File python3-base.changes of Package python3-doc.10881

Overview Repositories Revisions Requests Users Attributes Meta

File python3-base.changes of Package python3-doc.10881

-------------------------------------------------------------------
Tue Apr  9 15:15:44 CEST 2019 - Matej Cepl <mcepl@suse.com>

- bsc#1129346: add CVE-2019-9636-urlsplit-NFKC-norm.patch
  Characters in the netloc attribute that decompose under NFKC
  normalization (as used by the IDNA encoding) into any of ``/``,
  ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
  URL is decomposed before parsing, or is not a Unicode string,
  no error will be raised. (CVE-2019-9636)
  Upstream gh#python/cpython#12224

-------------------------------------------------------------------
Mon Jan 21 17:51:37 UTC 2019 - Matěj Cepl <mcepl@suse.com>

- bsc#1120644 add CVE-2018-20406-pickle_LONG_BINPUT.patch fixing bpo#34656
  Modules/_pickle.c in Python before 3.7.1 has an integer overflow via
  a large LONG_BINPUT value that is mishandled during a "resize to twice
  the size" attempt. This issue might cause memory exhaustion, but is
  only relevant if the pickle format is used for serializing tens or
  hundreds of gigabytes of data.

-------------------------------------------------------------------
Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com

- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch
  fixing bpo-35746.
  An exploitable denial-of-service vulnerability exists in the
  X509 certificate parser of Python.org Python 2.7.11 / 3.7.2.
  A specially crafted X509 certificate can cause a NULL pointer
  dereference, resulting in a denial of service. An attacker can
  initiate or accept TLS connections using crafted certificates
  to trigger this vulnerability.

-------------------------------------------------------------------
Mon Sep  3 16:38:15 UTC 2018 - Matěj Cepl <mcepl@suse.com>

- Add -fwrapv to OPTS, which is default for python3 anyway
  See for example https://github.com/zopefoundation/persistent/issues/86
  for bugs which are caused by avoiding it. (bsc#1107030)

-------------------------------------------------------------------
Fri Jun 29 10:24:27 UTC 2018 - mcepl@suse.com

- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent
  low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS
  (CVE-2018-1061). Prior to this patch mail server's timestamp was
  susceptible to catastrophic backtracking on long evil response from
  the server. Also, it was susceptible to catastrophic backtracking,
  which was a potential DOS vector.
  [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]

-------------------------------------------------------------------
Fri Jun 29 09:05:03 UTC 2018 - mcepl@suse.com

- Apply "python-sorted_tar.patch" (bsc#1086001)
    sort tarfile output directory listing

-------------------------------------------------------------------
Tue Mar 13 18:49:34 UTC 2018 - psimons@suse.com

- Apply "python-3.6-CVE-2017-18207.patch" to add a check to
  Lib/wave.py that verifies that at least one channel is provided.
  Prior to this check, attackers could cause a denial of service
  (divide-by-zero error and application crash) via a crafted wav
  format audio file. [bsc#1083507, CVE-2017-18207]

-------------------------------------------------------------------
Wed Mar  1 16:50:48 UTC 2017 - jmatejek@suse.com

- update to 3.4.6 (bsc#1027282):
  * fixed potential crash in PyUnicode_AsDecodedObject() in debug build
  * fixed possible DoS and arbitrary execution in gettext plurals
  * fix possible use of uninitialized memory in operator.methodcaller
  * fix possible Py_DECREF on unowned object in _sre
  * fix possible integer overflow in _csv module
  * prevent HTTPoxy attack (CVE-2016-1000110)
  * fix selectors incorrectly retaining invalid fds
- drop upstreamed python-3.4-CVE-2016-1000110-fix.patch

-------------------------------------------------------------------
Mon Aug  8 14:28:04 UTC 2016 - jmatejek@suse.com

- rename rpmlintrc to python3-rpmlintrc (applied change from 13.2)
- drop python-fix-short-dh.patch and dh2048.pem, this is now fixed
  upstream
- drop disabled libffi-ppc64le.diff completely
- reverse order of lowercase-proxies and HTTPoxy patches in order
  to fix documented behavior
- drop upstreamed werror-declaration-after-statement.patch

-------------------------------------------------------------------
Sun Aug  7 11:25:39 UTC 2016 - hpj@urpla.net

- fix python3-urllib-prefer-lowercase-proxies.patch

-------------------------------------------------------------------
Sat Aug  6 21:11:02 UTC 2016 - hpj@urpla.net

- apply fix for CVE-2016-1000110 - CGIHandler: sets environmental
  variable based on user supplied Proxy request header:
  python-3.4-CVE-2016-1000110-fix.patch
  (fixes bsc#989523, CVE-2016-1000110)
- refresh python3-urllib-prefer-lowercase-proxies.patch

-------------------------------------------------------------------
Sun Jul  3 12:41:08 UTC 2016 - hpj@urpla.net

- update to 3.4.5
  check: https://docs.python.org/3.4/whatsnew/changelog.html
  (fixes bsc#984751, CVE-2016-0772)
  (fixes bsc#985177, CVE-2016-5636)
  (fixes bsc#985348, CVE-2016-5699)

-------------------------------------------------------------------
Wed Jun 15 12:57:55 UTC 2016 - hpj@urpla.net

- apply upstream patch python3-urllib-prefer-lowercase-proxies.patch 
  in order to make urllib proxy var handling behave as usual on POSIX

-------------------------------------------------------------------
Tue Jun 14 08:49:18 UTC 2016 - hpj@urpla.net

- Due to being fixed upstream (differently), removed outdated patch
  CVE-2014-4650-CGIHTTPServer-traversal.patch (bsc#983582)

-------------------------------------------------------------------
Sat May  7 09:02:50 UTC 2016 - hpj@urpla.net

- update to 3.4.4
  check: https://docs.python.org/3.4/whatsnew/changelog.html
- all necessary patches refreshed
- adjusted Python-3.3.0b2-multilib.patch
- disabled libffi-ppc64le.diff: horribly deviated
- fix a new multilib issue in configure.ac with $LIBPL
  (target of python3 config)
- disabled more tests, that require ssl

-------------------------------------------------------------------
Fri Oct 23 13:59:56 UTC 2015 - jmatejek@suse.com

- Issue #21121: Don't force 3rd party C extensions to be built with
  -Werror=declaration-after-statement.
  (werror-declaration-after-statement.patch, bsc#951166)

-------------------------------------------------------------------
Tue Sep 22 12:54:10 UTC 2015 - dmueller@suse.com

- add python-2.7-libffi-aarch64.patch to fix incorrect FFI on aarch64

-------------------------------------------------------------------
Thu Sep 17 09:37:23 UTC 2015 - meissner@suse.com

- python-fix-short-dh.patch,dh2048.pem:
  Bump DH parameters to 2048 bit to fix logjam security issue. bsc#935856

-------------------------------------------------------------------
Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com

- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file
  disclosure and directory traversal through URL-encoded characters
  (CVE-2014-4650, bnc#885882)

-------------------------------------------------------------------
Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com

- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons,
  reinstate bundled copies of pip and setuptools
  (fixes bnc#885662)
- add more files as sources to silence the validator

-------------------------------------------------------------------
Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com

- update to 3.4.1
    * bugfix-only release, over 300 bugs fixed
- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch
- drop upstreamed CVE-2014-2667-mkdir.patch
- include Python release manager keyring and signature file
  for the source archive (thus renumbering of source files)
  (see https://www.python.org/download/#openpgp-public-keys )
- move ensurepip to python3, because it transitively requires ssl

-------------------------------------------------------------------
Fri Apr  4 16:21:40 UTC 2014 - jmatejek@suse.com

- CVE-2014-2667-mkdir.patch: race condition with reseting umask
  in os.makedirs
  (CVE-2014-2667, bnc#871152)
- updated multilib patch to include ~/.local/lib64 (bnc#637176)

-------------------------------------------------------------------
Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com

- raise timeout value for test_subprocess to 10s (might fix
  intermittent build failures in OBS)

-------------------------------------------------------------------
Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com

- remove blacklisting of test_posix on aarch64: qemu bug is fixed

-------------------------------------------------------------------
Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com

- update to 3.4.0 final
- drop upstreamed python-3.4rc2-importlib.patch

-------------------------------------------------------------------
Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de

- Only build with profile-opt if profiling is enabled
- Update test exclusion lists:
  * test_ctypes no longer fails on arm
  * test_io no longer fails on ppc*
  * test_multiprocessing has been split in multiple tests
  * test_posix and test_signal fail due to qemu bugs

-------------------------------------------------------------------
Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de

- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests,
  adding python-2.7.6-sqlite-3.8.4-tests.patch

-------------------------------------------------------------------
Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com

- update to 3.4.0 rc2
   * pre-release bugfixes
   * improvements to asyncio library
- drop upstreamed tracemalloc_gcov.patch
- python-3.4rc2-importlib.patch fixes backwards-incompatibility
  in the reworked importlib module that blocks build of vim

-------------------------------------------------------------------
Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com

- initial commit of 3.4.0 beta 3
    * new stdlib modules: pathlib, enum, statistics, tracemalloc
    * asynchronous IO with new asyncio module
    * introspection data for builtins
    * subprocesses no longer inherit open file descriptors
    * standardized metadata for packages
    * internal hashing changed to SipHash
    * new pickle protocol
    * improved handling of codecs
    * TLS 1.2 support
    * major speed improvements for internal unicode handling
    * many bugfixes and optimizations
- see porting guide at:
  http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4
- moved several modules to -testsuite subpackage
- updated list of binary extensions, refreshed patches
- tracemalloc_gcov.patch fixes profile-based optimization build
- updated packages and pre_checkin.sh to use ~-version notation
  for prereleases
- fix-shebangs part of build process moved to common %prep
- drop python-3.3.2-no-REUSEPORT.patch (upstreamed)
- update baselibs for new soname

- TODOs:
    * require python-pip, make ensurepip work with zypper

-------------------------------------------------------------------
Wed Dec  4 13:21:26 UTC 2013 - matz@suse.de

- add ppc64le (ELFv2) support for libffi copy for ctypes module
- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be
  "lib64").
- added patches:
  * libffi-ppc64le.diff
-------------------------------------------------------------------
Tue Dec  3 09:51:43 UTC 2013 - adrian@suse.de

- add ppc64le rules

-------------------------------------------------------------------
Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com

- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch:
  + Disable global and distutils sysconfig comparison test, we deviate
    from the default depending on optflags

-------------------------------------------------------------------
Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com

- update to 3.3.3
  * bugfix-only release
  * many SSL-related fixes
  * upstream fix for CVE-2013-4238
  * upstream fixes for CVE-2013-1752
- move example module xxlimited to python3-testsuite
- remove --with-wide-unicode config option, it is now the default
  (and only) choice
- don't touch anything between make and makeinstall
- drop python-3.2b2-buildtime-generate.patch - the issue was caused
  by touching things between make and makeinstall
- link pycache entries for import_failed hooks properly

-------------------------------------------------------------------
Thu Aug  8 14:54:49 UTC 2013 - dvaleev@suse.com

- Exclue test_faulthandler from tests on powerpc due to bnc#831629

-------------------------------------------------------------------
Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com

- update to 3.3.2
  * bugfix-only release
  * fixes several regressions introduced in 3.3.1
- switch to xz compression
- move _lzma module to python3-base
- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT

-------------------------------------------------------------------
Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de

- Readd missing bits from ctypes-libffi-aarch64.patch

-------------------------------------------------------------------
Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com

- Update to version 3.3.1
  * Fix the –enable-profiling configure switch.
  * In IDLE, close the replace dialog after it is used.
- Too many bugfixes to list here,
  see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS
- Refresh Python-3.3.0b2-multilib.patch
- Refresh python-3.2b2-buildtime-generate.patch
- Drop upstream patches: ctypes-libffi-aarch64.patch,
  python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch

-------------------------------------------------------------------
Fri Apr  5 12:59:20 UTC 2013 - idonmez@suse.com

- Add Source URL, see https://en.opensuse.org/title=SourceUrls

-------------------------------------------------------------------
Wed Apr  3 15:36:04 UTC 2013 - jmatejek@suse.com

- remove spurious modification of python-3.3.0b1-localpath.patch
  that would force installation into /usr/local.
  this fixes bnc#809831

-------------------------------------------------------------------
Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com

- replace broken movetogetdents64.diff patch with a correct one
  from upstream repo (python-3.3.0-getdents64.patch)

-------------------------------------------------------------------
Fri Mar  1 07:42:21 UTC 2013 - dmueller@suse.com

- add ctypes-libffi-aarch64.patch:
  * import aarch64 support for libffi in _ctypes module
- add aarch64 to the list of lib64 based archs 
- add movetogetdents64.diff:
  * port to getdents64, as SYS_getdents is not implemented everywhere

-------------------------------------------------------------------
Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de

- /etc/rpm/macros.python3 is no %config, it is not meant to be changed
  by users.
- Add rpmlintrc with some obvious filters

-------------------------------------------------------------------
Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com

- update baselibs for new version of libpython3

-------------------------------------------------------------------
Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com

- fix include path in macros (bnc#787526)
- implement failed import handlers for modules that live in
  subpackages - e.g. "import ssl" will now throw a sensible error
  message telling you to install "python3"

-------------------------------------------------------------------
Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com

- merge python3-xml into python3
- merge python3-2to3 library into python3-base
  and the 2to3 binary into python3-devel
  (python3-devel is now in conflict with python-2to3, which
  will be dropped)
- enable --with-system-expat for python3, making the xml modules
  (and thus python3) depend on expat
- reconfigure tests to disable network and GUI resources, which
  the upstream apparently thought is a good idea to enable by default.
  this fixes build failures in Factory
- add lzma-devel to build the _lzma module
- moved %dynlib macro definition to common section

-------------------------------------------------------------------
Mon Nov  5 20:01:46 UTC 2012 - coolo@suse.com

- buildrequire timezone for the test suite

-------------------------------------------------------------------
Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com

- disable more checks for qemu builds as they use syscalls not
  implemented yet

-------------------------------------------------------------------
Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com

- exclude test_math for SLE 11; math library fails on negative 
  gamma function values close to integers and 0, probably
  due to imprecision in -lm on SLE_11_SP2.

-------------------------------------------------------------------
Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com

- buildrequire libbz2-devel explicitly

-------------------------------------------------------------------
Mon Oct  8 14:33:08 UTC 2012 - jmatejek@suse.com

- remove distutils.cfg (bnc#658604)
  * this changes default prefix for distutils to /usr
  * see ML for details:
http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html

-------------------------------------------------------------------
Mon Oct  1 08:53:03 UTC 2012 - idonmez@suse.com

- Update to final 3.3.0 release
  * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS

-------------------------------------------------------------------
Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com

- Correct dependency for python3-testsuite, 
  python3-tkinter -> python3-tk

-------------------------------------------------------------------
Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com

- update to 3.3.0 RC1

-------------------------------------------------------------------
Fri Aug  3 12:09:34 UTC 2012 - jmatejek@suse.com

- update to 3.3.0 beta 1
    * flexible string representation, no longer distinguishing
      between wide and narrow Unicode builds
    * importlib-based import system
    * virtualenv support in core
    * namespace packages
    * explicit Unicode literals for easier porting
    * key-sharing dict implementation reduces memory footprint
      of OO code
    * hash randomization on by default
    * many other new bugfixes and features, check NEWS for details

- pre_checkin.sh now autofills various version strings in specs
- ship hashlib's fallback modules - those uselessly take up space
  when real _hashlib.so from python3 is present, but the space wasted
  is only 114kB and it provides python3-base with a working hashlib
  module.
  (also, this fixes bnc#743787)

-------------------------------------------------------------------
Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com

- skip test_io on ppc 
- drop test_io ppc patch

-------------------------------------------------------------------
Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de

- Satisfy source_validator by uncommenting an otherwise unused "Patch"
  line

-------------------------------------------------------------------
Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com

- update to 3.2.3
  * No changes since rc2

-------------------------------------------------------------------
Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com

- update to 3.2.3rc2
  * fixes several security issues:
  * CVE-2012-0845, bnc#747125
  * CVE-2012-1150, bnc#751718
  * CVE-2011-4944, bnc#754447
  * CVE-2011-3389, bnc#754677
- fix for insecure .pypirc (CVE-2011-4944, bnc#754447)
- disable test_gdb because it is broken by our gdb

-------------------------------------------------------------------
Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com

- skip broken test_io test on ppc

-------------------------------------------------------------------
Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com

- update to 3.2.2
  * bugfix-only release
  * reports "linux2" as sys.platform regardless of Linux kernel
- added pre_checkin.sh to copy common spec sections to python3.spec
- added PACKAGING-NOTES with some helpful info for packagers

-------------------------------------------------------------------
Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com

- Use system ffi, included one is broken see 
  http://bugs.python.org/issue11729 and 
  http://bugs.python.org/issue12081

-------------------------------------------------------------------
Fri Dec  9 17:19:55 UTC 2011 - jmatejek@suse.com

- license.opensuse.org-compatible license headers

-------------------------------------------------------------------
Fri Dec  2 16:46:44 UTC 2011 - coolo@suse.com

- add automake as buildrequire to avoid implicit dependency

-------------------------------------------------------------------
Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com

- fix ARM build (exclude some test cases which break for us)

-------------------------------------------------------------------
Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com

- use sysconfig module to get py3_incdir, py3_abiflags,
  py3_soflags, python3_sitelib and python3_sitearch

-------------------------------------------------------------------
Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com

- update to 3.2.1
    * bugfix-only release, no major changes
- fix build on linux3 platform
- remove upstreamed pybench patch
- install /usr/lib directories in all cases to prevent spurious
  "directory not owned" in dependent packages

-------------------------------------------------------------------
Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com

- replaced dynamic so version with manual so version, because
  autobuild does not support autogeneration

-------------------------------------------------------------------
Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com

- generate macros.python3 at compile-time with fixed values
- don't include bogus values in pyconfig.h, as they can break
  third-party packages (bnc#673071)

-------------------------------------------------------------------
Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com

- added Obsoletes: python3 < 3.1 so that the transition from
  non-split to split packages goes smoothly

-------------------------------------------------------------------
Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com

- fixed RPM macros to use python3 instead of python
- updated to build --with-wide-unicode (for compatibility with
  fedora and our own python 2.x series)

-------------------------------------------------------------------
Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com

- fix python3-base build failure due to pybench.py crash by
  python-3.2-pybench.patch
- move pyconfig.h from python3-devel to python3-base package to
  make python3-base functional again

-------------------------------------------------------------------
Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com

- update to python 3.2
    * stable ABI, ABI-tagged .so files
    * concurrent.futures and many other new or upgraded modules
    * PYC repository directories ( __pycache__ )
    * python WSGI 1.0.1
    * Unicode 6.0.0 support
    * a great number of bugfixes and assorted improvements

-------------------------------------------------------------------
Tue Feb  8 19:42:17 CET 2011 - matejcik@suse.cz

- update to python 3.2 RC2
- renamed python3-demo to python3-tools, because the demo part
  became much smaller than the tools part
- added rpm macros

-------------------------------------------------------------------
Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com

- update to python 3.2 beta 2, see NEWS for details
- split off -base package with less dependencies, and a shlib-policy
  compliant libpython3 package
- mostly rewritten the spec file with more detailed comments
- cleaned up lists of patches

Places

File python3-base.changes of Package python3-doc.10881

Places