Revisions of python
Dominique Leuenberger (dimstar_suse)
accepted
request 923134
from
Matej Cepl (mcepl)
(revision 159)
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch.
Dominique Leuenberger (dimstar_suse)
accepted
request 921455
from
Matej Cepl (mcepl)
(revision 158)
Synchronization of the package with SLE version.
Dominique Leuenberger (dimstar_suse)
accepted
request 919877
from
Matej Cepl (mcepl)
(revision 157)
addressing CVE-2019-18348 (bpo#38576, bsc#1155094). Such
potentially malicious header injection URLs now cause
InvalidURL to be raised.
Richard Brown (RBrownSUSE)
accepted
request 875546
from
Matej Cepl (mcepl)
(revision 154)
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336). - Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336). - Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336).
Dominique Leuenberger (dimstar_suse)
accepted
request 868217
from
Matej Cepl (mcepl)
(revision 153)
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution. - Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution. - Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution.
Dominique Leuenberger (dimstar_suse)
accepted
request 860672
from
Matej Cepl (mcepl)
(revision 152)
- (bsc#1180125) We really don't Require python-rpm-macros package. Unnecessary dependency.
Dominique Leuenberger (dimstar_suse)
accepted
request 810400
from
Matej Cepl (mcepl)
(revision 151)
- Add patch configure_PYTHON_FOR_REGEN.patch which makes configure.ac to consider the correct version of PYTHON_FO_REGEN (bsc#1078326).
Dominique Leuenberger (dimstar_suse)
accepted
request 798115
from
Matej Cepl (mcepl)
(revision 150)
- Update to 2.7.18, final release of Python 2. Ever.:
- Newline characters have been escaped when performing uu
encoding to prevent them from overflowing into to content
section of the encoded file. This prevents malicious or
accidental modification of data during the decoding process.
- Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch
by Ben Caller.
- Fixed line numbers and column offsets for AST nodes for calls
without arguments in decorators.
- Disallow control characters in hostnames in http.client,
addressing CVE-2019-18348. Such potentially malicious header
injection URLs now cause a InvalidURL to be raised.
- Fix urllib.urlretrieve failing on subsequent ftp transfers
from the same host.
- Fix problems identified by GCC's -Wstringop-truncation
warning.
- AddRefActCtx() was needlessly being checked for failure in
PC/dl_nt.c.
- Prevent failure of test_relative_path in test_py_compile on
macOS Catalina.
- Fixed possible leak in :c:func:`PyArg_Parse` and similar
functions for format units "es#" and "et#" when the macro
:c:macro:`PY_SSIZE_T_CLEAN` is not defined.
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
Dominique Leuenberger (dimstar_suse)
accepted
request 772516
from
Matej Cepl (mcepl)
(revision 149)
- Add CVE-2019-9674-zip-bomb.patch to improve documentation
warning about dangers of zip-bombs and other security problems
with zipfile library. (bsc#1162825 CVE-2019-9674)
- Change to Requires: libpython%{so_version} == %{version}-%{release}
to python-base to keep both packages always synchronized (add
%{so_version}) (bsc#1162224).
Dominique Leuenberger (dimstar_suse)
accepted
request 769788
from
Tomáš Chvátal (scarabeus_iv)
(revision 148)
- Provide python-testsuite from devel subkg to ease py2->py3 dependencies - Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch off tests coliding with the combination of modern Python and ancient OpenSSL on SLE-12. - Provide python-testsuite from devel subkg to ease py2->py3 dependencies - Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch off tests coliding with the combination of modern Python and ancient OpenSSL on SLE-12. - libnsl is required only on more recent SLEs and openSUSE, older glibc supported NIS on its own. - Provide python-testsuite from devel subkg to ease py2->py3 dependencies - Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch off tests coliding with the combination of modern Python and ancient OpenSSL on SLE-12. - libnsl is required only on more recent SLEs and openSUSE, older glibc supported NIS on its own.
Dominique Leuenberger (dimstar_suse)
accepted
request 763333
from
Matej Cepl (mcepl)
(revision 147)
- libnsl is required only on more recent SLEs and openSUSE, older glibc supported NIS on its own.
Dominique Leuenberger (dimstar_suse)
accepted
request 760397
from
Tomáš Chvátal (scarabeus_iv)
(revision 146)
- Add provides in gdbm subpackage to provide dbm symbols. This
allows us to use %%{python_module dbm} as a dependency and have
it properly resolved for both python2 and python3
- Add provides in gdbm subpackage to provide dbm symbols. This
allows us to use %%{python_module dbm} as a dependency and have
it properly resolved for both python2 and python3
- Add provides in gdbm subpackage to provide dbm symbols. This
allows us to use %%{python_module dbm} as a dependency and have
it properly resolved for both python2 and python3
Dominique Leuenberger (dimstar_suse)
accepted
request 758106
from
Tomáš Chvátal (scarabeus_iv)
(revision 145)
Dominique Leuenberger (dimstar_suse)
accepted
request 753190
from
Matej Cepl (mcepl)
(revision 144)
- Move /etc/pythonstart script to shared-python-startup
package.
- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from
bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes
bsc#1149792
- Add adapted-from-F00251-change-user-install-location.patch fixing
pip/distutils to install into /usr/local.
- python-2.7.14-CVE-2018-1000030-1.patch
- python-2.7.14-CVE-2018-1000030-2.patch
- Renamed remove-static-libpython.diff and python-bsddb6.diff to
remove-static-libpython.patch and python-bsddb6.patch to unify
filenames.
- Add CVE-2019-16056-email-parse-addr.patch fixing the email
module wrongly parses email addresses [bsc#1149955,
CVE-2019-16056]
- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch
which fixes regression introduced by the previous patch.
(CVE-2019-10160)
Upstream gh#python/cpython#13812
no error will be raised (CVE-2019-9636).
remove-static-libpython.patch
- bsc#1109847: add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
fixing bpo-34623.
- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 736441
from
Tomáš Chvátal (scarabeus_iv)
(revision 142)
Dominique Leuenberger (dimstar_suse)
accepted
request 734624
from
Factory Maintainer (factory-maintainer)
(revision 141)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 724359
from
Tomáš Chvátal (scarabeus_iv)
(revision 140)
Displaying revisions 41 - 60 of 199
