Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
python
python-base.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File python-base.changes of Package python
------------------------------------------------------------------- Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com - bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746. An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. ------------------------------------------------------------------- Fri Jun 17 12:33:23 UTC 2016 - jmatejek@suse.com - CVE-2016-0772-smtplib-starttls.patch: smtplib vulnerability opens startTLS stripping attack (CVE-2016-0772, bsc#984751) - CVE-2016-5636-zipimporter-overflow.patch: heap overflow when importing malformed zip files (CVE-2016-5636, bsc#985177) - CVE-2016-5699-http-header-injection.patch: incorrect validation of HTTP headers allow header injection (CVE-2016-5699, bsc#985348) - python-2.7-httpoxy.patch: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (CVE-2016-1000110, bsc#989523) ------------------------------------------------------------------- Mon Jun 29 08:32:44 UTC 2015 - meissner@suse.com - python-fix-short-dh.patch: Bump DH parameters to 2048 bit to fix logjam security issue. bsc#935856 ------------------------------------------------------------------- Tue May 19 11:18:12 UTC 2015 - schwab@suse.de - Reenable test_posix on aarch64 ------------------------------------------------------------------- Sun Dec 21 19:14:17 UTC 2014 - schwab@suse.de - python-2.7.4-aarch64.patch: Remove obsolete patch - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64 ------------------------------------------------------------------- Fri Dec 12 17:11:51 UTC 2014 - jmatejek@suse.com - update to 2.7.9 * contains full backport of ssl module from Python 3.4 (PEP466) * HTTPS certificate validation enabled by default (PEP476) * SSLv3 disabled by default (bnc#901715) * backported ensurepip module (PEP477) * fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 * dozens of minor bugfixes - dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch - dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it with ssl module from Python 3 - libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well - python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional "import ssl" from test_urllib2_localnet that caused it to fail without ssl ------------------------------------------------------------------- Wed Oct 22 13:30:24 UTC 2014 - dmueller@suse.com - skip test_thread in qemu_linux_user mode ------------------------------------------------------------------- Wed Oct 1 13:00:59 UTC 2014 - jmatejek@suse.com - update to 2.7.8 * bugfix-only release, dozens of bugs fixed * fixes CVE-2014-4650 directory traversal in CGIHTTPServer * fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer() - dropped upstreamed CVE-2014-4650-CGIHTTPserver-traversal.patch - dropped upstreamed CVE-2014-7185-buffer-wraparound.patch ------------------------------------------------------------------- Wed Oct 1 13:00:59 UTC 2014 - jmatejek@suse.com - CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow in buffer() (CVE-2014-7185, bnc#898572) ------------------------------------------------------------------- Wed Jul 23 16:48:38 UTC 2014 - jmatejek@suse.com - CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file disclosure and directory traversal through URL-encoded characters (CVE-2014-4650, bnc#885882) - python-2.7.7-mhlib-linkcount.patch: remove link count optimizations that are incorrect on btrfs (and possibly other filesystems) ------------------------------------------------------------------- Fri Jun 20 13:11:34 UTC 2014 - jmatejek@suse.com - update to 2.7.7 * bugfix-only release, over a hundred bugs fixed * backported hmac.compare_digest from python3, first step of PEP 466 - drop upstreamed patches: * CVE-2014-1912-recvfrom_into.patch * python-2.7.4-no-REUSEPORT.patch * python-2.7.6-bdist-rpm.patch * python-2.7.6-imaplib.patch * python-2.7.6-sqlite-3.8.4-tests.patch - refresh patches: * python-2.7.3-ssl_ca_path.patch * python-2.7.4-canonicalize2.patch * xmlrpc_gzip_27.patch - added python keyring and signature for the main tarball ------------------------------------------------------------------- Sat Mar 15 08:05:41 UTC 2014 - schwab@suse.de - Use profile-opt only when profiling is enabled - python-2.7.2-disable-tests-in-test_io.patch: removed, no longer needed - update testsuite exclusion list: * test_signal and test_posix fail due to qemu bugs ------------------------------------------------------------------- Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de - Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, adding python-2.7.6-sqlite-3.8.4-tests.patch ------------------------------------------------------------------- Mon Feb 10 14:24:52 UTC 2014 - jmatejek@suse.com - added patches for CVE-2013-1752 (bnc#856836) issues that are missing in 2.7.6: python-2.7.6-imaplib.patch python-2.7.6-poplib.patch smtplib_maxline-2.7.patch - CVE-2013-1753 (bnc#856835) gzip decompression bomb in xmlrpc client: xmlrpc_gzip_27.patch - python-2.7.6-bdist-rpm.patch: fix broken "setup.py bdist_rpm" command (bnc#857470, issue18045) - multilib patch: add "~/.local/lib64" paths to search path (bnc#637176) - CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow in socket.recvfrom_into (CVE-2014-1912, bnc#863741) ------------------------------------------------------------------- Tue Dec 10 16:56:02 UTC 2013 - uweigand@de.ibm.com - Add Obsoletes/Provides for python-ctypes. ------------------------------------------------------------------- Sat Dec 7 02:27:51 UTC 2013 - matz@suse.de - Ignore uuid testcase in the testsuite, it relies on unreliable ifconfig output. ------------------------------------------------------------------- Tue Dec 3 20:03:08 CET 2013 - mls@suse.de - adapt python-2.7.5-multilib.patch for ppc64le ------------------------------------------------------------------- Tue Dec 3 17:30:26 UTC 2013 - dvaleev@suse.com - adjust %files for ppc64le ------------------------------------------------------------------- Tue Dec 3 17:05:45 UTC 2013 - matz@suse.de - Support for ppc64le in _ctypes libffi copy. - added patches: * libffi-ppc64le.diff ------------------------------------------------------------------- Tue Dec 3 09:44:28 UTC 2013 - adrian@suse.de - add ppc64le rules - avoid errors from source-validator ------------------------------------------------------------------- Thu Nov 21 15:39:28 UTC 2013 - jmatejek@suse.com - update to 2.7.6 * bugfix-only release * SSL-related fixes * upstream fix for CVE-2013-4238 * upstream fixes for CVE-2013-1752 - removed upstreamed patch CVE-2013-4238_py27.patch - reintroduce audioop.so as the problems with it seem to be fixed (bnc#831442) ------------------------------------------------------------------- Thu Oct 10 18:13:08 UTC 2013 - dmueller@suse.com - exclude test_mmap under qemu_linux_user - emulation fails here as the tests mmap address conflicts with qemu ------------------------------------------------------------------- Tue Jul 9 07:55:50 UTC 2013 - jengelh@inai.de - Add python-bsddb6.diff to support building against libdb-6.0 ------------------------------------------------------------------- Sat Jul 6 17:17:11 UTC 2013 - coolo@suse.com - have python-devel require python: http://lists.opensuse.org/opensuse-factory/2013-06/msg00622.html ------------------------------------------------------------------- Sun Jun 30 21:20:29 UTC 2013 - schwab@suse.de - Disable test_multiprocessing in QEmu build ------------------------------------------------------------------- Wed Jun 5 15:17:51 UTC 2013 - schwab@suse.de - Disable test_asyncore in QEmu build - Reenable testsuite on arm ------------------------------------------------------------------- Thu May 30 16:40:16 UTC 2013 - jmatejek@suse.com - python-2.7.4-aarch64.patch: add missing bits of aarch64 support - python-2.7.4-no-REUSEPORT.patch: disable test of missing kernel functionality - drop unnecessary patch: python-2.7.1-distutils_test_path.patch - switch to xz archive ------------------------------------------------------------------- Tue May 28 08:42:49 UTC 2013 - speilicke@suse.com - Update to version 2.7.5: + bugfix-only release + fixes several important regressions introduced in 2.7.4 + Issue #15535: Fixed regression in the pickling of named tuples by removing the __dict__ property introduced in 2.7.4. + Issue #17857: Prevent build failures with pre-3.5.0 versions of sqlite3, such as was shipped with Centos 5 and Mac OS X 10.4. + Issue #17703: Fix a regression where an illegal use of Py_DECREF() after interpreter finalization can cause a crash. + Issue #16447: Fixed potential segmentation fault when setting __name__ on a class. + Issue #17610: Don't rely on non-standard behavior of the C qsort() function. 12 See http://hg.python.org/cpython/file/ab05e7dd2788/Misc/NEWS for more - Drop upstreamed patches: + python-2.7.3-fix-dbm-64bit-bigendian.patch + python-test_structmembers.patch - Rebased other patches ------------------------------------------------------------------- Mon May 13 09:24:29 UTC 2013 - dmueller@suse.com - add aarch64 to the list of 64-bit platforms ------------------------------------------------------------------- Thu May 9 16:11:23 UTC 2013 - jmatejek@suse.com - update to 2.7.4 * bugfix-only release - drop upstreamed patches: pypirc-secure.diff python-2.7.3-multiprocessing-join.patch ctypes-libffi-aarch64.patch - drop python-2.7rc2-configure.patch as it doesn't seem necessary anymore ------------------------------------------------------------------- Fri Apr 5 13:33:27 UTC 2013 - idonmez@suse.com - Add Source URL, see https://en.opensuse.org/SourceUrls ------------------------------------------------------------------- Wed Feb 27 17:04:32 UTC 2013 - schwab@suse.de - Add aarch64 to the list of lib64 platforms ------------------------------------------------------------------- Sat Feb 9 16:24:10 UTC 2013 - schwab@suse.de - Add ctypes-libffi-aarch64.patch: import aarch64 support for libffi in _ctypes module ------------------------------------------------------------------- Fri Feb 8 14:49:45 UTC 2013 - jmatejek@suse.com - multiprocessing: thread joining itself (bnc#747794) - gettext: fix cases where no bundle is found (bnc#794139) ------------------------------------------------------------------- Thu Oct 25 11:21:06 UTC 2012 - coolo@suse.com - add explicit buildrequire on libbz2-devel ------------------------------------------------------------------- Mon Oct 15 10:39:15 UTC 2012 - coolo@suse.com - buildrequire explicitly netcfg for the test suite ------------------------------------------------------------------- Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com - remove distutils.cfg (bnc#658604) * this changes default prefix for distutils to /usr * see ML for details: http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html ------------------------------------------------------------------- Fri Aug 3 18:43:32 UTC 2012 - dimstar@opensuse.org - Add python-bundle-lang.patch: gettext: If bindtextdomain is instructed to look in the default location of translations, we check additionally in locale-bundle. Fixes issues like bnc#617751 ------------------------------------------------------------------- Tue Jul 31 12:36:04 UTC 2012 - jmatejek@suse.com - all subpackages require python-base=%{version}-%{release} explicitly (fixes bnc#766778 bug and similar that might arise in the future) ------------------------------------------------------------------- Tue Jun 26 11:54:22 UTC 2012 - dvaleev@suse.com - Fix failing test_dbm on ppc64 ------------------------------------------------------------------- Thu May 17 17:49:31 UTC 2012 - jfunk@funktronics.ca - Support directory-based certificate stores with the ca_certs parameter of SSL functions [bnc#761501] ------------------------------------------------------------------- Sat Apr 14 08:57:46 UTC 2012 - dmueller@suse.com - update to 2.7.3: * no change - remove static libpython.a from build to avoid packages linking it statically ------------------------------------------------------------------- Wed Mar 28 18:19:18 UTC 2012 - jmatejek@suse.com - update to 2.7.3rc2 * fixes several security issues: * CVE-2012-0845, bnc#747125 * CVE-2012-1150, bnc#751718 * CVE-2011-4944, bnc#754447 * CVE-2011-3389 - fix for insecure .pypirc (CVE-2011-4944, bnc#754447) !!important!! - disabled test_unicode which segfaults on 64bits. this should not happen, revisit in next RC! !!important!! ------------------------------------------------------------------- Thu Feb 16 12:33:44 UTC 2012 - dvaleev@suse.com - skip broken test_io test on ppc ------------------------------------------------------------------- Mon Dec 12 13:39:57 UTC 2011 - toddrme2178@gmail.com - Exclude /usr/bin/2to3 to prevent conflicts with python3-2to3 ------------------------------------------------------------------- Thu Dec 8 13:31:01 UTC 2011 - jmatejek@suse.com - %python_version now correctly refers to %tarversion ------------------------------------------------------------------- Mon Nov 28 09:21:32 UTC 2011 - saschpe@suse.de - Spec file cleanup: * Run spec-cleaner * Remove outdated %clean section, AutoReqProv and authors from descr. - Fix license to Python-2.0 (also SPDX style) ------------------------------------------------------------------- Fri Sep 30 09:08:59 UTC 2011 - adrian@suse.de - fix build for arm by removing an old hack for arm, bz2.so is built now ------------------------------------------------------------------- Fri Aug 19 22:37:42 CEST 2011 - dmueller@suse.de - update to 2.7.2: * Bug fix only release, see http://hg.python.org/cpython/raw-file/eb3c9b74884c/Misc/NEWS for details - introduce a pre_checkin.sh file that synchronizes patches between python and python-base - rediff patches for 2.7.2 - replace kernel3 patch with the upstream solution ------------------------------------------------------------------- Fri Jul 22 13:03:49 UTC 2011 - idonmez@novell.com - Copy Lib/plat-linux2 to Lix/plat-linux3 so that DLFCN module is also available for linux3 systems bnc#707667 ------------------------------------------------------------------- Mon Jul 11 01:59:56 CEST 2011 - ro@suse.de - fix build on factory: setup reports linux3 not linux2 now, adapt checks ------------------------------------------------------------------- Tue May 31 17:58:30 UTC 2011 - jmatejek@novell.com - added explicit requires to libpython-%version-%release to prevent bugs like bnc#697251 reappearing ------------------------------------------------------------------- Tue May 24 14:27:05 UTC 2011 - jmatejek@novell.com - update to 2.7.1 * bugfix-only release, see NEWS for details - refreshed patches, dropped the upstreamed ones - dropped acrequire patch, replacing it with build-time sed - improved fix to bnc#673071 by defining the constants only for files that require it (as is done in python3) ------------------------------------------------------------------- Mon May 2 16:04:49 UTC 2011 - jmatejek@novell.com - fixed a security flaw where malicious sites could redirect Python application from http to a local file (CVE-2011-1521, bnc#682554) - fixed race condition in Makefile which randomly failed parallel builds ( http://bugs.python.org/issue10013 ) ------------------------------------------------------------------- Thu Feb 17 17:37:09 CET 2011 - pth@suse.de - Prefix DATE and TIME with PY_BUILD_ and COMPILER with PYTHON_ as to not break external code (bnc#673071). ------------------------------------------------------------------- Mon Jan 17 09:42:20 UTC 2011 - coolo@novell.com - provide pyxml to avoid touching tons of packages ------------------------------------------------------------------- Thu Nov 18 08:23:34 UTC 2010 - coolo@novell.com - add patch from http://psf.upfronthosting.co.za/roundup/tracker/issue9960 to fix build on ppc64 ------------------------------------------------------------------- Fri Oct 1 13:41:30 UTC 2010 - jmatejek@novell.com - moved unittest to python-base (it is a testing framework, not a testsuite, so it clearly belongs into stdlib) - fixed smtpd.py DoS (bnc#638233, CVE probably not assigned) ------------------------------------------------------------------- Tue Sep 21 10:07:43 UTC 2010 - coolo@novell.com - fix baselibs.conf ------------------------------------------------------------------- Thu Aug 26 15:13:49 UTC 2010 - suse-tux@gmx.de - fix for urllib2 (http://bugs.python.org/issue9639) ------------------------------------------------------------------- Thu Aug 26 13:45:19 UTC 2010 - jmatejek@novell.com - fixed distutils test - dropped autoconf version requirement (it builds just fine with other versions) ------------------------------------------------------------------- Thu Aug 26 11:37:28 UTC 2010 - jmatejek@novell.com - update to version 2.7 * improved handling of numeric types * deprecation warnings are now silent by default * new argparse module for command line arguments * many new features, see http://docs.python.org/dev/whatsnew/2.7.html for complete list *** 2.7 is supposed to be the last version from the 2.x series, so its (upstream) maintenance period will probably be longer than usual. However, upstream development now focuses on 3.x series. - cleaned up spec and patches ------------------------------------------------------------------- Fri Jul 2 13:58:38 UTC 2010 - jengelh@medozas.de - add patch from http://bugs.python.org/issue6029 - use %_smp_mflags ------------------------------------------------------------------- Mon May 17 17:07:33 CEST 2010 - matejcik@suse.cz - dropped audioop.so because of security vulnerabilities (bnc#603255) ------------------------------------------------------------------- Wed Apr 7 20:35:26 CEST 2010 - matejcik@suse.cz - update to 2.6.5 (rpm version 2.6.5) - patched test_distutils to work ------------------------------------------------------------------- Thu Mar 11 18:13:05 CET 2010 - matejcik@suse.cz - update to 2.6.5rc2 (rpm version is 2.6.4.92) * bugfix-only release - removed fwrapv patch - no longer needed - removed expat patches (this version also fixes expat vulnerabilities from bnc#581765 ) - removed readline spacing patch - no longer needed - removed https_proxy patch - no longer needed - removed test_distutils patch - no longer needed - disabled test_distutils because of spurious failure, * TODO reenable at release ------------------------------------------------------------------- Thu Feb 4 20:46:03 CET 2010 - matejcik@suse.cz - removed precompiled exe files (as noted in bnc#577032) ------------------------------------------------------------------- Fri Jan 29 15:44:15 CET 2010 - matejcik@suse.cz - enabled ipv6 in configure (bnc#572673) ------------------------------------------------------------------- Wed Dec 23 08:36:29 UTC 2009 - aj@suse.de - Apply patches with fuzz=0 ------------------------------------------------------------------- Tue Dec 15 00:22:44 CET 2009 - jengelh@medozas.de - add baselibs.conf as source ------------------------------------------------------------------- Wed Oct 28 18:03:27 UTC 2009 - crrodriguez@opensuse.org - python-devel Requires glibc-devel ------------------------------------------------------------------- Fri Sep 4 20:16:42 CEST 2009 - matejcik@suse.cz - fixed potential DoS in python's copy of expat (bnc#534721) ------------------------------------------------------------------- Sun Aug 2 17:01:16 UTC 2009 - jansimon.moeller@opensuse.org - fix files section for ARM, as bz2.so isn't built on ARM. ------------------------------------------------------------------- Fri Jul 31 22:41:02 CEST 2009 - matejcik@suse.cz - added /usr/lib/python2.6{,/site-packages} to the package even if it is on lib64 arch - added %python_sitelib and %python_sitearch for fedora compatibility ------------------------------------------------------------------- Thu Jul 30 18:34:09 CEST 2009 - matejcik@suse.cz - fixed test in test_distutils suite that would generate a warning when the log threshold was set too low by preceding tests ------------------------------------------------------------------- Wed Jul 29 16:09:32 CEST 2009 - matejcik@suse.cz - support noarch python packages (modified multilib patch to differentiate between purelib and platlib, added /usr/lib to search path in all cases ------------------------------------------------------------------- Thu Jul 16 10:11:27 CEST 2009 - coolo@novell.com - disable as-needed to fix build ------------------------------------------------------------------- Mon Apr 27 15:19:45 CEST 2009 - matejcik@suse.cz - update to 2.6.2 * bugfix-only release for 2.6 series ------------------------------------------------------------------- Fri Feb 6 16:10:31 CET 2009 - matejcik@suse.cz - excluded pyconfig.h and Makefile and Setup from -devel subpackage to prevent file conflicts of python-base and python-devel ------------------------------------------------------------------- Thu Jan 15 16:00:02 CET 2009 - matejcik@suse.cz - fixed gettext.py problem with empty plurals line (bnc#462375) ------------------------------------------------------------------- Wed Jan 7 12:34:56 CET 2009 - olh@suse.de - obsolete old -XXbit packages (bnc#437293) ------------------------------------------------------------------- Mon Dec 15 17:10:17 CET 2008 - matejcik@suse.cz - removed bsddb directory from python-base, reenabled in python ------------------------------------------------------------------- Mon Oct 20 15:18:30 CEST 2008 - matejcik@suse.cz - added libpython and python-base to baselibs.conf (bnc#432677) - disabled test_smtplib for ia64 so that the package actually gets built (bnc#436966) ------------------------------------------------------------------- Thu Oct 9 18:56:33 CEST 2008 - matejcik@suse.cz - update to 2.6 final (version name is 2.6.0 to make upgrade from 2.6rc2 possible) - replaced site.py hack with a .pth file to do the same thing (cleaner solution that doesn't mess up documented behavior and also fixes virtualenv, bnc#430761) - enabled profile optimized build - fixed %py_requires macro (bnc#346490) - provide %name = 2.6 ------------------------------------------------------------------- Fri Sep 19 20:09:50 CEST 2008 - matejcik@suse.cz - moved tests to %check section - update to 2.6rc2 - included patch for https proxy support that resolves bnc#214983 (in a proper way) and bnc#298378 ------------------------------------------------------------------- Wed Sep 17 22:09:12 CEST 2008 - matejcik@suse.cz - included /etc/rpm/macros.python to fix the split-caused breakage ------------------------------------------------------------------- Tue Sep 16 18:12:10 CEST 2008 - matejcik@suse.cz - applied bug-no-proxy patch from python#3879, which should improve backwards compatibility (important i.e. for bzr) - moved python-xml to a subpackage of this (brings no additional dependencies, so it can as well stay) - moved Makefile and pyconfig.h to python-base, removing the need to have python-devel for installation - improved compatibility with older distros for 11.0 - moved ssl.py and sqlite3 module to python package - they won't work without their respective binary modules anyway ------------------------------------------------------------------- Mon Sep 15 18:34:27 CEST 2008 - matejcik@suse.cz - updated to 2.6rc1 - bugfix-only pre-stable release - renamed python-base-devel to python-devel as it should be - removed macros from libpython package name ------------------------------------------------------------------- Fri Sep 12 14:46:00 CEST 2008 - matejcik@suse.cz - moved python-devel to a subpackage of this - created libpython subpackage - moved essential files from -devel to -base, so that distutils should now be able to install without -devel package ------------------------------------------------------------------- Tue Sep 9 20:30:11 CEST 2008 - matejcik@suse.cz - initial release of python-base
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor