SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python3-tools-3.6.12-2.302.i586.rpm :

* Mon Dec 28 2020 Marcus Meissner - readd --with-fpectl (bsc#1180377)
* Mon Dec 07 2020 Matej Cepl - Adjust sphinx-update-removed-function.patch
* Sat Dec 05 2020 Matej Cepl - (bsc#1179630) Update sphinx-update-removed-function.patch to work with all versions of Sphinx (not binding the Python documentation build to the latest verison of Sphinx). Updated version mentioned on gh#python/cpython#13236.
* Tue Dec 01 2020 Matej Cepl - Add CVE-2020-27619-no-eval-http-content.patch fixing CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP.
* Tue Dec 01 2020 Steve Kowalik - Add patch sphinx-update-removed-function.patch to no longer call a now removed function (gh#python/cpython#13236). As a consequence, no longer pin Sphinx version.
* Fri Nov 27 2020 Markéta Machová - Pin Sphinx version to fix doc subpackage
* Wed Nov 25 2020 Matej Cepl - Change setuptools and pip version numbers according to new wheels- Add ignore_pip_deprec_warn.patch to switch of persistently failing test.
* Tue Nov 24 2020 Matej Cepl - Replace bundled wheels for pip and setuptools with the updated ones (bsc#1176262 CVE-2019-20916).
* Tue Oct 13 2020 Marketa Calabkova - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738)- Rebase bpo23395-PyErr_SetInterrupt-signal.patch
* Fri Oct 09 2020 Dominique Leuenberger - Fix build with RPM 4.16: error: bare words are no longer supported, please use \"...\": x86 == ppc.
* Fri Oct 09 2020 Matej Cepl - Fix installing .desktop file
* Fri Sep 25 2020 Dominique Leuenberger - Buildrequire timezone only for general flavor. It\'s used in this flavor for the test suite.
* Wed Sep 02 2020 Matej Cepl - Add faulthandler_stack_overflow_on_GCC10.patch to make build working even with GCC10 (bpo#38965).
* Tue Sep 01 2020 Matej Cepl - Just cleanup and reordering items to synchronize with python38
* Mon Aug 31 2020 Tomáš Chvátal - Format with spec-cleaner
* Fri Aug 21 2020 Andreas Schwab - riscv64-support.patch: bpo-33377: add triplets for mips-r6 and riscv (#6655)- riscv64-ctypes.patch: bpo-35847: RISC-V needs CTYPES_PASS_BY_REF_HACK (GH-11694)- Update list of tests to exclude under qemu linux-user
* Thu Aug 20 2020 Marketa Calabkova - Update the python keyring- Correct libpython name
* Thu Aug 20 2020 Marketa Calabkova - Drop patches which are not mentioned in spec:
* CVE-2019-5010-null-defer-x509-cert-DOS.patch
* F00102-lib64.patch
* F00251-change-user-install-location.patch
* OBS_dev-shm.patch
* SUSE-FEDORA-multilib.patch
* bpo-31046_ensurepip_honours_prefix.patch
* bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch
* bpo36302-sort-module-sources.patch
* bpo40784-Fix-sqlite3-deterministic-test.patch
* bsc1167501-invalid-alignment.patch
* python3-imp-returntype.patch- Working around missing python-packaging dependency in python-Sphinx (bsc#1174571) is not necessary anymore.
* Wed Aug 19 2020 Marketa Calabkova - Update to 3.6.12 (bsc#1179193)
* Ensure python3.dll is loaded from correct locations when Python is embedded
* The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).
* Prevent http header injection by rejecting control characters in http.client.putrequest(…).
* Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing.
* Avoid infinite loop when reading specially crafted TAR files using the tarfile module- Drop merged fixtures:
* CVE-2020-14422-ipaddress-hash-collision.patch
* CVE-2019-20907_tarfile-inf-loop.patch
* recursion.tar- This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091).
* Mon Jul 20 2020 Matej Cepl - Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch.
* Fri Jul 17 2020 Marketa Calabkova - Make library names internally consistent
* Fri Jul 17 2020 Tomáš Chvátal - Disable profile optimalizations as they deadlock in test_faulthandler
* Fri Jul 17 2020 Tomáš Chvátal - Disable lto as it causes mess and works with 3.7 onwards only
* Fri Jul 17 2020 Tomáš Chvátal - Sync the test disablements from the python3 in sle15
* Fri Jul 17 2020 Tomáš Chvátal - Update to 3.6.11: - bpo-39073: Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - bpo-38576 (bsc#1155094): Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. - bpo-39401: Avoid unsafe load of api-ms-win-core-path-l1-1-0.dll at startup on Windows 7.- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch
* Wed Jul 15 2020 Tomáš Chvátal - Fix minor issues found in the staging.
* Wed Jul 15 2020 Tomáš Chvátal - Do not set ourselves as a primary interpreter
* Thu Jun 25 2020 Matej Cepl - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS.
* Tue Mar 10 2020 Matej Cepl - Change name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894).
* Sat Feb 08 2020 Matej Cepl - Add CVE-2019-9674-zip-bomb.patch to improve documentation warning about dangers of zip-bombs and other security problems with zipfile library. (bsc#1162825 CVE-2019-9674)- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug \"Python urrlib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)\" (bsc#1162367)
* Sat Feb 08 2020 Matej Cepl - Add Requires: libpython%{so_version} == %{version}-%{release} to python3-base to keep both packages always synchronized (bsc#1162224).
* Mon Feb 03 2020 Tomáš Chvátal - Reame idle icons to idle3 in order to not conflict with python2 variant of the package bsc#1165894
* renamed the icons
* renamed icon load in desktop file
* Tue Jan 28 2020 Matej Cepl - Add pep538_coerce_legacy_c_locale.patch to coerce locale to C.UTF-8 always (bsc#1162423).
 
ICM