Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
python-doc.33978
python.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File python.changes of Package python-doc.33978
------------------------------------------------------------------- Sat May 18 15:49:07 UTC 2024 - Matej Cepl <mcepl@suse.com> - bsc#1221854 (CVE-2024-0450) Add CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch detecting the vulnerability of the "quoted-overlap" zipbomb (from gh#python/cpython!110016). ------------------------------------------------------------------- Sat May 11 05:46:55 UTC 2024 - Matej Cepl <mcepl@cepl.eu> - Switch to using the system libexpat (bsc#1219559, CVE-2023-52425) - Make sure to remove all embedded versions of other packages (including expat). - Add CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch removing failing test fixing bpo#3151, which we just not support. - Remove patches over those embedded packages (cffi): - python-2.7-libffi-aarch64.patch - sparc_longdouble.patch ------------------------------------------------------------------- Tue Apr 16 15:39:24 UTC 2024 - Matej Cepl <mcepl@cepl.eu> - Modify CVE-2023-27043-email-parsing-errors.patch to fix the unicode string handling in email.utils.parseaddr() (bsc#1222537). - Revert CVE-2022-48560-after-free-heappushpop.patch, the fix was unneeded. ------------------------------------------------------------------- Mon Mar 18 09:54:20 UTC 2024 - Matej Cepl <mcepl@cepl.eu> - Switch off tests. ONLY FOR FACTORY!!! (bsc#1219306) ------------------------------------------------------------------- Tue Mar 5 17:43:19 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com> - Build with -std=gnu89 to build correctly with gcc14, bsc#1220970 ------------------------------------------------------------------- Mon Jan 8 10:00:07 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com> - Add CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). ------------------------------------------------------------------- Mon Nov 27 16:30:33 UTC 2023 - Matej Cepl <mcepl@cepl.eu> - Add CVE-2022-48560-after-free-heappushpop.patch fixing use-after-free in Python via heappushpop in heapq (bsc#1214675, CVE-2022-48560). - switch from %patchN style to the %patch -P N one. ------------------------------------------------------------------- Sat Sep 16 12:40:52 UTC 2023 - Matej Cepl <mcepl@suse.com> - (bsc#1214691, CVE-2022-48566) Add CVE-2022-48566-compare_digest-more-constant.patch to make compare_digest more constant-time. - Allow nis.so for SLE-12. ------------------------------------------------------------------- Thu Sep 14 20:45:36 UTC 2023 - Matej Cepl <mcepl@suse.com> - (bsc#1214685, CVE-2022-48565) Add CVE-2022-48565-plistlib-XML-vulns.patch (from gh#python/cpython#86217) reject XML entity declarations in plist files. - Remove BOTH CVE-2023-27043-email-parsing-errors.patch and Revert-gh105127-left-tests.patch (as per discussion on bsc#1210638). ------------------------------------------------------------------- Tue Sep 12 07:55:52 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com> - Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing gh#python/cpython#108310, backport from upstream patch gh#python/cpython#108315 (bsc#1214692, CVE-2023-40217) ------------------------------------------------------------------- Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl <mcepl@suse.com> - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. ------------------------------------------------------------------- Tue Jul 11 07:35:18 UTC 2023 - Matej Cepl <mcepl@suse.com> - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). ------------------------------------------------------------------- Wed Jun 7 15:37:43 UTC 2023 - Matej Cepl <mcepl@suse.com> - Fix the application of the python-2.7.17-switch-off-failing-SSL-tests.patch. ------------------------------------------------------------------- Tue May 30 10:43:13 UTC 2023 - Andreas Schwab <schwab@suse.de> - python-2.7.5-multilib.patch: Update for riscv64 - Don't fail if _ctypes or dl extension was not built ------------------------------------------------------------------- Mon May 29 18:49:40 UTC 2023 - Matej Cepl <mcepl@suse.com> - The condition around libnsl-devel BuildRequires is NOT switching off NIS support on SLE < 15, support for NIS used to be in the glibc itself. Partial revert of sr#1061583. ------------------------------------------------------------------- Wed May 24 20:50:27 UTC 2023 - Matej Cepl <mcepl@suse.com> - Add PygmentsBridge-trime_doctest_flags.patch to allow build of the documentation even with the current Sphinx. (SUSE-ONLY PATCH, DO NOT SEND UPSTREAM!) ------------------------------------------------------------------- Wed Mar 8 21:17:18 UTC 2023 - Matej Cepl <mcepl@suse.com> - Enable --with-system-ffi for non-standard architectures. ------------------------------------------------------------------- Mon Mar 6 15:35:00 UTC 2023 - Matej Cepl <mcepl@suse.com> - SLE-12 builds nis.so as well. ------------------------------------------------------------------- Wed Mar 1 14:43:31 UTC 2023 - Matej Cepl <mcepl@suse.com> - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters ------------------------------------------------------------------- Fri Jan 27 15:00:21 UTC 2023 - Thorsten Kukuk <kukuk@suse.com> - Disable NIS for new products, it's deprecated and gets removed ------------------------------------------------------------------- Thu Jan 19 07:14:09 UTC 2023 - Matej Cepl <mcepl@suse.com> - Add skip_unverified_test.patch because apparently switching off SSL verification doesn't work on older SLE. ------------------------------------------------------------------- Tue Nov 22 20:55:13 UTC 2022 - Matej Cepl <mcepl@suse.com> - Restore python-2.7.9-sles-disable-verification-by-default.patch for SLE-12. ------------------------------------------------------------------- Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl <mcepl@suse.com> - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names. ------------------------------------------------------------------- Tue Sep 13 04:06:02 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com> - Add bpo34990-2038-problem-compileall.patch making compileall.py compliant with year 2038 (bsc#1202666, gh#python/cpython#79171), backport of fix to Python 2.7. ------------------------------------------------------------------- Wed Sep 7 04:46:44 UTC 2022 - Steve Kowalik <steven.kowalik@suse.com> - Add patch CVE-2021-28861-double-slash-path.patch: * BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. (bsc#1202624, CVE-2021-28861) ------------------------------------------------------------------- Thu Jun 9 16:43:30 UTC 2022 - Matej Cepl <mcepl@suse.com> - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. ------------------------------------------------------------------- Tue May 24 07:05:36 UTC 2022 - Martin Liška <mliska@suse.cz> - Filter out executable-stack error that is triggered for i586 target. ------------------------------------------------------------------- Sat Feb 26 12:41:42 UTC 2022 - Matej Cepl <mcepl@suse.com> - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). - Recover again proper value of %python2_package_prefix (bsc#1175619). ------------------------------------------------------------------- Fri Feb 18 11:00:25 UTC 2022 - Matej Cepl <mcepl@suse.com> - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. ------------------------------------------------------------------- Fri Feb 18 10:51:04 UTC 2022 - Matej Cepl <mcepl@suse.com> - Older SLE versions should use old OpenSSL. ------------------------------------------------------------------- Wed Feb 9 16:49:52 UTC 2022 - Matej Cepl <mcepl@suse.com> - Add CVE-2022-0391-urllib_parse-newline-parsing.patch (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs containing ASCII newline and tabs in urlparse. ------------------------------------------------------------------- Sun Feb 6 07:43:11 UTC 2022 - Matej Cepl <mcepl@suse.com> - Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146, bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib not trust the PASV response. ------------------------------------------------------------------- Mon Dec 6 13:48:27 UTC 2021 - Dirk Müller <dmueller@suse.com> - build against openssl 1.1.x (incompatible with openssl 3.0x) for now. ------------------------------------------------------------------- Tue Nov 2 08:09:03 UTC 2021 - Marcus Meissner <meissner@suse.com> - on sle12, python2 modules will still be called python-xxxx until EOL, for newer SLE versions they will be python2-xxxx ------------------------------------------------------------------- Fri Oct 15 08:17:46 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org> - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. ------------------------------------------------------------------- Tue Sep 21 14:54:40 UTC 2021 - Matej Cepl <mcepl@suse.com> - Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch. - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). - Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211 (CVE-2020-26116, bpo#39603) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Such characters now raise ValueError. ------------------------------------------------------------------- Thu Aug 26 15:35:10 UTC 2021 - Fusion Future <qydwhotmail@gmail.com> - Renamed patch for assigned CVE: * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch -> CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (boo#1189241, CVE-2021-3737) ------------------------------------------------------------------- Mon Aug 23 11:16:24 UTC 2021 - Fusion Future <qydwhotmail@gmail.com> - Renamed patch for assigned CVE: * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch (boo#1189287, CVE-2021-3733) - Fix python-doc build (bpo#35293): * sphinx-update-removed-function.patch - Update documentation formatting for Sphinx 3.0 (bpo#40204). ------------------------------------------------------------------- Tue Aug 10 12:39:28 UTC 2021 - Fusion Future <qydwhotmail@gmail.com> - Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in request (bpo#43075, boo#1189287). - Add missing security announcement to bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch. ------------------------------------------------------------------- Mon Aug 9 15:16:15 UTC 2021 - Fusion Future <qydwhotmail@gmail.com> - Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch which fixes http client infinite line reading (DoS) after a http 100 (bpo#44022, boo#1189241). ------------------------------------------------------------------- Fri Jul 16 14:25:20 UTC 2021 - Matej Cepl <mcepl@suse.com> - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ------------------------------------------------------------------- Fri Feb 26 18:21:55 UTC 2021 - Matej Cepl <mcepl@suse.com> - Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336). ------------------------------------------------------------------- Mon Jan 25 23:35:49 UTC 2021 - Matej Cepl <mcepl@suse.com> - Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution. ------------------------------------------------------------------- Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl <mcepl@suse.com> - (bsc#1180125) We really don't Require python-rpm-macros package. Unnecessary dependency. ------------------------------------------------------------------- Sat May 30 12:19:40 UTC 2020 - Matej Cepl <mcepl@suse.com> - Add patch configure_PYTHON_FOR_REGEN.patch which makes configure.ac to consider the correct version of PYTHON_FO_REGEN (bsc#1078326). ------------------------------------------------------------------- Mon Apr 27 06:56:55 UTC 2020 - Matej Cepl <mcepl@suse.com> - Use python3-Sphinx on anything more recent than SLE-15 (inclusive). ------------------------------------------------------------------- Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl <mcepl@suse.com> - Update to 2.7.18, final release of Python 2. Ever.: - Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben Caller. - Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators. - bsc#1155094 (CVE-2019-18348) Disallow control characters in hostnames in http.client. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host. - Fix problems identified by GCC's -Wstringop-truncation warning. - AddRefActCtx() was needlessly being checked for failure in PC/dl_nt.c. - Prevent failure of test_relative_path in test_py_compile on macOS Catalina. - Fixed possible leak in `PyArg_Parse` and similar functions for format units "es#" and "et#" when the macro `PY_SSIZE_T_CLEAN` is not defined. - Remove upstreamed patches: - CVE-2019-18348-CRLF_injection_via_host_part.patch - python-2.7.14-CVE-2017-1000158.patch - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch - CVE-2018-1061-DOS-via-regexp-difflib.patch - CVE-2019-10160-netloc-port-regression.patch - CVE-2019-16056-email-parse-addr.patch ------------------------------------------------------------------- Sat Feb 8 23:29:28 CET 2020 - Matej Cepl <mcepl@suse.com> - Add CVE-2019-9674-zip-bomb.patch to improve documentation warning about dangers of zip-bombs and other security problems with zipfile library. (bsc#1162825 CVE-2019-9674) ------------------------------------------------------------------- Sat Feb 8 22:30:51 CET 2020 - Matej Cepl <mcepl@suse.com> - Change to Requires: libpython%{so_version} == %{version}-%{release} to python-base to keep both packages always synchronized (add %{so_version}) (bsc#1162224). ------------------------------------------------------------------- Thu Feb 6 23:14:47 CET 2020 - Matej Cepl <mcepl@suse.com> - Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug "Python urrlib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)" (bsc#1162367) ------------------------------------------------------------------- Mon Feb 3 19:30:31 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com> - Provide python-testsuite from devel subkg to ease py2->py3 dependencies ------------------------------------------------------------------- Mon Jan 27 16:47:56 CET 2020 - Matej Cepl <mcepl@suse.com> - Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch off tests coliding with the combination of modern Python and ancient OpenSSL on SLE-12. ------------------------------------------------------------------- Fri Jan 10 16:01:57 CET 2020 - Matej Cepl <mcepl@suse.com> - libnsl is required only on more recent SLEs and openSUSE, older glibc supported NIS on its own. ------------------------------------------------------------------- Thu Jan 2 10:34:17 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com> - Add provides in gdbm subpackage to provide dbm symbols. This allows us to use %%{python_module dbm} as a dependency and have it properly resolved for both python2 and python3 ------------------------------------------------------------------- Thu Dec 19 08:47:01 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org> - Drop appstream-glib BuildRequires and no longer call appstream-util validate-relax: eliminate a build cycle between as-glib and python. The only thing would would gain by calling as-uril is catching if upstream breaks the appdata.xml file in a future release. Considering py2 is dying, chances for a new release, let alone one breaking the xml file, are slim. ------------------------------------------------------------------- Wed Dec 11 14:35:46 CET 2019 - Matej Cepl <mcepl@suse.com> - Unify packages among openSUSE:Factory and SLE versions. (bsc#1159035) ; add missing records to this changelog. - Add idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830) ------------------------------------------------------------------- Wed Dec 4 18:12:17 CET 2019 - Matej Cepl <mcepl@suse.com> - Add python2_split_startup Provide to make it possible to conflict older packages by shared-python-startup. ------------------------------------------------------------------- Fri Nov 22 13:10:03 CET 2019 - Matej Cepl <mcepl@suse.com> - Move /etc/pythonstart script to shared-python-startup package. ------------------------------------------------------------------- Tue Nov 5 11:41:40 CET 2019 - Matej Cepl <mcepl@suse.com> - Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes bsc#1149792 ------------------------------------------------------------------- Tue Nov 5 04:24:05 UTC 2019 - Steve Kowalik <steven.kowalik@suse.com> - Add adapted-from-F00251-change-user-install-location.patch fixing pip/distutils to install into /usr/local. ------------------------------------------------------------------- Thu Oct 24 14:40:39 CEST 2019 - Matej Cepl <mcepl@suse.com> - Update to 2.7.17: - a bug fix release in the Python 2.7.x series. It is expected to be the penultimate release for Python 2.7. - Removed patches included upstream: - CVE-2018-20852-cookie-domain-check.patch - CVE-2019-16935-xmlrpc-doc-server_title.patch - CVE-2019-9636-netloc-no-decompose-characters.patch - CVE-2019-9947-no-ctrl-char-http.patch - CVE-2019-9948-avoid_local-file.patch - python-2.7.14-CVE-2018-1000030-1.patch - python-2.7.14-CVE-2018-1000030-2.patch - Renamed remove-static-libpython.diff and python-bsddb6.diff to remove-static-libpython.patch and python-bsddb6.patch to unify filenames. ------------------------------------------------------------------- Tue Oct 8 19:46:52 CEST 2019 - Matej Cepl <mcepl@suse.com> - Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in python/Lib/DocXMLRPCServer.py ------------------------------------------------------------------- Wed Sep 25 13:25:33 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com> - Add bpo36302-sort-module-sources.patch (boo#1041090) ------------------------------------------------------------------- Mon Sep 16 15:57:54 CEST 2019 - Matej Cepl <mcepl@suse.com> - Add CVE-2019-16056-email-parse-addr.patch fixing the email module wrongly parses email addresses [bsc#1149955, CVE-2019-16056] ------------------------------------------------------------------- Thu Jul 25 19:31:47 CEST 2019 - Matej Cepl <mcepl@suse.com> - boo#1141853 (CVE-2018-20852) add CVE-2018-20852-cookie-domain-check.patch fixing http.cookiejar.DefaultPolicy.domain_return_ok which did not correctly validate the domain: it could be tricked into sending cookies to the wrong server. ------------------------------------------------------------------- Fri Jul 19 11:19:42 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com> - Skip test_urllib2_localnet that randomly fails in OBS ------------------------------------------------------------------- Wed Jul 3 21:02:00 CEST 2019 - Matej Cepl <mcepl@suse.com> - bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) Upstream gh#python/cpython#13812 ------------------------------------------------------------------- Wed May 29 08:58:16 UTC 2019 - Martin Liška <mliska@suse.cz> - Set _lto_cflags to nil as it will prevent to propage LTO for Python modules that are built in a separate package. ------------------------------------------------------------------- Thu May 2 08:40:33 CEST 2019 - Matej Cepl <mcepl@suse.com> - bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised. ------------------------------------------------------------------- Mon Apr 8 22:40:01 CEST 2019 - Matej Cepl <mcepl@suse.com> - bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch removing unnecessary (and potentially harmful) URL scheme local-file://. ------------------------------------------------------------------- Mon Apr 8 21:13:48 CEST 2019 - Matej Cepl <mcepl@suse.com> - bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised (CVE-2019-9636). Upstream commits e37ef41 and 507bd8c. ------------------------------------------------------------------- Thu Apr 4 22:28:24 CEST 2019 - Matej Cepl <mcepl@suse.com> - (bsc#1111793) Update to 2.7.16: * bugfix-only release: complete list of changes on https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch which are fully included in the tarball. * Updated patches to apply cleanly: CVE-2019-5010-null-defer-x509-cert-DOS.patch bpo36160-init-sysconfig_vars.patch do-not-use-non-ascii-in-test_ssl.patch openssl-111-middlebox-compat.patch openssl-111-ssl_options.patch python-2.5.1-sqlite.patch python-2.6-gettext-plurals.patch python-2.7-dirs.patch python-2.7.2-fix_date_time_compiler.patch python-2.7.4-canonicalize2.patch python-2.7.5-multilib.patch python-2.7.9-ssl_ca_path.patch python-bsddb6.diff remove-static-libpython.patch * Update python-2.7.5-multilib.patch to pass with new platlib regime. ------------------------------------------------------------------- Fri Jan 25 16:53:50 CET 2019 - mcepl@suse.com - bsc#1109847 (CVE-2018-14647): add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo-34623. ------------------------------------------------------------------- Fri Jan 25 16:02:21 CET 2019 - mcepl@suse.com - bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance of PyWeakReference struct and does not intialize wr_prev and wr_next of new isntance. These pointers can have garbage and point to random memory locations. Python should not crash while destroying the isntance created in the same interpreter function. As per my understanding, both wr_prev and wr_next of PyWeakReference instance should be initialized to NULL to avoid segfault. ------------------------------------------------------------------- Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com - bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746 (CVE-2019-5010). An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. ------------------------------------------------------------------- Wed Dec 19 19:29:44 UTC 2018 - Todd R <toddrme2178@gmail.com> - Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros. ------------------------------------------------------------------- Fri Oct 26 10:48:44 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com> - Add patch openssl-111.patch to work with openssl-1.1.1 (bsc#1113755) ------------------------------------------------------------------- Tue Sep 25 22:01:08 UTC 2018 - Matěj Cepl <mcepl@suse.com> - Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802] ------------------------------------------------------------------- Fri Jun 29 10:24:27 UTC 2018 - mcepl@suse.com - Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS (CVE-2018-1061). Prior to this patch mail server's timestamp was susceptible to catastrophic backtracking on long evil response from the server. Also, it was susceptible to catastrophic backtracking, which was a potential DOS vector. [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060] ------------------------------------------------------------------- Thu Jun 7 17:04:40 UTC 2018 - psimons@suse.com - Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this check, attackers could cause a denial of service (divide-by-zero error and application crash) via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207] ------------------------------------------------------------------- Tue May 29 12:42:22 UTC 2018 - mcepl@suse.com - Apply "python-sorted_tar.patch" (bsc#1086001, boo#1081750) sort tarfile output directory listing ------------------------------------------------------------------- Mon May 21 18:41:43 UTC 2018 - michael@stroeder.com - update to 2.7.15 * dozens of bugfixes, see NEWS for details - removed obsolete patches: * python-ncurses-6.0-accessors.patch * python-fix-shebang.patch * gcc8-miscompilation-fix.patch - add patch from upstream: * do-not-use-non-ascii-in-test_ssl.patch ------------------------------------------------------------------- Fri Apr 6 10:11:22 UTC 2018 - mliska@suse.cz - Add gcc8-miscompilation-fix.patch (boo#1084650). ------------------------------------------------------------------- Tue Mar 13 15:22:47 UTC 2018 - psimons@suse.com - Apply "python-2.7.14-CVE-2017-1000158.patch" to prevent integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution. [bsc#1068664, CVE-2017-1000158] ------------------------------------------------------------------- Mon Feb 5 16:01:59 UTC 2018 - normand@linux.vnet.ibm.com - exclude test_socket & test_subprocess for PowerPC boo#1078485 (same ref as previous change) ------------------------------------------------------------------- Fri Feb 2 09:21:24 UTC 2018 - normand@linux.vnet.ibm.com - Add python-skip_random_failing_tests.patch bypass boo#1078485 and exclude many tests for PowerPC ------------------------------------------------------------------- Tue Jan 30 16:08:33 UTC 2018 - tchvatal@suse.com - Add patch python-fix-shebang.patch to fix bsc#1078326 ------------------------------------------------------------------- Fri Dec 22 16:49:38 UTC 2017 - jmatejek@suse.com - exclude test_regrtest for s390, where it does not segfault as it should (fixes bsc#1073269) - fix segfault while creating weakref - bsc#1073748, bpo#29347 (this is actually fixed by the 2.7.14 update; mentioning this for purposes of bugfix tracking) ------------------------------------------------------------------- Mon Nov 20 16:11:48 UTC 2017 - jmatejek@suse.com - update to 2.7.14 * dozens of bugfixes, see NEWS for details * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664) * fixed segfaults with dict mutated during search * fixed possible free-after-use problems with buffer objects with custom indexing * fixed urllib.splithost to correctly parse fragments (bpo-30500) - drop upstreamed python-2.7.13-overflow_check.patch - drop unneeded python-2.7.12-makeopcode.patch - drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch - Apply "python-2.7.14-CVE-2018-1000030-1.patch" and "python-2.7.14-CVE-2018-1000030-2.patch" to remedy a bug that would crash the Python interpreter when multiple threads used the same I/O stream concurrently. This issue is not classified as a security vulnerability due to the fact that an attacker must be able to run code, however in some situations -- such as function as a service -- this vulnerability can potentially be used by an attacker to violate a trust boundary. [bsc#1079300, CVE-2018-1000030] ------------------------------------------------------------------- Thu Nov 2 16:53:42 UTC 2017 - mpluskal@suse.com - Call python2 instead of python in macros ------------------------------------------------------------------- Thu Sep 14 14:12:38 UTC 2017 - vcizek@suse.com - Fix test broken with OpenSSL 1.1 (bsc#1042670) * add 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch ------------------------------------------------------------------- Mon Aug 28 13:28:46 UTC 2017 - jmatejek@suse.com - drop SUSE_ASNEEDED=0 as it is not needed anymore ------------------------------------------------------------------- Thu Aug 17 08:58:02 CEST 2017 - kukuk@suse.de - Add libnsl-devel build requires for glibc obsoleting libnsl ------------------------------------------------------------------- Mon May 15 14:03:01 UTC 2017 - jmatejek@suse.com - obsolete/provide python-argparse and provide python2-argparse, because the argparse module is available from python 2.7 up ------------------------------------------------------------------- Tue Feb 28 16:16:40 UTC 2017 - jmatejek@suse.com - SLE package update (bsc#1027282) - refresh python-2.7.5-multilib.patch - dropped upstreamed patches: python-fix-short-dh.patch python-2.7.7-mhlib-linkcount.patch python-2.7-urllib2-localnet-ssl.patch CVE-2016-0772-smtplib-starttls.patch CVE-2016-5699-http-header-injection.patch CVE-2016-5636-zipimporter-overflow.patch python-2.7-httpoxy.patch - Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1. (dimstar@opensuse.org) ------------------------------------------------------------------- Fri Feb 24 17:08:25 UTC 2017 - bwiedemann@suse.com - Add reproducible.patch to allow reproducible builds of various python packages like python-amqp Upstream: https://github.com/python/cpython/pull/296 ------------------------------------------------------------------- Tue Jan 3 16:59:24 UTC 2017 - jmatejek@suse.com - update to 2.7.13 * dozens of bugfixes, see NEWS for details * updated cipher lists for openssl wrapper, support openssl >= 1.1.0 * properly fix HTTPoxy (CVE-2016-1000110) * profile-opt build now applies PGO to modules as well - update python-2.7.10-overflow_check.patch with python-2.7.13-overflow_check.patch, incorporating upstream changes (bnc#964182) - add "-fwrapv" to optflags explicitly because upstream code still relies on it in many places ------------------------------------------------------------------- Fri Dec 2 15:32:59 UTC 2016 - jmatejek@suse.com - provide python2-* symbols, for support of new packages built as python2-foo - rename macros.python to macros.python2 accordingly - require python-rpm-macros package, drop macro definitions from macros.python2 ------------------------------------------------------------------- Mon Sep 26 14:06:25 UTC 2016 - jmatejek@suse.com - initial packaging of `python27` side-by-side variant (fate#321075, bsc#997436) - renamed `python` to `python27` in package names and requires - removed Provides and Obsoletes clauses - dropped SLE12-only patch python-2.7.9-sles-disable-verification-by-default.patch, companion sle_tls_checks_policy.py file and the python-strict-tls-checks subpackage - dropped profile files - removed /usr/bin/python and /usr/bin/python2, along with other unversioned aliases - rewrote macros file to enable stand-alone packages depending on py2.7 - re-included downloaded version of HTML documentation ------------------------------------------------------------------- Thu Jun 30 09:23:05 UTC 2016 - jmatejek@suse.com - update to 2.7.12 * dozens of bugfixes, see NEWS for details * fixes multiple security issues: CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) CVE-2016-5636 zipimporter heap overflow (bsc#985177) CVE-2016-5699 httplib header injection (bsc#985348) (this one is actually fixed since 2.7.10) - removed upstreamed python-2.7.7-mhlib-linkcount.patch - refreshed multilib patch - python-2.7.12-makeopcode.patch - run newly-built python interpreter to make opcodes, in order not to require pre-built python - update LD_LIBRARY_PATH to use $PWD instead of "." because the test process escapes to its own directory - modify shebang-fixing scriptlet to ignore makeopcodetargets.py ------------------------------------------------------------------- Fri Jun 17 12:33:23 UTC 2016 - jmatejek@suse.com - CVE-2016-0772-smtplib-starttls.patch: smtplib vulnerability opens startTLS stripping attack (CVE-2016-0772, bsc#984751) - CVE-2016-5636-zipimporter-overflow.patch: heap overflow when importing malformed zip files (CVE-2016-5636, bsc#985177) - CVE-2016-5699-http-header-injection.patch: incorrect validation of HTTP headers allow header injection (CVE-2016-5699, bsc#985348) - python-2.7-httpoxy.patch: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (CVE-2016-1000110, bsc#989523) ------------------------------------------------------------------- Fri Jan 29 13:03:40 UTC 2016 - rguenther@suse.com - Add python-2.7.10-overflow_check.patch to fix broken overflow checks. [bnc#964182] ------------------------------------------------------------------- Mon Sep 14 15:04:43 UTC 2015 - jmatejek@suse.com - copy strict-tls-checks subpackage from SLE to retain future compatibility (not built in openSUSE) - do this properly to fix bnc#945401 - update SLE check to exclude Leap which also has version 1315, just to be sure ------------------------------------------------------------------- Wed Sep 9 12:19:01 UTC 2015 - dimstar@opensuse.org - Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1. ------------------------------------------------------------------- Thu Aug 13 13:31:15 UTC 2015 - jmatejek@suse.com - add missing ssl.pyc and ssl.pyo to package - implement python-strict-tls-checks subpackage * when present, Python will perform TLS certificate checking by default. it is possible to remove the package to turn off the checks for compatibility with legacy scripts. * as discussed in fate#318300 * this is not built for openSUSE, but retained here in case we want to build the package for a SLE system ------------------------------------------------------------------- Mon Jun 29 08:32:44 UTC 2015 - meissner@suse.com - python-fix-short-dh.patch: Bump DH parameters to 2048 bit to fix logjam security issue. bsc#935856 ------------------------------------------------------------------- Wed Jun 10 11:19:58 UTC 2015 - dmueller@suse.com - add __python2 compatibility macro (used by Fedora) (fate#318838) ------------------------------------------------------------------- Sun May 24 14:36:37 UTC 2015 - michael@stroeder.com - update to 2.7.10 - removed obsolete python-2.7-urllib2-localnet-ssl.patch ------------------------------------------------------------------- Tue May 19 11:18:12 UTC 2015 - schwab@suse.de - Reenable test_posix on aarch64 ------------------------------------------------------------------- Sun Dec 21 19:14:17 UTC 2014 - schwab@suse.de - python-2.7.4-aarch64.patch: Remove obsolete patch - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64 ------------------------------------------------------------------- Fri Dec 12 17:11:51 UTC 2014 - jmatejek@suse.com - update to 2.7.9 * contains full backport of ssl module from Python 3.4 (PEP466) * HTTPS certificate validation enabled by default (PEP476) * SSLv3 disabled by default (bnc#901715) * backported ensurepip module (PEP477) * fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 * dozens of minor bugfixes - dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch - dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it with ssl module from Python 3 - libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well - python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional "import ssl" from test_urllib2_localnet that caused it to fail without ssl ------------------------------------------------------------------- Wed Oct 22 13:30:24 UTC 2014 - dmueller@suse.com - skip test_thread in qemu_linux_user mode ------------------------------------------------------------------- Wed Oct 1 13:00:59 UTC 2014 - jmatejek@suse.com - CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow in buffer() (CVE-2014-7185, bnc#898572) ------------------------------------------------------------------- Tue Sep 30 15:06:15 UTC 2014 - jmatejek@suse.com - update to 2.7.8 * bugfix-only release, dozens of bugs fixed * fixes CVE-2014-4650 directory traversal in CGIHTTPServer * fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer() - dropped upstreamed CVE-2014-4650-CGIHTTPserver-traversal.patch - dropped upstreamed CVE-2014-7185-buffer-wraparound.patch ------------------------------------------------------------------- Wed Jul 23 16:48:38 UTC 2014 - jmatejek@suse.com - CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file disclosure and directory traversal through URL-encoded characters (CVE-2014-4650, bnc#885882) - python-2.7.7-mhlib-linkcount.patch: remove link count optimizations that are incorrect on btrfs (and possibly other filesystems) ------------------------------------------------------------------- Fri Jun 20 13:11:34 UTC 2014 - jmatejek@suse.com - update to 2.7.7 * bugfix-only release, over a hundred bugs fixed * backported hmac.compare_digest from python3, first step of PEP 466 - drop upstreamed patches: * CVE-2014-1912-recvfrom_into.patch * python-2.7.4-no-REUSEPORT.patch * python-2.7.6-bdist-rpm.patch * python-2.7.6-imaplib.patch * python-2.7.6-sqlite-3.8.4-tests.patch - refresh patches: * python-2.7.3-ssl_ca_path.patch * python-2.7.4-canonicalize2.patch * xmlrpc_gzip_27.patch - added python keyring and signature for the main tarball ------------------------------------------------------------------- Sat Mar 15 08:05:41 UTC 2014 - schwab@suse.de - Use profile-opt only when profiling is enabled - python-2.7.2-disable-tests-in-test_io.patch: removed, no longer needed - update testsuite exclusion list: * test_signal and test_posix fail due to qemu bugs ------------------------------------------------------------------- Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de - Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, adding python-2.7.6-sqlite-3.8.4-tests.patch ------------------------------------------------------------------- Mon Feb 10 14:24:52 UTC 2014 - jmatejek@suse.com - added patches for CVE-2013-1752 (bnc#856836) issues that are missing in 2.7.6: python-2.7.6-imaplib.patch python-2.7.6-poplib.patch smtplib_maxline-2.7.patch - CVE-2013-1753 (bnc#856835) gzip decompression bomb in xmlrpc client: xmlrpc_gzip_27.patch - python-2.7.6-bdist-rpm.patch: fix broken "setup.py bdist_rpm" command (bnc#857470, issue18045) - multilib patch: add "~/.local/lib64" paths to search path (bnc#637176) - CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow in socket.recvfrom_into (CVE-2014-1912, bnc#863741) ------------------------------------------------------------------- Tue Dec 10 16:56:02 UTC 2013 - uweigand@de.ibm.com - Add Obsoletes/Provides for python-ctypes. ------------------------------------------------------------------- Sat Dec 7 02:27:51 UTC 2013 - matz@suse.de - Ignore uuid testcase in the testsuite, it relies on unreliable ifconfig output. ------------------------------------------------------------------- Tue Dec 3 20:03:08 CET 2013 - mls@suse.de - adapt python-2.7.5-multilib.patch for ppc64le ------------------------------------------------------------------- Tue Dec 3 17:30:26 UTC 2013 - dvaleev@suse.com - adjust %files for ppc64le ------------------------------------------------------------------- Tue Dec 3 17:05:45 UTC 2013 - matz@suse.de - Support for ppc64le in _ctypes libffi copy. - added patches: * libffi-ppc64le.diff ------------------------------------------------------------------- Tue Dec 3 09:44:28 UTC 2013 - adrian@suse.de - add ppc64le rules - avoid errors from source-validator ------------------------------------------------------------------- Thu Nov 21 15:39:28 UTC 2013 - jmatejek@suse.com - update to 2.7.6 * bugfix-only release * SSL-related fixes * upstream fix for CVE-2013-4238 * upstream fixes for CVE-2013-1752 - removed upstreamed patch CVE-2013-4238_py27.patch - reintroduce audioop.so as the problems with it seem to be fixed (bnc#831442) ------------------------------------------------------------------- Thu Oct 10 18:13:08 UTC 2013 - dmueller@suse.com - exclude test_mmap under qemu_linux_user - emulation fails here as the tests mmap address conflicts with qemu ------------------------------------------------------------------- Mon Aug 26 13:55:35 UTC 2013 - lnussel@suse.de - update python-2.7.3-ssl_ca_path.patch patch to load default verify locations if no ca_certs file is specified (bnc#827982, bnc#836739) ------------------------------------------------------------------- Fri Aug 16 11:25:49 UTC 2013 - jmatejek@suse.com - handle NULL bytes in certain fields of SSL certificates (CVE-2013-4238, bnc#834601) ------------------------------------------------------------------- Tue Jul 9 07:55:50 UTC 2013 - jengelh@inai.de - Add python-bsddb6.diff to support building against libdb-6.0 ------------------------------------------------------------------- Sat Jul 6 17:17:11 UTC 2013 - coolo@suse.com - have python-devel require python: http://lists.opensuse.org/opensuse-factory/2013-06/msg00622.html ------------------------------------------------------------------- Sun Jun 30 21:20:29 UTC 2013 - schwab@suse.de - Disable test_multiprocessing in QEmu build ------------------------------------------------------------------- Wed Jun 5 15:17:51 UTC 2013 - schwab@suse.de - Disable test_asyncore in QEmu build - Reenable testsuite on arm ------------------------------------------------------------------- Thu May 30 16:40:16 UTC 2013 - jmatejek@suse.com - python-2.7.4-aarch64.patch: add missing bits of aarch64 support - python-2.7.4-no-REUSEPORT.patch: disable test of missing kernel functionality - drop unnecessary patch: python-2.7.1-distutils_test_path.patch - switch to xz archive ------------------------------------------------------------------- Tue May 28 08:42:49 UTC 2013 - speilicke@suse.com - Update to version 2.7.5: + bugfix-only release + fixes several important regressions introduced in 2.7.4 + Issue #15535: Fixed regression in the pickling of named tuples by removing the __dict__ property introduced in 2.7.4. + Issue #17857: Prevent build failures with pre-3.5.0 versions of sqlite3, such as was shipped with Centos 5 and Mac OS X 10.4. + Issue #17703: Fix a regression where an illegal use of Py_DECREF() after interpreter finalization can cause a crash. + Issue #16447: Fixed potential segmentation fault when setting __name__ on a class. + Issue #17610: Don't rely on non-standard behavior of the C qsort() function. 12 See http://hg.python.org/cpython/file/ab05e7dd2788/Misc/NEWS for more - Drop upstreamed patches: + python-2.7.3-fix-dbm-64bit-bigendian.patch + python-test_structmembers.patch - Rebased other patches ------------------------------------------------------------------- Mon May 13 09:24:29 UTC 2013 - dmueller@suse.com - add aarch64 to the list of 64-bit platforms ------------------------------------------------------------------- Thu May 9 16:11:23 UTC 2013 - jmatejek@suse.com - update to 2.7.4 * bugfix-only release - drop upstreamed patches: pypirc-secure.diff python-2.7.3-multiprocessing-join.patch ctypes-libffi-aarch64.patch - drop python-2.7rc2-configure.patch as it doesn't seem necessary anymore ------------------------------------------------------------------- Fri Apr 5 13:33:27 UTC 2013 - idonmez@suse.com - Add Source URL, see https://en.opensuse.org/SourceUrls ------------------------------------------------------------------- Wed Feb 27 17:04:32 UTC 2013 - schwab@suse.de - Add aarch64 to the list of lib64 platforms ------------------------------------------------------------------- Mon Feb 25 17:24:52 UTC 2013 - jmatejek@suse.com - fix pythonstart failing on $HOME-less users (bnc#804978) ------------------------------------------------------------------- Sat Feb 9 16:24:10 UTC 2013 - schwab@suse.de - Add ctypes-libffi-aarch64.patch: import aarch64 support for libffi in _ctypes module ------------------------------------------------------------------- Fri Feb 8 14:49:45 UTC 2013 - jmatejek@suse.com - multiprocessing: thread joining itself (bnc#747794) - gettext: fix cases where no bundle is found (bnc#794139) ------------------------------------------------------------------- Thu Oct 25 11:21:06 UTC 2012 - coolo@suse.com - add explicit buildrequire on libbz2-devel ------------------------------------------------------------------- Mon Oct 15 10:39:15 UTC 2012 - coolo@suse.com - buildrequire explicitly netcfg for the test suite ------------------------------------------------------------------- Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com - remove distutils.cfg (bnc#658604) * this changes default prefix for distutils to /usr * see ML for details: http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html ------------------------------------------------------------------- Fri Aug 3 18:43:32 UTC 2012 - dimstar@opensuse.org - Add python-bundle-lang.patch: gettext: If bindtextdomain is instructed to look in the default location of translations, we check additionally in locale-bundle. Fixes issues like bnc#617751 ------------------------------------------------------------------- Tue Jul 31 12:36:04 UTC 2012 - jmatejek@suse.com - all subpackages require python-base=%{version}-%{release} explicitly (fixes bnc#766778 bug and similar that might arise in the future) ------------------------------------------------------------------- Tue Jun 26 11:54:22 UTC 2012 - dvaleev@suse.com - Fix failing test_dbm on ppc64 ------------------------------------------------------------------- Thu May 17 17:49:31 UTC 2012 - jfunk@funktronics.ca - Support directory-based certificate stores with the ca_certs parameter of SSL functions [bnc#761501] ------------------------------------------------------------------- Sat Apr 14 08:57:46 UTC 2012 - dmueller@suse.com - update to 2.7.3: * no change - remove static libpython.a from build to avoid packages linking it statically ------------------------------------------------------------------- Wed Mar 28 18:19:18 UTC 2012 - jmatejek@suse.com - update to 2.7.3rc2 * fixes several security issues: * CVE-2012-0845, bnc#747125 * CVE-2012-1150, bnc#751718 * CVE-2011-4944, bnc#754447 * CVE-2011-3389 - fix for insecure .pypirc (CVE-2011-4944, bnc#754447) !!important!! - disabled test_unicode which segfaults on 64bits. this should not happen, revisit in next RC! !!important!! ------------------------------------------------------------------- Thu Feb 16 12:33:44 UTC 2012 - dvaleev@suse.com - skip broken test_io test on ppc ------------------------------------------------------------------- Mon Dec 12 13:39:57 UTC 2011 - toddrme2178@gmail.com - Exclude /usr/bin/2to3 to prevent conflicts with python3-2to3 ------------------------------------------------------------------- Thu Dec 8 13:31:01 UTC 2011 - jmatejek@suse.com - %python_version now correctly refers to %tarversion ------------------------------------------------------------------- Mon Nov 28 09:21:32 UTC 2011 - saschpe@suse.de - Spec file cleanup: * Run spec-cleaner * Remove outdated %clean section, AutoReqProv and authors from descr. - Fix license to Python-2.0 (also SPDX style) ------------------------------------------------------------------- Fri Sep 30 09:08:59 UTC 2011 - adrian@suse.de - fix build for arm by removing an old hack for arm, bz2.so is built now ------------------------------------------------------------------- Fri Sep 16 16:21:44 UTC 2011 - jmatejek@suse.com - dropped newslist.py from demos because of bad license (bnc#718009) ------------------------------------------------------------------- Fri Aug 19 22:37:42 CEST 2011 - dmueller@suse.de - update to 2.7.2: * Bug fix only release, see http://hg.python.org/cpython/raw-file/eb3c9b74884c/Misc/NEWS for details - introduce a pre_checkin.sh file that synchronizes patches between python and python-base - rediff patches for 2.7.2 - replace kernel3 patch with the upstream solution ------------------------------------------------------------------- Fri Jul 22 13:03:49 UTC 2011 - idonmez@novell.com - Copy Lib/plat-linux2 to Lix/plat-linux3 so that DLFCN module is also available for linux3 systems bnc#707667 ------------------------------------------------------------------- Mon Jul 11 01:59:56 CEST 2011 - ro@suse.de - fix build on factory: setup reports linux3 not linux2 now, adapt checks ------------------------------------------------------------------- Tue May 31 17:58:30 UTC 2011 - jmatejek@novell.com - added explicit requires to libpython-%version-%release to prevent bugs like bnc#697251 reappearing ------------------------------------------------------------------- Tue May 24 14:27:05 UTC 2011 - jmatejek@novell.com - update to 2.7.1 * bugfix-only release, see NEWS for details - refreshed patches, dropped the upstreamed ones - dropped acrequire patch, replacing it with build-time sed - improved fix to bnc#673071 by defining the constants only for files that require it (as is done in python3) ------------------------------------------------------------------- Mon May 2 16:04:49 UTC 2011 - jmatejek@novell.com - fixed a security flaw where malicious sites could redirect Python application from http to a local file (CVE-2011-1521, bnc#682554) - fixed race condition in Makefile which randomly failed parallel builds ( http://bugs.python.org/issue10013 ) ------------------------------------------------------------------- Thu Feb 17 17:37:09 CET 2011 - pth@suse.de - Prefix DATE and TIME with PY_BUILD_ and COMPILER with PYTHON_ as to not break external code (bnc#673071). ------------------------------------------------------------------- Mon Jan 17 09:42:20 UTC 2011 - coolo@novell.com - provide pyxml to avoid touching tons of packages ------------------------------------------------------------------- Thu Nov 18 08:23:34 UTC 2010 - coolo@novell.com - add patch from http://psf.upfronthosting.co.za/roundup/tracker/issue9960 to fix build on ppc64 ------------------------------------------------------------------- Fri Oct 1 13:41:30 UTC 2010 - jmatejek@novell.com - moved unittest to python-base (it is a testing framework, not a testsuite, so it clearly belongs into stdlib) - fixed smtpd.py DoS (bnc#638233, CVE probably not assigned) ------------------------------------------------------------------- Tue Sep 21 10:07:43 UTC 2010 - coolo@novell.com - fix baselibs.conf ------------------------------------------------------------------- Thu Aug 26 15:13:49 UTC 2010 - suse-tux@gmx.de - fix for urllib2 (http://bugs.python.org/issue9639) ------------------------------------------------------------------- Thu Aug 26 13:45:19 UTC 2010 - jmatejek@novell.com - fixed distutils test - dropped autoconf version requirement (it builds just fine with other versions) ------------------------------------------------------------------- Thu Aug 26 11:37:28 UTC 2010 - jmatejek@novell.com - update to version 2.7 * improved handling of numeric types * deprecation warnings are now silent by default * new argparse module for command line arguments * many new features, see http://docs.python.org/dev/whatsnew/2.7.html for complete list *** 2.7 is supposed to be the last version from the 2.x series, so its (upstream) maintenance period will probably be longer than usual. However, upstream development now focuses on 3.x series. - cleaned up spec and patches ------------------------------------------------------------------- Fri Jul 2 13:58:38 UTC 2010 - jengelh@medozas.de - add patch from http://bugs.python.org/issue6029 - use %_smp_mflags ------------------------------------------------------------------- Mon May 17 17:07:33 CEST 2010 - matejcik@suse.cz - dropped audioop.so because of security vulnerabilities (bnc#603255) ------------------------------------------------------------------- Wed Apr 7 20:35:26 CEST 2010 - matejcik@suse.cz - update to 2.6.5 (rpm version 2.6.5) - patched test_distutils to work ------------------------------------------------------------------- Thu Mar 11 18:13:05 CET 2010 - matejcik@suse.cz - update to 2.6.5rc2 (rpm version is 2.6.4.92) * bugfix-only release - removed fwrapv patch - no longer needed - removed expat patches (this version also fixes expat vulnerabilities from bnc#581765 ) - removed readline spacing patch - no longer needed - removed https_proxy patch - no longer needed - removed test_distutils patch - no longer needed - disabled test_distutils because of spurious failure, * TODO reenable at release ------------------------------------------------------------------- Thu Feb 4 20:46:03 CET 2010 - matejcik@suse.cz - removed precompiled exe files (as noted in bnc#577032) ------------------------------------------------------------------- Fri Jan 29 15:44:15 CET 2010 - matejcik@suse.cz - enabled ipv6 in configure (bnc#572673) ------------------------------------------------------------------- Wed Dec 23 08:36:29 UTC 2009 - aj@suse.de - Apply patches with fuzz=0 ------------------------------------------------------------------- Tue Dec 15 00:22:44 CET 2009 - jengelh@medozas.de - add baselibs.conf as source ------------------------------------------------------------------- Wed Nov 4 19:04:16 CET 2009 - matejcik@suse.cz - readline shouldn't append space after completion (bnc#551715, python bug 5833) ------------------------------------------------------------------- Wed Oct 28 18:03:27 UTC 2009 - crrodriguez@opensuse.org - python-devel Requires glibc-devel ------------------------------------------------------------------- Fri Sep 4 20:16:42 CEST 2009 - matejcik@suse.cz - fixed potential DoS in python's copy of expat (bnc#534721) - added patch for potential SSL hangup during handshake (bnc#525295) ------------------------------------------------------------------- Sun Aug 2 17:01:16 UTC 2009 - jansimon.moeller@opensuse.org - fix files section for ARM, as bz2.so isn't built on ARM. ------------------------------------------------------------------- Fri Jul 31 22:41:02 CEST 2009 - matejcik@suse.cz - added /usr/lib/python2.6{,/site-packages} to the package even if it is on lib64 arch - added %python_sitelib and %python_sitearch for fedora compatibility ------------------------------------------------------------------- Thu Jul 30 18:34:09 CEST 2009 - matejcik@suse.cz - fixed test in test_distutils suite that would generate a warning when the log threshold was set too low by preceding tests ------------------------------------------------------------------- Wed Jul 29 16:09:32 CEST 2009 - matejcik@suse.cz - support noarch python packages (modified multilib patch to differentiate between purelib and platlib, added /usr/lib to search path in all cases ------------------------------------------------------------------- Thu Jul 16 10:11:27 CEST 2009 - coolo@novell.com - disable as-needed to fix build ------------------------------------------------------------------- Mon Apr 27 15:19:45 CEST 2009 - matejcik@suse.cz - update to 2.6.2 * bugfix-only release for 2.6 series ------------------------------------------------------------------- Fri Feb 6 16:10:31 CET 2009 - matejcik@suse.cz - excluded pyconfig.h and Makefile and Setup from -devel subpackage to prevent file conflicts of python-base and python-devel ------------------------------------------------------------------- Thu Jan 15 16:00:02 CET 2009 - matejcik@suse.cz - fixed gettext.py problem with empty plurals line (bnc#462375) ------------------------------------------------------------------- Wed Jan 7 12:34:56 CET 2009 - olh@suse.de - obsolete old -XXbit packages (bnc#437293) ------------------------------------------------------------------- Mon Dec 15 17:10:17 CET 2008 - matejcik@suse.cz - removed bsddb directory from python-base, reenabled in python ( bnc#441088 ) ------------------------------------------------------------------- Mon Oct 20 15:18:30 CEST 2008 - matejcik@suse.cz - added libpython and python-base to baselibs.conf (bnc#432677) - disabled test_smtplib for ia64 so that the package actually gets built (bnc#436966) ------------------------------------------------------------------- Thu Oct 9 18:56:33 CEST 2008 - matejcik@suse.cz - update to 2.6 final (version name is 2.6.0 to make upgrade from 2.6rc2 possible) - replaced site.py hack with a .pth file to do the same thing (cleaner solution that doesn't mess up documented behavior and also fixes virtualenv, bnc#430761) - enabled profile optimized build - fixed %py_requires macro (bnc#346490) - provide %name = 2.6 ------------------------------------------------------------------- Fri Sep 19 20:09:50 CEST 2008 - matejcik@suse.cz - moved tests to %check section - update to 2.6rc2, removing the last remaining security patch - included patch for https proxy support that resolves bnc#214983 (in a proper way) and bnc#298378 - included fix for socket.ssl() behavior regression, fixing bnc#426563 ------------------------------------------------------------------- Wed Sep 17 22:09:12 CEST 2008 - matejcik@suse.cz - included /etc/rpm/macros.python to fix the split-caused breakage ------------------------------------------------------------------- Tue Sep 16 18:12:10 CEST 2008 - matejcik@suse.cz - applied bug-no-proxy patch from python#3879, which should improve backwards compatibility (important i.e. for bzr) - moved python-xml to a subpackage of this (brings no additional dependencies, so it can as well stay) - moved Makefile and pyconfig.h to python-base, removing the need to have python-devel for installation - improved compatibility with older distros for 11.0 - moved ssl.py and sqlite3 module to python package - they won't work without their respective binary modules anyway ------------------------------------------------------------------- Mon Sep 15 18:34:27 CEST 2008 - matejcik@suse.cz - updated to 2.6rc1 - bugfix-only pre-stable release - renamed python-base-devel to python-devel as it should be - removed macros from libpython package name ------------------------------------------------------------------- Fri Sep 12 14:46:00 CEST 2008 - matejcik@suse.cz - moved python-devel to a subpackage of this - created libpython subpackage - moved essential files from -devel to -base, so that distutils should now be able to install without -devel package ------------------------------------------------------------------- Fri Sep 12 14:44:55 CEST 2008 - matejcik@suse.cz - split package, as per fate#305065 - moved python-devel to be a subpackage of python-base - minor fixes & packaging cleanups ------------------------------------------------------------------- Wed Sep 10 16:31:29 CEST 2008 - matejcik@suse.cz - fixed misapplied ssl-compat patch (caused segfaults when opening SSL connections, bnc#425138 ) ------------------------------------------------------------------- Wed Sep 3 17:17:06 CEST 2008 - matejcik@suse.cz - updated to 2.6beta3 from BETA dist, summary of changes follows: * patches update/cleanup * removed failing tests (test_unicode, test_urllib2), those will be reworked later to not fail * fixed ncurses/panel.h include * removed most security fixes, as they are already included in this version * removed imageop/rgbimg (reasons: they only work in 32bit environment anyway, are deprecated by upstream and have inherent security problems) * fixed pythonstart script to trim history after 10000 lines (bnc#399190) - 2.6beta3 is mostly stable release of the 2.6 series, package will be updated to 2.6 final as soon as it comes out (in the beginning of October) ------------------------------------------------------------------- Wed Jul 30 20:35:02 CEST 2008 - matejcik@suse.cz - security fixes for issues mentioned in bnc#406051: * CVE-2008-2315 - multiple integer overflows in basic types * CVE-2008-2316 - partial hashing of huge data with hashlib * CVE-2008-3142 - multiple buffer oveflows in unicode processing * CVE-2008-3144 - possible integer over/underflow in mysnprintf * buffer overflows in expandtabs() method (afaik no CVE assigned) - also mentioned CVE-2008-3143 is already fixed in python 2.5.2 ------------------------------------------------------------------- Mon Jun 30 15:38:17 CEST 2008 - schwab@suse.de - Work around autoheader bug. ------------------------------------------------------------------- Fri Jun 13 10:07:02 CEST 2008 - schwab@suse.de - Fix configure script. ------------------------------------------------------------------- Thu Apr 24 19:37:14 CEST 2008 - matejcik@suse.cz - proper path for html documentation from python-doc, help text mentioning python-doc package in pydoc (bnc#380942) ------------------------------------------------------------------- Wed Apr 16 21:20:07 CEST 2008 - matejcik@suse.cz - PyString_FromStringAndSize now checks size parameter (bnc#379534, CVE-2008-1721) ------------------------------------------------------------------- Tue Apr 15 09:14:29 CEST 2008 - adrian@suse.de - disable DNS lookup test when running in build service. The XEN build hosts have no network. ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support ------------------------------------------------------------------- Mon Apr 7 13:59:29 CEST 2008 - schwab@suse.de - Limit virtual memory to avoid spurious testsuite failures. ------------------------------------------------------------------- Mon Mar 10 18:18:43 CET 2008 - matejcik@suse.cz - bnc#367853 turned out to be invalid, upstream is already on to the real problem - forcing -fwrapv to compiler flags until upstream has a solution ------------------------------------------------------------------- Wed Feb 27 18:08:58 CET 2008 - matejcik@suse.cz - update to 2.5.2 - bugfix-only release, over 100 bugs fixed - removed hppa patch (already included) - disabled test_str until gcc issue bnc#367853 is resolved ------------------------------------------------------------------- Tue Nov 13 17:32:06 CET 2007 - matejcik@suse.cz - patched a bug in sqlite module that would cause segfault on call to executescript() -> TODO return and improve the patch ------------------------------------------------------------------- Mon Sep 3 17:57:43 CEST 2007 - matejcik@suse.cz - replaced fdupes oneliner with %fdupes macro - added /usr/bin/python2 symlink (#307097) - obsoletes python-elementtree and python-sqlite (#301182) (obsoletes, but doesn't provide - the modules that obsolete those packages are renamed and dependent packages need to be changed) ------------------------------------------------------------------- Fri Aug 24 16:42:12 CEST 2007 - bg@suse.de - fix build on hppa ------------------------------------------------------------------- Fri Aug 3 15:25:32 CEST 2007 - jmatejek@suse.cz - replaced duplicate files with hardlinks ------------------------------------------------------------------- Fri Jul 27 14:51:03 CEST 2007 - jmatejek@suse.cz - removed emacs python-mode and dependency on emacs ------------------------------------------------------------------- Fri Jun 8 16:33:09 CEST 2007 - jmatejek@suse.cz - revisited & explained failing tests - applied EINTR recovery patch (#278622) - experimental replacement of shebang strings, removing dependency on /usr/bin/env ------------------------------------------------------------------- Thu May 24 18:47:20 CEST 2007 - jmatejek@suse.cz - update to 2.5.1 - bugfix only release, over 150 bugs fixed - fixes off-by-one memory leak in _localemodule.c (#276889, CVE-2007-2052) - unnecessary patches removed, minor build cleanup - warns when attempting to use https proxy (#214983) ------------------------------------------------------------------- Tue May 22 01:13:28 CEST 2007 - ro@suse.de - make setup.py accept db-4.5 ------------------------------------------------------------------- Thu Mar 29 13:32:08 CEST 2007 - aj@suse.de - Add ncurses-devel to BuildRequires. ------------------------------------------------------------------- Sat Mar 24 18:16:08 CET 2007 - aj@suse.de - Add libbz2-devel to BuildRequires. ------------------------------------------------------------------- Fri Mar 23 15:10:09 CET 2007 - rguenther@suse.de - add gdbm-devel BuildRequires ------------------------------------------------------------------- Mon Jan 8 19:27:06 CET 2007 - cthiel@suse.de - fix sqlite3 support (#228733) ------------------------------------------------------------------- Tue Sep 19 18:20:07 CEST 2006 - jmatejek@suse.cz - update to 2.5 final, going into STABLE dist - issue with lib/python/config is not caused by dirs patch ------------------------------------------------------------------- Wed Sep 13 19:07:35 CEST 2006 - jmatejek@suse.cz - update to 2.5c2 - 2.5 final is expected next week - removed testfiles.tar.bz2 from package due to copyright issues (see #204867). Reminder: enable urlfetch or put it back (or both, using Nosource) ------------------------------------------------------------------- Tue Sep 5 13:51:48 CEST 2006 - jmatejek@suse.cz - update to 2.5c1 - many new features, see http://www.python.org/dev/peps/pep-0356/ - 64bit indices issue will require changes of modules, see http://www.python.org/dev/peps/pep-0353/ for transition guidelines - non-backwards-compatible changes, see http://docs.python.org/dev/whatsnew/section-other.html (this link is expected to die, so just search for "what's new in 2.5") - open issues in build process: - sed'ing out /usr/local/bin/python from files causes build to fail if not filtered by grep (see %prep section) - might be a bug in sed - 2.3.3-dirs patch + --enable-shared + --libdir breaks build, because "-L/usr/lib*/python2.5/config" is added instead of "-L." Workaround in 2.5c1-dirs-fix, should be replaced soon - test_file fails in autobuild, but is OK when building manually - test_nis fails in autobuild, probably due to a misconfiguration on autobuild servers - it might be good to create python-sqlite3 subpackage ------------------------------------------------------------------- Mon Apr 24 20:08:30 CEST 2006 - jmatejek@suse.cz - update to 2.4.3 - no big changes, bugfix-only release (about 50 bugs fixed) ------------------------------------------------------------------- Wed Mar 15 17:51:29 CET 2006 - jmatejek@suse.cz - moved -doc and -doc-pdf into separate noarch specfile ------------------------------------------------------------------- Mon Feb 27 18:05:56 CET 2006 - jmatejek@suse.cz - implemented /usr/local path schemes for bug #149809 - python now recognizes packages in /usr/local/lib/python2.4 - distutils install by default into /usr/local/lib/python2.4/site-packages - on 64bit systems that is of course lib64 ------------------------------------------------------------------- Wed Jan 25 21:30:52 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Sat Jan 14 13:25:08 CET 2006 - kukuk@suse.de - Add gmp-devel to nfb ------------------------------------------------------------------- Mon Nov 28 19:10:03 CET 2005 - jmatejek@suse.cz - reenabled optimization on ppc64 ------------------------------------------------------------------- Fri Nov 11 16:59:11 CET 2005 - nadvornik@suse.cz - fixed another bug in canonicalize patch [#133267] ------------------------------------------------------------------- Wed Oct 5 15:53:01 CEST 2005 - jmatejek@suse.cz - update to 2.4.2 - additional fixes to canonicalize patch, restored interactive mode ------------------------------------------------------------------- Mon Sep 26 15:40:20 CEST 2005 - jmatejek@suse.cz - replaced the previous patch with a new one - it now tries to use canonical_file_name(), falling back to realpath() and eventually readlink - canonical_file_name() branch now sets the buffer length ------------------------------------------------------------------- Fri Sep 23 16:29:19 CEST 2005 - jmatejek@suse.cz - fixed to build with gcc's new buffer overflow checking - added patch from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169046 ------------------------------------------------------------------- Fri Apr 22 17:04:38 CEST 2005 - schwab@suse.de - Always enable SSL bug workarounds. ------------------------------------------------------------------- Tue Apr 5 16:58:27 CEST 2005 - mcihar@suse.cz - update to 2.4.1 ------------------------------------------------------------------- Thu Mar 24 16:15:25 CET 2005 - uli@suse.de - fixed to build on ARM ------------------------------------------------------------------- Tue Mar 1 19:16:46 CET 2005 - mcihar@suse.cz - skip some test on ia64 for now ------------------------------------------------------------------- Tue Feb 8 16:43:56 CET 2005 - mcihar@suse.cz - mark configuration files as %config ------------------------------------------------------------------- Tue Feb 01 14:16:43 CET 2005 - mcihar@suse.cz - fix vulnerability in SimpleXMLRPCServer (bug #50321, CAN-2005-0089) ------------------------------------------------------------------- Tue Dec 28 16:43:47 CET 2004 - mcihar@suse.cz - disable bsddb tests, it fails probably on all 64-bit ------------------------------------------------------------------- Thu Dec 23 13:46:21 CET 2004 - mcihar@suse.cz - make lib64 installation also work on others than x86_64 ------------------------------------------------------------------- Mon Dec 20 17:51:29 CET 2004 - mcihar@suse.de - fixed build on ppc64 - update multiarch patch - do not test bsddb internals - remove optimalisation from flags, it breaks at least math ------------------------------------------------------------------- Mon Dec 20 14:22:15 CET 2004 - mcihar@suse.cz - added extra files needed for some tests (codecmaps and unicode normalisation) - enabled bsddb tests - reenabled test_shelve, as it works now ------------------------------------------------------------------- Thu Dec 16 17:13:04 CET 2004 - mcihar@suse.cz - update db 4.3 patch - fix bdist_rpm when spec file generates more than one rpm ------------------------------------------------------------------- Tue Dec 14 08:13:09 CET 2004 - bg@suse.de - disable tests for hppa ------------------------------------------------------------------- Mon Dec 06 12:30:59 CET 2004 - mcihar@suse.cz - fix bsddb module for current bsddb - improved readline detection ------------------------------------------------------------------- Fri Dec 03 17:37:48 CET 2004 - mcihar@suse.cz - updated documentation to 2.4 ------------------------------------------------------------------- Wed Dec 01 18:07:17 CET 2004 - mcihar@suse.cz - don't use wctype functions from glibc, it breaks at some situations - enable tests during compilation, removing currently known failures ------------------------------------------------------------------- Tue Nov 30 14:32:27 CET 2004 - mcihar@suse.cz - update to 2.4 final ------------------------------------------------------------------- Wed Nov 24 18:30:23 CET 2004 - mcihar@suse.cz - yet another ignore list update, ignore man and locale dirs ------------------------------------------------------------------- Wed Nov 24 15:15:46 CET 2004 - mcihar@suse.cz - ignore /etc and avoid infinite loop while generating directory list ------------------------------------------------------------------- Wed Nov 24 12:43:07 CET 2004 - mcihar@suse.cz - ignore one more directories in file list generating - handle correctly headers path in file list generating - handle extra_dir in file list generating - use same way as mandrake to support lib64, at least it's a bit cleaner solution than we had, so we now also have sys.lib - audioop is now enabled on 64-bit ------------------------------------------------------------------- Tue Nov 23 16:25:15 CET 2004 - mcihar@suse.cz - updated to 2.4c1 (2.4 release candidate 1) - dropped python-mpz package as it was dropped by upstream - completely rewritten and much simplified rpm file list generation, if you have problems with new version, please drop me a note - install also /etc/profile.d/python.csh ------------------------------------------------------------------- Tue Aug 24 16:22:05 CEST 2004 - mcihar@suse.cz - updated README.SUSE - added startup script, which enables saving of history and completion for interactive usage ------------------------------------------------------------------- Thu May 27 15:25:20 CEST 2004 - mcihar@suse.cz - update to 2.3.4 final (no changes from rc 1) ------------------------------------------------------------------- Wed May 19 17:11:10 CEST 2004 - mcihar@suse.cz - update to 2.3.4 release candidate 1 (obsoletes some patches taken from cvs) - forcing of large file support is not needed (for quite a long time) - updated README.SUSE ------------------------------------------------------------------- Tue Mar 16 15:24:49 CET 2004 - mcihar@suse.cz - included some fixes from cvs: - fix possible segfault in bsddb - urllib2 supports non-anonymous ftp and absolute paths - fixed GC problems in PyWeakref_NewRef ------------------------------------------------------------------- Thu Mar 11 18:36:16 CET 2004 - mcihar@suse.cz - fix readline with utf-8 (bug #34302) ------------------------------------------------------------------- Wed Mar 03 15:47:22 CET 2004 - mcihar@suse.cz - obsoletes python21 ------------------------------------------------------------------- Thu Feb 26 17:13:43 CET 2004 - mcihar@suse.cz - all subpackages depend on current python version ------------------------------------------------------------------- Thu Feb 19 13:11:04 CET 2004 - mcihar@suse.cz - fix Lib/email/Charset.py for use in some locales - fix format string in zipimport module - use system readline - add more IPV6 socket options - use sed instead of perl for replacing - include LICENSE ------------------------------------------------------------------- Sat Jan 10 11:26:35 CET 2004 - adrian@suse.de - build as user ------------------------------------------------------------------- Mon Jan 05 11:24:09 CET 2004 - mcihar@suse.cz - updated to 2.3.3 (final) - call %{run_ldconfig} in post and postun - libpython.2.3.so symlink moved to devel package (bug #33779) ------------------------------------------------------------------- Fri Dec 12 14:33:36 CET 2003 - mcihar@suse.cz - updated to 2.3.3 (release candidate 1) ------------------------------------------------------------------- Tue Nov 18 12:41:20 CET 2003 - mcihar@suse.cz - use wchar_t functions from libc, this reduces size of interpreter ------------------------------------------------------------------- Mon Oct 27 13:19:52 CET 2003 - kukuk@suse.de - Remove useless Requires - Remove not used packages from neededforbuild ------------------------------------------------------------------- Fri Oct 03 14:59:55 CEST 2003 - mcihar@suse.cz - updated to 2.3.2 - A bug in autoconf that broke building on HP/UX systems is fixed. - A bug in the Python configure script that meant os.fsync() was never available is fixed. ------------------------------------------------------------------- Thu Oct 02 16:03:05 CEST 2003 - mcihar@suse.cz - force use of directories passed to configure script (-dirs.patch), bug #31947 ------------------------------------------------------------------- Mon Sep 29 13:57:18 CEST 2003 - mcihar@suse.cz - updated to 2.3.1, most of changes were alredy included in -cvs.patch - not so verbose untaring ------------------------------------------------------------------- Thu Sep 11 14:31:48 CEST 2003 - mcihar@suse.cz - included fixes from cvs (branch release23-maint), this fixes some memory leaks and other bugs (-cvs.patch) - nicer output from pydoc (-pydoc.patch) - cleaned up configure parameters - compiling with -Wall ------------------------------------------------------------------- Wed Sep 10 18:39:00 CEST 2003 - mcihar@suse.cz - build as shared ------------------------------------------------------------------- Wed Sep 03 11:48:07 CEST 2003 - mcihar@suse.cz - python now obsoletes python-nothreads (bug #29907) ------------------------------------------------------------------- Thu Aug 14 13:23:50 CEST 2003 - mcihar@suse.cz - fixed symlinks to configuration files - cleaned up spec file ------------------------------------------------------------------- Wed Aug 06 18:03:22 CEST 2003 - mcihar@suse.cz - updated lib64 patch ------------------------------------------------------------------- Tue Aug 05 13:17:20 CEST 2003 - mcihar@suse.cz - updated to final 2.3, some highlights: * Python 2.3 is about 20-30% faster than Python 2.2.3 * Brand new IDLE * Some new or upgraded built-ins, includes better support for unicode, new bool type... * Lots of upgraded or new modules and packages. * PYTHONINSPECT variabale that can cause python to behave as it was executed with -i parameter. ------------------------------------------------------------------- Tue Jul 29 01:46:23 CEST 2003 - ro@suse.de - added tk-devel to neededforbuild ------------------------------------------------------------------- Thu Jun 26 22:57:28 CEST 2003 - mcihar@suse.cz - updated to cvs snapshot, mostly because of finally correct DESTDIR support, to avoid buildroot leftovers ------------------------------------------------------------------- Tue Jun 24 12:32:23 CEST 2003 - mcihar@suse.cz - better excluding site-packages from generated dirlist ------------------------------------------------------------------- Tue Jun 17 15:37:51 CEST 2003 - mcihar@suse.cz - ignore site-packages and share directories for filelists - include install dir if not site-packages in filelists ------------------------------------------------------------------- Tue Jun 17 10:20:09 CEST 2003 - mcihar@suse.cz - better handle mutliple level of install directories when generating %dir entries ------------------------------------------------------------------- Mon Jun 16 17:25:08 CEST 2003 - mcihar@suse.cz - one more distutils patch update: * fix generating of dirs in chrooted installs for install_data * don't include directory for install_scripts ------------------------------------------------------------------- Mon Jun 16 15:55:20 CEST 2003 - mcihar@suse.cz - updated patch to work around problems with self defined get_outputs ------------------------------------------------------------------- Mon Jun 16 12:29:31 CEST 2003 - mcihar@suse.cz - modified distutils to allow generating complete file list for rpm (including directories with %dir macro), to use this use --record-rpm= instead of --record= ------------------------------------------------------------------- Thu Jun 05 09:23:32 CEST 2003 - mcihar@suse.cz - move documentation where it was in 2.2 versions - fixed permissions for some scripts in devel package ------------------------------------------------------------------- Thu May 29 14:22:08 CEST 2003 - mcihar@suse.cz - cleaned up specfile - make executable only files that should be ------------------------------------------------------------------- Mon May 19 19:01:43 CEST 2003 - mcihar@suse.cz - removed .cvsignore files ------------------------------------------------------------------- Tue Apr 29 13:26:02 CEST 2003 - mcihar@suse.cz - updated lib64 patch ------------------------------------------------------------------- Mon Apr 28 11:25:11 CEST 2003 - mcihar@suse.cz - updated to 2.3b1, some highlights: - sum() builtin, adds a sequence of numbers, beats reduce(). - csv module, reads comma-separated-value files (and more). - timeit module, times code snippets. - os.walk(), a generator slated to replace os.path.walk(). - platform module, by Marc-Andre Lemburg, returns detailed platform information. ------------------------------------------------------------------- Thu Apr 10 14:52:48 CEST 2003 - mcihar@suse.cz - added DEFS to config/Makefile as it was in 2.2 ------------------------------------------------------------------- Wed Apr 02 14:50:29 CEST 2003 - mcihar@suse.cz - updated lib64 patch - fixed list of built modules for 64-bit arches ------------------------------------------------------------------- Tue Apr 01 17:57:56 CEST 2003 - mcihar@suse.cz - updated to python 2.3 alpha 2 - updated many builtins and modules - new modules: bsddb, bz2, datetime, logging, optparse, sets, textwrap, zipimport, - some general things have changed: - Hex/oct literals prefixed with a minus sign were handled inconsistently. - Package index and metadata for distutils. - Encoding declarations - you can put a comment of the form "# -*- coding: -*-" in the first or second line of a Python source file to indicate the encoding (e.g. utf-8). - Import from zipfiles. - see Misc/NEWS in documentation or python website - http://python.org/2.3/highlights.html for more details - moved distutils into -devel package - cleaned up specfile ------------------------------------------------------------------- Tue Apr 01 12:27:06 CEST 2003 - mcihar@suse.cz - removed RPM_BUILD_ROOT leftovers (bug #25963) ------------------------------------------------------------------- Thu Mar 6 12:05:53 CET 2003 - kukuk@suse.de - Provide/Obsolete python-tkinter ------------------------------------------------------------------- Tue Jan 28 17:51:45 CET 2003 - mcihar@suse.cz - idle symlink corrected for lib64 - fixed LIBDEST path for distutils, closes #22322 ------------------------------------------------------------------- Fri Jan 10 13:39:51 CET 2003 - mcihar@suse.cz - fixed distutils for lib64 ------------------------------------------------------------------- Wed Dec 18 13:45:15 CET 2002 - mcihar@suse.cz - improved blt detection for tkinter - build with detected version of tix - enabled SIGFPE catching - enabled signal module - enabled C++ support ------------------------------------------------------------------- Fri Nov 29 16:16:57 CET 2002 - mcihar@suse.cz - enabled ipv6 support - no apache is needed for building - python-nothreads is not built anymore as is seems that mod_python works correctly woth python 2.2.2 and threads - Makefile also copied to config directory in rpm ------------------------------------------------------------------- Wed Nov 27 10:59:03 CET 2002 - adrian@suse.de - Makefile.pre* to config directory (following the official spec file change) ------------------------------------------------------------------- Fri Nov 08 11:06:39 CET 2002 - mcihar@suse.cz - fixed bad source number for suse-start-python-mode.el ------------------------------------------------------------------- Thu Nov 07 11:37:34 CET 2002 - mcihar@suse.cz - fixed %files section for idle on lib64 arches ------------------------------------------------------------------- Wed Nov 06 10:35:50 CET 2002 - mcihar@suse.cz - included python-mode.el for emacs - idle moved from demos to separate package - merged tk and tkinter ------------------------------------------------------------------- Wed Oct 30 14:54:31 CET 2002 - mcihar@suse.cz - removed not needed l2h and tetex from neededforbuild ------------------------------------------------------------------- Wed Oct 30 11:31:44 CET 2002 - ro@suse.de - changed neededforbuild <l2h> to <latex2html> ------------------------------------------------------------------- Wed Oct 23 14:36:10 CEST 2002 - mcihar@suse.cz - updated to 2.2.2 (bugfix release) - moved python-korean into separate source package ------------------------------------------------------------------- Tue Sep 17 17:34:28 CEST 2002 - ro@suse.de - removed bogus self-provides ------------------------------------------------------------------- Tue Sep 10 13:52:26 CEST 2002 - kukuk@suse.de - Add provides for correct update ------------------------------------------------------------------- Thu Sep 5 12:14:45 CEST 2002 - ro@suse.de - remove l2h from neededforbuild (apparently no longer used) ------------------------------------------------------------------- Thu Aug 15 00:45:41 CEST 2002 - ro@suse.de - no fpectl.so on alpha ------------------------------------------------------------------- Tue Aug 13 12:45:33 CEST 2002 - uli@suse.de - rediffed lib64 patch ------------------------------------------------------------------- Thu Aug 8 07:57:25 CEST 2002 - vinil@suse.de - new version 2.2.1 - new version of Korean codes 2.0.5 and splitted to standalone package 'python-korean' - get rid of Makefile.pre.in - clean part added to spec ------------------------------------------------------------------- Sun Jul 28 09:27:46 CEST 2002 - kukuk@suse.de - removed termcap and tetex from neededforbuild (not used) ------------------------------------------------------------------- Fri Jul 26 22:03:54 CEST 2002 - adrian@suse.de - fix neededforbuild ------------------------------------------------------------------- Tue Jun 11 11:48:13 CEST 2002 - meissner@suse.de - add ppc64 to list of 64bit archs that don't compile 3 of the plugins. ------------------------------------------------------------------- Tue Jun 4 17:06:04 CEST 2002 - stepan@suse.de - change more locations of lib to %{_lib} on platforms that need it. - change Makefile to use install -d instead of mkdir to solve trouble when installing in buildroots. ------------------------------------------------------------------- Mon Jun 3 13:21:07 CEST 2002 - stepan@suse.de - Change config/Makefile and config/Makefile.pre.in to use %_lib instead of lib (fixes i.e. zope) ------------------------------------------------------------------- Fri May 17 15:08:18 CEST 2002 - sf@suse.de - changed site.py to detect the correct location (is needed at least for postresql to build - it still needs to be corrected, as only 64-bit excutable shlibs have to reside in */lib64 ------------------------------------------------------------------- Wed May 15 12:01:45 CEST 2002 - coolo@suse.de - fixing file list for s390x ------------------------------------------------------------------- Tue May 14 23:50:05 CEST 2002 - ro@suse.de - use libdir - try to get this working with lib64 ------------------------------------------------------------------- Mon May 6 17:12:49 CEST 2002 - schwab@suse.de - Build python library with -fPIC, for inclusion in shared library. ------------------------------------------------------------------- Wed Apr 17 15:48:52 CEST 2002 - schwab@suse.de - Fix detection of readline library (use -lncurses instead of -ltermcap). ------------------------------------------------------------------- Sat Mar 23 17:21:32 CET 2002 - ro@suse.de - changed neededforbuild <l2h> to <l2h l2h-pngicons> ------------------------------------------------------------------- Fri Feb 1 00:26:09 CET 2002 - ro@suse.de - changed neededforbuild <libpng> to <libpng-devel-packages> ------------------------------------------------------------------- Wed Jan 9 19:34:47 CET 2002 - rvasice@suse.cz - used correct Makefile.pre.in ------------------------------------------------------------------- Wed Jan 9 14:49:59 CET 2002 - rvasice@suse.cz - added Makefile.pre.in to enable build other python packages ------------------------------------------------------------------- Mon Jan 7 08:51:27 CET 2002 - rvasice@suse.cz - update to version 2.2 - recreated modules list ------------------------------------------------------------------- Mon Dec 17 12:55:39 CET 2001 - ro@suse.de - fixed for gmp-4.x ------------------------------------------------------------------- Mon Sep 3 13:48:04 CEST 2001 - rvasice@suse.cz - added patch for Large File Support ------------------------------------------------------------------- Mon Aug 27 10:26:55 CEST 2001 - rvasice@suse.cz - removed conflicting file /etc/susehelp.d/pythonhtml.conf from subpackage python-doc ------------------------------------------------------------------- Fri Aug 17 14:41:48 CEST 2001 - schwab@suse.de - Compile python library with -fPIC to allow inclusion in shared libraries. - Fix configure check for rl_completion_matches. - Replace use of config.guess by %ifarch. ------------------------------------------------------------------- Mon Aug 13 12:51:39 CEST 2001 - ro@suse.de - added regex module (needed for yodl) - filelist probably needs re-check ------------------------------------------------------------------- Mon Jul 30 11:34:35 CEST 2001 - rvasice@suse.cz - fix /usr/local path ------------------------------------------------------------------- Fri Jul 27 16:23:47 CEST 2001 - rvasice@suse.cz - update to version 2.1.1 ------------------------------------------------------------------- Tue May 8 02:15:19 CEST 2001 - mfabian@suse.de - bzip2 sources ------------------------------------------------------------------- Fri Apr 13 20:27:17 CEST 2001 - kukuk@suse.de - fix build with new readline library ------------------------------------------------------------------- Wed Apr 11 14:30:16 CEST 2001 - utuerk@suse.de - added pythonhtml.conf for susehelp ------------------------------------------------------------------- Fri Feb 23 16:24:25 CET 2001 - ro@suse.de - changed neededforbuild <apache> to <apache apache-devel> ------------------------------------------------------------------- Fri Feb 23 00:10:25 CET 2001 - ro@suse.de - added readline/readline-devel to neededforbuild (split from bash) ------------------------------------------------------------------- Mon Jan 22 16:25:53 CET 2001 - kukuk@suse.de - Use -fPIC ------------------------------------------------------------------- Tue Jan 16 19:26:08 CET 2001 - schwab@suse.de - Compile python library with -fpic so that it can be included in a shared library (for mod_python). ------------------------------------------------------------------- Mon Jan 15 13:00:09 CET 2001 - mt@suse.de - added uc-kr codec, thanks to Hwang, SangJin <violiet@susekorea.net> ------------------------------------------------------------------- Sun Dec 31 18:55:09 CET 2000 - schwab@suse.de - Fix filelist for ia64. ------------------------------------------------------------------- Mon Dec 18 17:18:37 CET 2000 - mt@suse.de - added sub-package python-nothreads for mod_python apache-module - added Obsoletes for old 8.3 packages names ------------------------------------------------------------------- Wed Dec 6 18:04:55 CET 2000 - mt@suse.de - cleaned up pythons tk dependencies ------------------------------------------------------------------- Thu Nov 30 01:41:16 CET 2000 - ro@suse.de - fixed tix-link ------------------------------------------------------------------- Wed Nov 29 17:26:54 CET 2000 - ro@suse.de - changed neededforbuild <tcld> to <tcl-devel> ------------------------------------------------------------------- Mon Nov 27 10:17:40 CET 2000 - mt@suse.de - changed libnetpb to libnetpbm in neededforbuild - changed file-list in python-devel ------------------------------------------------------------------- Thu Nov 23 09:39:10 CET 2000 - mt@suse.de - added openssl-devel to neededforbuild ------------------------------------------------------------------- Wed Nov 22 10:11:15 CET 2000 - mt@suse.de - removed site-packages from Setup.in patch - python-64bit.patch should be used on all 64bit platforms ------------------------------------------------------------------- Sun Nov 19 18:31:21 CET 2000 - mt@suse.de - updated to BeOpen-Python-2.0 ------------------------------------------------------------------- Fri Oct 27 14:34:14 CEST 2000 - kukuk@suse.de - Use long filenames - Fix some paths - Include <db3/db_185.h> ------------------------------------------------------------------- Thu Jul 6 01:14:30 CEST 2000 - mt@suse.de - added anydbm (whichdb.py) patch from www.tummy.com ------------------------------------------------------------------- Sat May 27 11:30:28 CEST 2000 - kukuk@suse.de - Use libtk8.3.so and libtcl8.3.so ------------------------------------------------------------------- Thu May 4 18:32:34 CEST 2000 - kukuk@suse.de - Fix filelist for new doc dir ------------------------------------------------------------------- Mon Mar 13 23:52:19 CET 2000 - ro@suse.de - fixed filelist for alpha ------------------------------------------------------------------- Wed Mar 1 18:17:20 CET 2000 - werner@suse.de - Fix config.guess selection ------------------------------------------------------------------- Wed Feb 16 15:13:47 CET 2000 - uli@suse.de - passing MANDIR to "make install libinstall" (seems like it gets lost somewhere) ------------------------------------------------------------------- Wed Feb 16 00:25:30 CET 2000 - ro@suse.de - man to /usr/share using macro ------------------------------------------------------------------- Tue Feb 15 20:43:25 CET 2000 - mt@suse.de - stripped the python binary ------------------------------------------------------------------- Mon Oct 11 17:40:31 MEST 1999 - max@suse.de - ready for the new Tcl/Tk packages ------------------------------------------------------------------- Mon Sep 27 16:31:01 CEST 1999 - bs@suse.de - fixed requirements for sub packages ------------------------------------------------------------------- Mon Sep 20 18:25:03 CEST 1999 - ro@suse.de - added python_image_lib as requires to pyth_tk and as provides to pyth_tkl ------------------------------------------------------------------- Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de - ran old prepare_spec on spec file to switch to new prepare_spec. ------------------------------------------------------------------- Mon Jun 7 14:27:02 MEST 1999 - mt@suse.de - disabled pyth_dvi module in spec-file ------------------------------------------------------------------- Wed May 26 12:27:24 MEST 1999 - ro@suse.de - added libpng to neededforbuild ------------------------------------------------------------------- Wed May 26 12:06:13 MEST 1999 - ro@suse.de - added blt to neededforbuild ------------------------------------------------------------------- Tue May 25 16:00:31 MEST 1999 - mt@suse.de - new version 1.5.2 - splited into sub-packages: pyth_doc, pyth_ps, pyth_pdf, pyth_dvi, pyth_dmo, pyth_tk, pyth_tkl, pyth_cur, pythgdbm to have better base-package compatibility to andrich.net. ------------------------------------------------------------------- Thu Mar 18 01:13:02 MET 1999 - ro@suse.de - don't set POSIXLY_CORRECT for second patch ------------------------------------------------------------------- Mon Jan 18 23:55:16 MET 1999 - ro@suse.de - added automake to neededforbuild - alpha-fix: don't mix up dec-osf with linux-alpha ------------------------------------------------------------------- Tue Dec 1 23:50:20 MET 1998 - mt@suse.de - removed TkInter into a separate package - pyth_tk - to make it possible to replace it with a PIL based TkInter (Python Imaging Lib) and better package dependecies (not each app needs TkInter) - removed Makefile.Linux - all build is done from spec file now - more /usr/local path fixes ------------------------------------------------------------------- Fri Nov 6 15:37:40 MET 1998 - ro@suse.de - added automake to neededforbuild - configure with threads ------------------------------------------------------------------- Thu Nov 5 09:53:54 MET 1998 - ro@suse.de - use db_185.h only for glibc-2.1 ------------------------------------------------------------------- Wed Sep 23 12:15:47 MEST 1998 - ro@suse.de - two hacks to compile for glibc: Modules/bsddbmodule.c include db_185.h for glibc Modules/mpzmodule.c gmp-mparam.h dont exist for glibc / use define ------------------------------------------------------------------- Sun Aug 23 13:15:31 MEST 1998 - ke@suse.de - Compress PostScript docu. ------------------------------------------------------------------- Mon Aug 17 12:47:42 MEST 1998 - mt@suse.de - linked readline- and curses-modules with ncurses ------------------------------------------------------------------- Fri Aug 7 21:47:11 MEST 1998 - mt@suse.de - python modules - file permissions changed (-x) ------------------------------------------------------------------- Sat Jul 11 12:57:01 MEST 1998 - bs@suse.de - fixed neededforbuild ------------------------------------------------------------------- Thu Jul 9 00:29:05 MEST 1998 - mt@suse.de - new revision 1.5.1 - docu in a separate package (pyth_doc) - Tkinter uses tk8.0/tcl8.0 now - first attempt to make it "alpha ready" (spec- & dif-file) ------------------------------------------------------------------- Mon Mar 2 18:38:49 MET 1998 - ro@suse.de - fixed dependency to /usr/local/bin/python ------------------------------------------------------------------- Mon Feb 9 17:28:57 MET 1998 - ro@suse.de - added some in neededforbuild ------------------------------------------------------------------- Wed Feb 4 19:27:08 CET 1998 - mt@suse.de - new Version 1.5 with more features, html documentation and new modules ------------------------------------------------------------------- Mon Sep 15 14:57:42 CEST 1997 - mt@suse.de - added support for readline and (shared) modules: tkinter, dbm, gdbm, syslog, ncurses, ... - see /usr/lib/python1.4/config/Setup for details ------------------------------------------------------------------- Thu Jun 5 17:57:42 CEST 1997 - mt@suse.de - new Version 1.4 - a symlink (python -> python1.4) will be used instead of a hardlink
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
