SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python-base-32bit-2.7.18-59.1.x86_64.rpm :

* Sat Sep 30 2023 Matej Cepl - (bsc#1214691, CVE-2022-48566) Add CVE-2022-48566-compare_digest-more-constant.patch to make compare_digest more constant-time.- Allow nis.so for SLE-12.
* Thu Sep 14 2023 Matej Cepl - (bsc#1214685, CVE-2022-48565) Add CVE-2022-48565-plistlib-XML-vulns.patch (from gh#python/cpython#86217) reject XML entity declarations in plist files.- Remove BOTH CVE-2023-27043-email-parsing-errors.patch and Revert-gh105127-left-tests.patch (as per discussion on bsc#1210638).
* Tue Sep 12 2023 Daniel Garcia - Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing gh#python/cpython#108310, backport from upstream patch gh#python/cpython#108315 (bsc#1214692, CVE-2023-40217)
* Thu Aug 03 2023 Matej Cepl - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED!- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669.
* Tue Jul 11 2023 Matej Cepl - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API).
* Wed Jun 07 2023 Matej Cepl - Fix the application of the python-2.7.17-switch-off-failing-SSL-tests.patch.
* Tue May 30 2023 Andreas Schwab - python-2.7.5-multilib.patch: Update for riscv64- Don\'t fail if _ctypes or dl extension was not built
* Mon May 29 2023 Matej Cepl - The condition around libnsl-devel BuildRequires is NOT switching off NIS support on SLE < 15, support for NIS used to be in the glibc itself. Partial revert of sr#1061583.
* Wed May 24 2023 Matej Cepl - Add PygmentsBridge-trime_doctest_flags.patch to allow build of the documentation even with the current Sphinx. (SUSE-ONLY PATCH, DO NOT SEND UPSTREAM!)
* Wed Mar 08 2023 Matej Cepl - Enable --with-system-ffi for non-standard architectures.
* Mon Mar 06 2023 Matej Cepl - SLE-12 builds nis.so as well.
* Wed Mar 01 2023 Matej Cepl - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters
* Fri Jan 27 2023 Thorsten Kukuk - Disable NIS for new products, it\'s deprecated and gets removed
* Thu Jan 19 2023 Matej Cepl - Add skip_unverified_test.patch because apparently switching off SSL verification doesn\'t work on older SLE.
* Tue Nov 22 2022 Matej Cepl - Restore python-2.7.9-sles-disable-verification-by-default.patch for SLE-12.
* Wed Nov 09 2022 Matej Cepl - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names.
* Tue Sep 13 2022 Bernhard Wiedemann - Add bpo34990-2038-problem-compileall.patch making compileall.py compliant with year 2038 (bsc#1202666, gh#python/cpython#79171), backport of fix to Python 2.7.
* Wed Sep 07 2022 Steve Kowalik - Add patch CVE-2021-28861-double-slash-path.patch:
* BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
* Thu Jun 09 2022 Matej Cepl - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module.
* Tue May 24 2022 Martin Liška - Filter out executable-stack error that is triggered for i586 target.
* Sat Feb 26 2022 Matej Cepl - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572).- Recover again proper value of %python2_package_prefix (bsc#1175619).
* Fri Feb 18 2022 Matej Cepl - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation.
* Fri Feb 18 2022 Matej Cepl - Older SLE versions should use old OpenSSL.
* Wed Feb 09 2022 Matej Cepl - Add CVE-2022-0391-urllib_parse-newline-parsing.patch (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs containing ASCII newline and tabs in urlparse.
* Sun Feb 06 2022 Matej Cepl - Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146, bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib not trust the PASV response.
* Mon Dec 06 2021 Dirk Müller - build against openssl 1.1.x (incompatible with openssl 3.0x) for now.
* Tue Nov 02 2021 Marcus Meissner - on sle12, python2 modules will still be called python-xxxx until EOL, for newer SLE versions they will be python2-xxxx
* Fri Oct 15 2021 Dominique Leuenberger - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation.
* Tue Sep 21 2021 Matej Cepl - Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch.- Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686).- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211 (CVE-2020-26116, bpo#39603) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Such characters now raise ValueError.
* Thu Aug 26 2021 Fusion Future - Renamed patch for assigned CVE:
* bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch -> CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (boo#1189241, CVE-2021-3737)
* Mon Aug 23 2021 Fusion Future - Renamed patch for assigned CVE:
* bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch (boo#1189287, CVE-2021-3733)- Fix python-doc build (bpo#35293):
* sphinx-update-removed-function.patch- Update documentation formatting for Sphinx 3.0 (bpo#40204).
* Tue Aug 10 2021 Fusion Future - Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in request (bpo#43075, boo#1189287).- Add missing security announcement to bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
* Mon Aug 09 2021 Fusion Future - Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch which fixes http client infinite line reading (DoS) after a http 100 (bpo#44022, boo#1189241).
* Fri Jul 16 2021 Matej Cepl - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).
* Fri Feb 26 2021 Matej Cepl - Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336).
* Mon Jan 25 2021 Matej Cepl - Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution.
* Tue Jan 05 2021 Matej Cepl - (bsc#1180125) We really don\'t Require python-rpm-macros package. Unnecessary dependency.
* Sat May 30 2020 Matej Cepl - Add patch configure_PYTHON_FOR_REGEN.patch which makes configure.ac to consider the correct version of PYTHON_FO_REGEN (bsc#1078326).
* Mon Apr 27 2020 Matej Cepl - Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
* Thu Apr 23 2020 Matej Cepl - Update to 2.7.18, final release of Python 2. Ever.: - Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben Caller. - Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators. - bsc#1155094 (CVE-2019-18348) Disallow control characters in hostnames in http.client. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host. - Fix problems identified by GCC\'s -Wstringop-truncation warning. - AddRefActCtx() was needlessly being checked for failure in PC/dl_nt.c. - Prevent failure of test_relative_path in test_py_compile on macOS Catalina. - Fixed possible leak in `PyArg_Parse` and similar functions for format units \"es#\" and \"et#\" when the macro `PY_SSIZE_T_CLEAN` is not defined.- Remove upstreamed patches: - CVE-2019-18348-CRLF_injection_via_host_part.patch - python-2.7.14-CVE-2017-1000158.patch - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch - CVE-2018-1061-DOS-via-regexp-difflib.patch - CVE-2019-10160-netloc-port-regression.patch - CVE-2019-16056-email-parse-addr.patch
* Sat Feb 08 2020 Matej Cepl - Add CVE-2019-9674-zip-bomb.patch to improve documentation warning about dangers of zip-bombs and other security problems with zipfile library. (bsc#1162825 CVE-2019-9674)
* Sat Feb 08 2020 Matej Cepl - Change to Requires: libpython%{so_version} == %{version}-%{release} to python-base to keep both packages always synchronized (add %{so_version}) (bsc#1162224).
* Thu Feb 06 2020 Matej Cepl - Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug \"Python urrlib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)\" (bsc#1162367)
* Mon Feb 03 2020 Tomáš Chvátal - Provide python-testsuite from devel subkg to ease py2->py3 dependencies
* Mon Jan 27 2020 Matej Cepl - Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch off tests coliding with the combination of modern Python and ancient OpenSSL on SLE-12.
* Fri Jan 10 2020 Matej Cepl - libnsl is required only on more recent SLEs and openSUSE, older glibc supported NIS on its own.
* Thu Jan 02 2020 Tomáš Chvátal - Add provides in gdbm subpackage to provide dbm symbols. This allows us to use %%{python_module dbm} as a dependency and have it properly resolved for both python2 and python3
* Thu Dec 19 2019 Dominique Leuenberger - Drop appstream-glib BuildRequires and no longer call appstream-util validate-relax: eliminate a build cycle between as-glib and python. The only thing would would gain by calling as-uril is catching if upstream breaks the appdata.xml file in a future release. Considering py2 is dying, chances for a new release, let alone one breaking the xml file, are slim.
* Wed Dec 11 2019 Matej Cepl - Unify packages among openSUSE:Factory and SLE versions. (bsc#1159035) ; add missing records to this changelog.- Add idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830)
* Wed Dec 04 2019 Matej Cepl - Add python2_split_startup Provide to make it possible to conflict older packages by shared-python-startup.
* Fri Nov 22 2019 Matej Cepl - Move /etc/pythonstart script to shared-python-startup package.
* Tue Nov 05 2019 Matej Cepl - Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes bsc#1149792
* Tue Nov 05 2019 Steve Kowalik - Add adapted-from-F00251-change-user-install-location.patch fixing pip/distutils to install into /usr/local.
* Thu Oct 24 2019 Matej Cepl - Update to 2.7.17: - a bug fix release in the Python 2.7.x series. It is expected to be the penultimate release for Python 2.7.- Removed patches included upstream: - CVE-2018-20852-cookie-domain-check.patch - CVE-2019-16935-xmlrpc-doc-server_title.patch - CVE-2019-9636-netloc-no-decompose-characters.patch - CVE-2019-9947-no-ctrl-char-http.patch - CVE-2019-9948-avoid_local-file.patch - python-2.7.14-CVE-2018-1000030-1.patch - python-2.7.14-CVE-2018-1000030-2.patch- Renamed remove-static-libpython.diff and python-bsddb6.diff to remove-static-libpython.patch and python-bsddb6.patch to unify filenames.
* Tue Oct 08 2019 Matej Cepl - Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in python/Lib/DocXMLRPCServer.py
* Wed Sep 25 2019 Bernhard Wiedemann - Add bpo36302-sort-module-sources.patch (boo#1041090)
* Mon Sep 16 2019 Matej Cepl - Add CVE-2019-16056-email-parse-addr.patch fixing the email module wrongly parses email addresses [bsc#1149955, CVE-2019-16056]
* Thu Jul 25 2019 Matej Cepl - boo#1141853 (CVE-2018-20852) add CVE-2018-20852-cookie-domain-check.patch fixing http.cookiejar.DefaultPolicy.domain_return_ok which did not correctly validate the domain: it could be tricked into sending cookies to the wrong server.
* Fri Jul 19 2019 Tomáš Chvátal - Skip test_urllib2_localnet that randomly fails in OBS
* Wed Jul 03 2019 Matej Cepl - bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) Upstream gh#python/cpython#13812
* Wed May 29 2019 Martin Liška - Set _lto_cflags to nil as it will prevent to propage LTO for Python modules that are built in a separate package.
* Thu May 02 2019 Matej Cepl - bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised.
* Mon Apr 08 2019 Matej Cepl - bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch removing unnecessary (and potentially harmful) URL scheme local-file://.
* Mon Apr 08 2019 Matej Cepl - bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``AATT``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised (CVE-2019-9636). Upstream commits e37ef41 and 507bd8c.
* Thu Apr 04 2019 Matej Cepl - (bsc#1111793) Update to 2.7.16:
* bugfix-only release: complete list of changes on https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
* Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch which are fully included in the tarball.
* Updated patches to apply cleanly: CVE-2019-5010-null-defer-x509-cert-DOS.patch bpo36160-init-sysconfig_vars.patch do-not-use-non-ascii-in-test_ssl.patch openssl-111-middlebox-compat.patch openssl-111-ssl_options.patch python-2.5.1-sqlite.patch python-2.6-gettext-plurals.patch python-2.7-dirs.patch python-2.7.2-fix_date_time_compiler.patch python-2.7.4-canonicalize2.patch python-2.7.5-multilib.patch python-2.7.9-ssl_ca_path.patch python-bsddb6.diff remove-static-libpython.patch
* Update python-2.7.5-multilib.patch to pass with new platlib regime.
* Fri Jan 25 2019 mceplAATTsuse.com- bsc#1109847 (CVE-2018-14647): add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo-34623.
* Fri Jan 25 2019 mceplAATTsuse.com- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch PyWeakref_NewProxyAATTObjects/weakrefobject.c creates new isntance of PyWeakReference struct and does not intialize wr_prev and wr_next of new isntance. These pointers can have garbage and point to random memory locations. Python should not crash while destroying the isntance created in the same interpreter function. As per my understanding, both wr_prev and wr_next of PyWeakReference instance should be initialized to NULL to avoid segfault.
* Sat Jan 19 2019 mceplAATTsuse.com- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746 (CVE-2019-5010). An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
* Wed Dec 19 2018 Todd R - Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros.
* Fri Oct 26 2018 Tomáš Chvátal - Add patch openssl-111.patch to work with openssl-1.1.1 (bsc#1113755)
* Tue Sep 25 2018 Matěj Cepl - Apply \"CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch\" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802]
* Fri Jun 29 2018 mceplAATTsuse.com- Apply \"CVE-2018-1061-DOS-via-regexp-difflib.patch\" to prevent low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS (CVE-2018-1061). Prior to this patch mail server\'s timestamp was susceptible to catastrophic backtracking on long evil response from the server. Also, it was susceptible to catastrophic backtracking, which was a potential DOS vector. [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]
* Thu Jun 07 2018 psimonsAATTsuse.com- Apply \"CVE-2017-18207.patch\" to add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this check, attackers could cause a denial of service (divide-by-zero error and application crash) via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207]
* Tue May 29 2018 mceplAATTsuse.com- Apply \"python-sorted_tar.patch\" (bsc#1086001, boo#1081750) sort tarfile output directory listing
* Mon May 21 2018 michaelAATTstroeder.com- update to 2.7.15
* dozens of bugfixes, see NEWS for details- removed obsolete patches:
* python-ncurses-6.0-accessors.patch
* python-fix-shebang.patch
* gcc8-miscompilation-fix.patch- add patch from upstream:
* do-not-use-non-ascii-in-test_ssl.patch
* Fri Apr 06 2018 mliskaAATTsuse.cz- Add gcc8-miscompilation-fix.patch (boo#1084650).
* Tue Mar 13 2018 psimonsAATTsuse.com- Apply \"python-2.7.14-CVE-2017-1000158.patch\" to prevent integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution. [bsc#1068664, CVE-2017-1000158]
* Mon Feb 05 2018 normandAATTlinux.vnet.ibm.com- exclude test_socket & test_subprocess for PowerPC boo#1078485 (same ref as previous change)
* Fri Feb 02 2018 normandAATTlinux.vnet.ibm.com- Add python-skip_random_failing_tests.patch bypass boo#1078485 and exclude many tests for PowerPC
* Tue Jan 30 2018 tchvatalAATTsuse.com- Add patch python-fix-shebang.patch to fix bsc#1078326
* Fri Dec 22 2017 jmatejekAATTsuse.com- exclude test_regrtest for s390, where it does not segfault as it should (fixes bsc#1073269)- fix segfault while creating weakref - bsc#1073748, bpo#29347 (this is actually fixed by the 2.7.14 update; mentioning this for purposes of bugfix tracking)
* Mon Nov 20 2017 jmatejekAATTsuse.com- update to 2.7.14
* dozens of bugfixes, see NEWS for details
* fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664)
* fixed segfaults with dict mutated during search
* fixed possible free-after-use problems with buffer objects with custom indexing
* fixed urllib.splithost to correctly parse fragments (bpo-30500)- drop upstreamed python-2.7.13-overflow_check.patch- drop unneeded python-2.7.12-makeopcode.patch- drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch- Apply \"python-2.7.14-CVE-2018-1000030-1.patch\" and \"python-2.7.14-CVE-2018-1000030-2.patch\" to remedy a bug that would crash the Python interpreter when multiple threads used the same I/O stream concurrently. This issue is not classified as a security vulnerability due to the fact that an attacker must be able to run code, however in some situations -- such as function as a service -- this vulnerability can potentially be used by an attacker to violate a trust boundary. [bsc#1079300, CVE-2018-1000030]
* Thu Nov 02 2017 mpluskalAATTsuse.com- Call python2 instead of python in macros
* Thu Sep 14 2017 vcizekAATTsuse.com- Fix test broken with OpenSSL 1.1 (bsc#1042670)
* add 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch
* Mon Aug 28 2017 jmatejekAATTsuse.com- drop SUSE_ASNEEDED=0 as it is not needed anymore
* Thu Aug 17 2017 kukukAATTsuse.de- Add libnsl-devel build requires for glibc obsoleting libnsl
* Mon May 15 2017 jmatejekAATTsuse.com- obsolete/provide python-argparse and provide python2-argparse, because the argparse module is available from python 2.7 up
* Tue Feb 28 2017 jmatejekAATTsuse.com- SLE package update (bsc#1027282)- refresh python-2.7.5-multilib.patch- dropped upstreamed patches: python-fix-short-dh.patch python-2.7.7-mhlib-linkcount.patch python-2.7-urllib2-localnet-ssl.patch CVE-2016-0772-smtplib-starttls.patch CVE-2016-5699-http-header-injection.patch CVE-2016-5636-zipimporter-overflow.patch python-2.7-httpoxy.patch- Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1. (dimstarAATTopensuse.org)
* Fri Feb 24 2017 bwiedemannAATTsuse.com- Add reproducible.patch to allow reproducible builds of various python packages like python-amqp Upstream: https://github.com/python/cpython/pull/296
* Tue Jan 03 2017 jmatejekAATTsuse.com- update to 2.7.13
* dozens of bugfixes, see NEWS for details
* updated cipher lists for openssl wrapper, support openssl >= 1.1.0
* properly fix HTTPoxy (CVE-2016-1000110)
* profile-opt build now applies PGO to modules as well- update python-2.7.10-overflow_check.patch with python-2.7.13-overflow_check.patch, incorporating upstream changes (bnc#964182)- add \"-fwrapv\" to optflags explicitly because upstream code still relies on it in many places
* Fri Dec 02 2016 jmatejekAATTsuse.com- provide python2-
* symbols, for support of new packages built as python2-foo- rename macros.python to macros.python2 accordingly- require python-rpm-macros package, drop macro definitions from macros.python2
* Mon Sep 26 2016 jmatejekAATTsuse.com- initial packaging of `python27` side-by-side variant (fate#321075, bsc#997436)- renamed `python` to `python27` in package names and requires- removed Provides and Obsoletes clauses- dropped SLE12-only patch python-2.7.9-sles-disable-verification-by-default.patch, companion sle_tls_checks_policy.py file and the python-strict-tls-checks subpackage- dropped profile files- removed /usr/bin/python and /usr/bin/python2, along with other unversioned aliases- rewrote macros file to enable stand-alone packages depending on py2.7- re-included downloaded version of HTML documentation
* Thu Jun 30 2016 jmatejekAATTsuse.com- update to 2.7.12
* dozens of bugfixes, see NEWS for details
* fixes multiple security issues: CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) CVE-2016-5636 zipimporter heap overflow (bsc#985177) CVE-2016-5699 httplib header injection (bsc#985348) (this one is actually fixed since 2.7.10)- removed upstreamed python-2.7.7-mhlib-linkcount.patch- refreshed multilib patch- python-2.7.12-makeopcode.patch - run newly-built python interpreter to make opcodes, in order not to require pre-built python- update LD_LIBRARY_PATH to use $PWD instead of \".\" because the test process escapes to its own directory- modify shebang-fixing scriptlet to ignore makeopcodetargets.py
* Fri Jun 17 2016 jmatejekAATTsuse.com- CVE-2016-0772-smtplib-starttls.patch: smtplib vulnerability opens startTLS stripping attack (CVE-2016-0772, bsc#984751)- CVE-2016-5636-zipimporter-overflow.patch: heap overflow when importing malformed zip files (CVE-2016-5636, bsc#985177)- CVE-2016-5699-http-header-injection.patch: incorrect validation of HTTP headers allow header injection (CVE-2016-5699, bsc#985348)- python-2.7-httpoxy.patch: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (CVE-2016-1000110, bsc#989523)
* Fri Jan 29 2016 rguentherAATTsuse.com- Add python-2.7.10-overflow_check.patch to fix broken overflow checks. [bnc#964182]
* Mon Sep 14 2015 jmatejekAATTsuse.com- copy strict-tls-checks subpackage from SLE to retain future compatibility (not built in openSUSE)- do this properly to fix bnc#945401- update SLE check to exclude Leap which also has version 1315, just to be sure
* Wed Sep 09 2015 dimstarAATTopensuse.org- Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1.
* Thu Aug 13 2015 jmatejekAATTsuse.com- add missing ssl.pyc and ssl.pyo to package- implement python-strict-tls-checks subpackage
* when present, Python will perform TLS certificate checking by default. it is possible to remove the package to turn off the checks for compatibility with legacy scripts.
* as discussed in fate#318300
* this is not built for openSUSE, but retained here in case we want to build the package for a SLE system
* Mon Jun 29 2015 meissnerAATTsuse.com- python-fix-short-dh.patch: Bump DH parameters to 2048 bit to fix logjam security issue. bsc#935856
* Wed Jun 10 2015 dmuellerAATTsuse.com- add __python2 compatibility macro (used by Fedora) (fate#318838)
* Sun May 24 2015 michaelAATTstroeder.com- update to 2.7.10- removed obsolete python-2.7-urllib2-localnet-ssl.patch
* Tue May 19 2015 schwabAATTsuse.de- Reenable test_posix on aarch64
* Sun Dec 21 2014 schwabAATTsuse.de- python-2.7.4-aarch64.patch: Remove obsolete patch- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64
* Fri Dec 12 2014 jmatejekAATTsuse.com- update to 2.7.9
* contains full backport of ssl module from Python 3.4 (PEP466)
* HTTPS certificate validation enabled by default (PEP476)
* SSLv3 disabled by default (bnc#901715)
* backported ensurepip module (PEP477)
* fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753
* dozens of minor bugfixes- dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch- dropped patch python-2.7.3-ssl_ca_path.patch because we don\'t need it with ssl module from Python 3- libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well- python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional \"import ssl\" from test_urllib2_localnet that caused it to fail without ssl
* Wed Oct 22 2014 dmuellerAATTsuse.com- skip test_thread in qemu_linux_user mode
* Wed Oct 01 2014 jmatejekAATTsuse.com- CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow in buffer() (CVE-2014-7185, bnc#898572)
* Tue Sep 30 2014 jmatejekAATTsuse.com- update to 2.7.8
* bugfix-only release, dozens of bugs fixed
* fixes CVE-2014-4650 directory traversal in CGIHTTPServer
* fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer()- dropped upstreamed CVE-2014-4650-CGIHTTPserver-traversal.patch- dropped upstreamed CVE-2014-7185-buffer-wraparound.patch
* Wed Jul 23 2014 jmatejekAATTsuse.com- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file disclosure and directory traversal through URL-encoded characters (CVE-2014-4650, bnc#885882)- python-2.7.7-mhlib-linkcount.patch: remove link count optimizations that are incorrect on btrfs (and possibly other filesystems)
* Fri Jun 20 2014 jmatejekAATTsuse.com- update to 2.7.7
* bugfix-only release, over a hundred bugs fixed
* backported hmac.compare_digest from python3, first step of PEP 466- drop upstreamed patches:
* CVE-2014-1912-recvfrom_into.patch
* python-2.7.4-no-REUSEPORT.patch
* python-2.7.6-bdist-rpm.patch
* python-2.7.6-imaplib.patch
* python-2.7.6-sqlite-3.8.4-tests.patch- refresh patches:
* python-2.7.3-ssl_ca_path.patch
* python-2.7.4-canonicalize2.patch
* xmlrpc_gzip_27.patch- added python keyring and signature for the main tarball
* Sat Mar 15 2014 schwabAATTsuse.de- Use profile-opt only when profiling is enabled- python-2.7.2-disable-tests-in-test_io.patch: removed, no longer needed- update testsuite exclusion list:
* test_signal and test_posix fail due to qemu bugs
* Fri Mar 14 2014 andreas.stiegerAATTgmx.de- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, adding python-2.7.6-sqlite-3.8.4-tests.patch
* Mon Feb 10 2014 jmatejekAATTsuse.com- added patches for CVE-2013-1752 (bnc#856836) issues that are missing in 2.7.6: python-2.7.6-imaplib.patch python-2.7.6-poplib.patch smtplib_maxline-2.7.patch- CVE-2013-1753 (bnc#856835) gzip decompression bomb in xmlrpc client: xmlrpc_gzip_27.patch- python-2.7.6-bdist-rpm.patch: fix broken \"setup.py bdist_rpm\" command (bnc#857470, issue18045)- multilib patch: add \"~/.local/lib64\" paths to search path (bnc#637176)- CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow in socket.recvfrom_into (CVE-2014-1912, bnc#863741)
* Tue Dec 10 2013 uweigandAATTde.ibm.com- Add Obsoletes/Provides for python-ctypes.
* Sat Dec 07 2013 matzAATTsuse.de- Ignore uuid testcase in the testsuite, it relies on unreliable ifconfig output.
* Tue Dec 03 2013 mlsAATTsuse.de- adapt python-2.7.5-multilib.patch for ppc64le
* Tue Dec 03 2013 dvaleevAATTsuse.com- adjust %files for ppc64le
* Tue Dec 03 2013 matzAATTsuse.de- Support for ppc64le in _ctypes libffi copy.- added patches:
* libffi-ppc64le.diff
* Tue Dec 03 2013 adrianAATTsuse.de- add ppc64le rules- avoid errors from source-validator
* Thu Nov 21 2013 jmatejekAATTsuse.com- update to 2.7.6
* bugfix-only release
* SSL-related fixes
* upstream fix for CVE-2013-4238
* upstream fixes for CVE-2013-1752- removed upstreamed patch CVE-2013-4238_py27.patch- reintroduce audioop.so as the problems with it seem to be fixed (bnc#831442)
* Thu Oct 10 2013 dmuellerAATTsuse.com- exclude test_mmap under qemu_linux_user - emulation fails here as the tests mmap address conflicts with qemu
* Mon Aug 26 2013 lnusselAATTsuse.de- update python-2.7.3-ssl_ca_path.patch patch to load default verify locations if no ca_certs file is specified (bnc#827982, bnc#836739)
* Fri Aug 16 2013 jmatejekAATTsuse.com- handle NULL bytes in certain fields of SSL certificates (CVE-2013-4238, bnc#834601)
* Tue Jul 09 2013 jengelhAATTinai.de- Add python-bsddb6.diff to support building against libdb-6.0
* Sat Jul 06 2013 cooloAATTsuse.com- have python-devel require python: http://lists.opensuse.org/opensuse-factory/2013-06/msg00622.html
* Sun Jun 30 2013 schwabAATTsuse.de- Disable test_multiprocessing in QEmu build
* Wed Jun 05 2013 schwabAATTsuse.de- Disable test_asyncore in QEmu build- Reenable testsuite on arm
* Thu May 30 2013 jmatejekAATTsuse.com- python-2.7.4-aarch64.patch: add missing bits of aarch64 support- python-2.7.4-no-REUSEPORT.patch: disable test of missing kernel functionality- drop unnecessary patch: python-2.7.1-distutils_test_path.patch- switch to xz archive
* Tue May 28 2013 speilickeAATTsuse.com- Update to version 2.7.5: + bugfix-only release + fixes several important regressions introduced in 2.7.4 + Issue #15535: Fixed regression in the pickling of named tuples by removing the __dict__ property introduced in 2.7.4. + Issue #17857: Prevent build failures with pre-3.5.0 versions of sqlite3, such as was shipped with Centos 5 and Mac OS X 10.4. + Issue #17703: Fix a regression where an illegal use of Py_DECREF() after interpreter finalization can cause a crash. + Issue #16447: Fixed potential segmentation fault when setting __name__ on a class. + Issue #17610: Don\'t rely on non-standard behavior of the C qsort() function. 12 See http://hg.python.org/cpython/file/ab05e7dd2788/Misc/NEWS for more- Drop upstreamed patches: + python-2.7.3-fix-dbm-64bit-bigendian.patch + python-test_structmembers.patch- Rebased other patches
* Mon May 13 2013 dmuellerAATTsuse.com- add aarch64 to the list of 64-bit platforms
* Thu May 09 2013 jmatejekAATTsuse.com- update to 2.7.4
* bugfix-only release- drop upstreamed patches: pypirc-secure.diff python-2.7.3-multiprocessing-join.patch ctypes-libffi-aarch64.patch- drop python-2.7rc2-configure.patch as it doesn\'t seem necessary anymore
* Fri Apr 05 2013 idonmezAATTsuse.com- Add Source URL, see https://en.opensuse.org/SourceUrls
* Wed Feb 27 2013 schwabAATTsuse.de- Add aarch64 to the list of lib64 platforms
* Mon Feb 25 2013 jmatejekAATTsuse.com- fix pythonstart failing on $HOME-less users (bnc#804978)
* Sat Feb 09 2013 schwabAATTsuse.de- Add ctypes-libffi-aarch64.patch: import aarch64 support for libffi in _ctypes module
* Fri Feb 08 2013 jmatejekAATTsuse.com- multiprocessing: thread joining itself (bnc#747794)- gettext: fix cases where no bundle is found (bnc#794139)
* Thu Oct 25 2012 cooloAATTsuse.com- add explicit buildrequire on libbz2-devel
* Mon Oct 15 2012 cooloAATTsuse.com- buildrequire explicitly netcfg for the test suite
* Mon Oct 08 2012 jmatejekAATTsuse.com- remove distutils.cfg (bnc#658604)
* this changes default prefix for distutils to /usr
* see ML for details: http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html
* Fri Aug 03 2012 dimstarAATTopensuse.org- Add python-bundle-lang.patch: gettext: If bindtextdomain is instructed to look in the default location of translations, we check additionally in locale-bundle. Fixes issues like bnc#617751
* Tue Jul 31 2012 jmatejekAATTsuse.com- all subpackages require python-base=%{version}-%{release} explicitly (fixes bnc#766778 bug and similar that might arise in the future)
* Tue Jun 26 2012 dvaleevAATTsuse.com- Fix failing test_dbm on ppc64
* Thu May 17 2012 jfunkAATTfunktronics.ca- Support directory-based certificate stores with the ca_certs parameter of SSL functions [bnc#761501]
* Sat Apr 14 2012 dmuellerAATTsuse.com- update to 2.7.3:
* no change- remove static libpython.a from build to avoid packages linking it statically
* Wed Mar 28 2012 jmatejekAATTsuse.com- update to 2.7.3rc2
* fixes several security issues:
* CVE-2012-0845, bnc#747125
* CVE-2012-1150, bnc#751718
* CVE-2011-4944, bnc#754447
* CVE-2011-3389- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) !!important!!- disabled test_unicode which segfaults on 64bits. this should not happen, revisit in next RC! !!important!!
* Thu Feb 16 2012 dvaleevAATTsuse.com- skip broken test_io test on ppc
* Mon Dec 12 2011 toddrme2178AATTgmail.com- Exclude /usr/bin/2to3 to prevent conflicts with python3-2to3
* Thu Dec 08 2011 jmatejekAATTsuse.com- %python_version now correctly refers to %tarversion
* Mon Nov 28 2011 saschpeAATTsuse.de- Spec file cleanup:
* Run spec-cleaner
* Remove outdated %clean section, AutoReqProv and authors from descr.- Fix license to Python-2.0 (also SPDX style)
* Fri Sep 30 2011 adrianAATTsuse.de- fix build for arm by removing an old hack for arm, bz2.so is built now
* Fri Sep 16 2011 jmatejekAATTsuse.com- dropped newslist.py from demos because of bad license (bnc#718009)
* Fri Aug 19 2011 dmuellerAATTsuse.de- update to 2.7.2:
* Bug fix only release, see http://hg.python.org/cpython/raw-file/eb3c9b74884c/Misc/NEWS for details- introduce a pre_checkin.sh file that synchronizes patches between python and python-base- rediff patches for 2.7.2- replace kernel3 patch with the upstream solution
* Fri Jul 22 2011 idonmezAATTnovell.com- Copy Lib/plat-linux2 to Lix/plat-linux3 so that DLFCN module is also available for linux3 systems bnc#707667
* Sun Jul 10 2011 roAATTsuse.de- fix build on factory: setup reports linux3 not linux2 now, adapt checks
* Tue May 31 2011 jmatejekAATTnovell.com- added explicit requires to libpython-%version-%release to prevent bugs like bnc#697251 reappearing
* Tue May 24 2011 jmatejekAATTnovell.com- update to 2.7.1
* bugfix-only release, see NEWS for details- refreshed patches, dropped the upstreamed ones- dropped acrequire patch, replacing it with build-time sed- improved fix to bnc#673071 by defining the constants only for files that require it (as is done in python3)
* Mon May 02 2011 jmatejekAATTnovell.com- fixed a security flaw where malicious sites could redirect Python application from http to a local file (CVE-2011-1521, bnc#682554)- fixed race condition in Makefile which randomly failed parallel builds ( http://bugs.python.org/issue10013 )
* Thu Feb 17 2011 pthAATTsuse.de- Prefix DATE and TIME with PY_BUILD_ and COMPILER with PYTHON_ as to not break external code (bnc#673071).
* Mon Jan 17 2011 cooloAATTnovell.com- provide pyxml to avoid touching tons of packages
* Thu Nov 18 2010 cooloAATTnovell.com- add patch from http://psf.upfronthosting.co.za/roundup/tracker/issue9960 to fix build on ppc64
* Fri Oct 01 2010 jmatejekAATTnovell.com- moved unittest to python-base (it is a testing framework, not a testsuite, so it clearly belongs into stdlib)- fixed smtpd.py DoS (bnc#638233, CVE probably not assigned)
* Tue Sep 21 2010 cooloAATTnovell.com- fix baselibs.conf
* Thu Aug 26 2010 suse-tuxAATTgmx.de- fix for urllib2 (http://bugs.python.org/issue9639)
* Thu Aug 26 2010 jmatejekAATTnovell.com- fixed distutils test- dropped autoconf version requirement (it builds just fine with other versions)
* Thu Aug 26 2010 jmatejekAATTnovell.com- update to version 2.7
* improved handling of numeric types
* deprecation warnings are now silent by default
* new argparse module for command line arguments
* many new features, see http://docs.python.org/dev/whatsnew/2.7.html for complete list
*
*
* 2.7 is supposed to be the last version from the 2.x series, so its (upstream) maintenance period will probably be longer than usual. However, upstream development now focuses on 3.x series.- cleaned up spec and patches
* Fri Jul 02 2010 jengelhAATTmedozas.de- add patch from http://bugs.python.org/issue6029- use %_smp_mflags
* Mon May 17 2010 matejcikAATTsuse.cz- dropped audioop.so because of security vulnerabilities (bnc#603255)
* Wed Apr 07 2010 matejcikAATTsuse.cz- update to 2.6.5 (rpm version 2.6.5)- patched test_distutils to work
* Thu Mar 11 2010 matejcikAATTsuse.cz- update to 2.6.5rc2 (rpm version is 2.6.4.92)
* bugfix-only release- removed fwrapv patch - no longer needed- removed expat patches (this version also fixes expat vulnerabilities from bnc#581765 )- removed readline spacing patch - no longer needed- removed https_proxy patch - no longer needed- removed test_distutils patch - no longer needed- disabled test_distutils because of spurious failure,
* TODO reenable at release
* Thu Feb 04 2010 matejcikAATTsuse.cz- removed precompiled exe files (as noted in bnc#577032)
* Fri Jan 29 2010 matejcikAATTsuse.cz- enabled ipv6 in configure (bnc#572673)
* Wed Dec 23 2009 ajAATTsuse.de- Apply patches with fuzz=0
* Mon Dec 14 2009 jengelhAATTmedozas.de- add baselibs.conf as source
* Wed Nov 04 2009 matejcikAATTsuse.cz- readline shouldn\'t append space after completion (bnc#551715, python bug 5833)
* Wed Oct 28 2009 crrodriguezAATTopensuse.org- python-devel Requires glibc-devel
* Fri Sep 04 2009 matejcikAATTsuse.cz- fixed potential DoS in python\'s copy of expat (bnc#534721)- added patch for potential SSL hangup during handshake (bnc#525295)
* Sun Aug 02 2009 jansimon.moellerAATTopensuse.org- fix files section for ARM, as bz2.so isn\'t built on ARM.
* Fri Jul 31 2009 matejcikAATTsuse.cz- added /usr/lib/python2.6{,/site-packages} to the package even if it is on lib64 arch- added %python_sitelib and %python_sitearch for fedora compatibility
* Thu Jul 30 2009 matejcikAATTsuse.cz- fixed test in test_distutils suite that would generate a warning when the log threshold was set too low by preceding tests
* Wed Jul 29 2009 matejcikAATTsuse.cz- support noarch python packages (modified multilib patch to differentiate between purelib and platlib, added /usr/lib to search path in all cases
* Thu Jul 16 2009 cooloAATTnovell.com- disable as-needed to fix build
* Mon Apr 27 2009 matejcikAATTsuse.cz- update to 2.6.2
* bugfix-only release for 2.6 series
 
ICM