparison test, we deviate from the default depending on optflags
* Tue Nov 19 2013 jmatejekAATTsuse.com- update to 3.3.3
* bugfix-only release
* many SSL-related fixes
* upstream fix for CVE-2013-4238
* upstream fixes for CVE-2013-1752- move example module xxlimited to python3-testsuite- remove --with-wide-unicode config option, it is now the default (and only) choice- don\'t touch anything between make and makeinstall- drop python-3.2b2-buildtime-generate.patch - the issue was caused by touching things between make and makeinstall- link pycache entries for import_failed hooks properly
* Fri Aug 16 2013 jmatejekAATTsuse.com- handle NULL bytes in certain fields of SSL certificates (CVE-2013-4238, bnc#834601)
* Thu Aug 08 2013 dvaleevAATTsuse.com- Exclue test_faulthandler from tests on powerpc due to bnc#831629
* Thu Jun 13 2013 jmatejekAATTsuse.com- update to 3.3.2 (bnc#709442)
* bugfix-only release
* fixes several regressions introduced in 3.3.1- switch to xz compression- move _lzma module to python3-base- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT
* Mon Apr 29 2013 schwabAATTsuse.de- Readd missing bits from ctypes-libffi-aarch64.patch
* Sat Apr 13 2013 idonmezAATTsuse.com- Update to version 3.3.1
* Fix the –enable-profiling configure switch.
* In IDLE, close the replace dialog after it is used.- Too many bugfixes to list here, see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS- Refresh Python-3.3.0b2-multilib.patch- Refresh python-3.2b2-buildtime-generate.patch- Drop upstream patches: ctypes-libffi-aarch64.patch, python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch
* Fri Apr 05 2013 idonmezAATTsuse.com- Add Source URL, see https://en.opensuse.org/title=SourceUrls
* Wed Apr 03 2013 jmatejekAATTsuse.com- remove spurious modification of python-3.3.0b1-localpath.patch that would force installation into /usr/local. this fixes bnc#809831
* Thu Mar 28 2013 jmatejekAATTsuse.com- replace broken movetogetdents64.diff patch with a correct one from upstream repo (python-3.3.0-getdents64.patch)
* Fri Mar 01 2013 dmuellerAATTsuse.com- add ctypes-libffi-aarch64.patch:
* import aarch64 support for libffi in _ctypes module- add aarch64 to the list of lib64 based archs- add movetogetdents64.diff:
* port to getdents64, as SYS_getdents is not implemented everywhere
* Tue Feb 26 2013 saschpeAATTsuse.de- /etc/rpm/macros.python3 is no %config, it is not meant to be changed by users.- Add rpmlintrc with some obvious filters
* Mon Jan 28 2013 jmatejekAATTsuse.com- update baselibs for new version of libpython3
* Thu Nov 29 2012 jmatejekAATTsuse.com- fix include path in macros (bnc#787526)- implement failed import handlers for modules that live in subpackages - e.g. \"import ssl\" will now throw a sensible error message telling you to install \"python3\"
* Wed Nov 28 2012 jmatejekAATTsuse.com- merge python3-xml into python3- merge python3-2to3 library into python3-base and the 2to3 binary into python3-devel (python3-devel is now in conflict with python-2to3, which will be dropped)- enable --with-system-expat for python3, making the xml modules (and thus python3) depend on expat- reconfigure tests to disable network and GUI resources, which the upstream apparently thought is a good idea to enable by default. this fixes build failures in Factory- add lzma-devel to build the _lzma module- moved %dynlib macro definition to common section
* Mon Nov 05 2012 cooloAATTsuse.com- buildrequire timezone for the test suite
* Mon Oct 29 2012 dmuellerAATTsuse.com- disable more checks for qemu builds as they use syscalls not implemented yet
* Thu Oct 25 2012 Rene.vanPaassenAATTgmail.com- exclude test_math for SLE 11; math library fails on negative gamma function values close to integers and 0, probably due to imprecision in -lm on SLE_11_SP2.
* Tue Oct 16 2012 cooloAATTsuse.com- buildrequire libbz2-devel explicitly
* Mon Oct 08 2012 jmatejekAATTsuse.com- remove distutils.cfg (bnc#658604)
* this changes default prefix for distutils to /usr
* see ML for details: http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html
* Mon Oct 01 2012 idonmezAATTsuse.com- Update to final 3.3.0 release
* See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS
* Thu Sep 27 2012 idonmezAATTsuse.com- Correct dependency for python3-testsuite, python3-tkinter -> python3-tk
* Thu Aug 23 2012 jmatejekAATTsuse.com- update to 3.3.0 RC1
* Fri Aug 03 2012 jmatejekAATTsuse.com- update to 3.3.0 beta 1
* flexible string representation, no longer distinguishing between wide and narrow Unicode builds
* importlib-based import system
* virtualenv support in core
* namespace packages
* explicit Unicode literals for easier porting
* key-sharing dict implementation reduces memory footprint of OO code
* hash randomization on by default
* many other new bugfixes and features, check NEWS for details- pre_checkin.sh now autofills various version strings in specs- ship hashlib\'s fallback modules - those uselessly take up space when real _hashlib.so from python3 is present, but the space wasted is only 114kB and it provides python3-base with a working hashlib module. (also, this fixes bnc#743787)
* Fri Jul 27 2012 dvaleevAATTsuse.com- skip test_io on ppc- drop test_io ppc patch
* Thu Jun 28 2012 saschpeAATTsuse.de- Satisfy source_validator by uncommenting an otherwise unused \"Patch\" line
* Fri May 18 2012 idonmezAATTsuse.com- update to 3.2.3
* No changes since rc2
* Thu Mar 29 2012 jmatejekAATTsuse.com- update to 3.2.3rc2
* fixes several security issues:
* CVE-2012-0845, bnc#747125
* CVE-2012-1150, bnc#751718
* CVE-2011-4944, bnc#754447
* CVE-2011-3389, bnc#754677- fix for insecure .pypirc (CVE-2011-4944, bnc#754447)- disable test_gdb because it is broken by our gdb
* Thu Feb 16 2012 dvaleevAATTsuse.com- skip broken test_io test on ppc
* Wed Jan 18 2012 jmatejekAATTsuse.com- update to 3.2.2
* bugfix-only release
* reports \"linux2\" as sys.platform regardless of Linux kernel- added pre_checkin.sh to copy common spec sections to python3.spec- added PACKAGING-NOTES with some helpful info for packagers
* Sun Dec 25 2011 idonmezAATTsuse.com- Use system ffi, included one is broken see http://bugs.python.org/issue11729 and http://bugs.python.org/issue12081
* Fri Dec 09 2011 jmatejekAATTsuse.com- license.opensuse.org-compatible license headers
* Fri Dec 02 2011 cooloAATTsuse.com- add automake as buildrequire to avoid implicit dependency
* Thu Nov 24 2011 agrafAATTsuse.com- fix ARM build (exclude some test cases which break for us)
* Tue Aug 16 2011 termimAATTgmail.com- use sysconfig module to get py3_incdir, py3_abiflags, py3_soflags, python3_sitelib and python3_sitearch
* Mon Jul 18 2011 jmatejekAATTnovell.com- update to 3.2.1
* bugfix-only release, no major changes- fix build on linux3 platform- remove upstreamed pybench patch- install /usr/lib directories in all cases to prevent spurious \"directory not owned\" in dependent packages
* Wed Jun 15 2011 jmatejekAATTnovell.com- replaced dynamic so version with manual so version, because autobuild does not support autogeneration
* Tue May 24 2011 jmatejekAATTnovell.com- generate macros.python3 at compile-time with fixed values- don\'t include bogus values in pyconfig.h, as they can break third-party packages (bnc#673071)
* Tue May 17 2011 jmatejekAATTnovell.com- added Obsoletes: python3 < 3.1 so that the transition from non-split to split packages goes smoothly
* Fri May 13 2011 jmatejekAATTnovell.com- fixed RPM macros to use python3 instead of python- updated to build --with-wide-unicode (for compatibility with fedora and our own python 2.x series)
* Thu Apr 21 2011 termimAATTgmail.com- fix python3-base build failure due to pybench.py crash by python-3.2-pybench.patch- move pyconfig.h from python3-devel to python3-base package to make python3-base functional again
* Wed Mar 23 2011 termimAATTgmail.com- update to python 3.2
* stable ABI, ABI-tagged .so files
* concurrent.futures and many other new or upgraded modules
* PYC repository directories ( __pycache__ )
* python WSGI 1.0.1
* Unicode 6.0.0 support
* a great number of bugfixes and assorted improvements
* Tue Feb 08 2011 matejcikAATTsuse.cz- update to python 3.2 RC2- renamed python3-demo to python3-tools, because the demo part became much smaller than the tools part- added rpm macros
* Tue Jan 18 2011 jmatejekAATTnovell.com- update to python 3.2 beta 2, see NEWS for details- split off -base package with less dependencies, and a shlib-policy compliant libpython3 package- mostly rewritten the spec file with more detailed comments- cleaned up lists of patches