Matej Cepl (mcepl) committed about 1 year ago (revision 141)

- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
  CVE-2007-4559 (bsc#1203750) by adding the filter for
  tarfile.extractall (PEP 706).

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed about 1 year ago (revision 140)

- Why in the world we download from HTTP?

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1080041 from Steve Kowalik (StevenK) about 1 year ago (revision 139)

baserev update by copy to link target

• Files Changed
• Browse Source

Steve Kowalik (StevenK) committed about 1 year ago (revision 138)

- Use python3 modules to build the documentation.

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1068564 from Matej Cepl (mcepl) over 1 year ago (revision 137)

baserev update by copy to link target

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 136)

- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1067030 from Matej Cepl (mcepl) over 1 year ago (revision 135)

baserev update by copy to link target

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 134)

- Add provides for readline and sqlite3 to the main Python
  package.

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1061593 from Matej Cepl (mcepl) over 1 year ago (revision 133)

baserev update by copy to link target

• Files Changed
• Browse Source

Matej Cepl (mcepl) accepted request 1061586 from Thorsten Kukuk (kukuk) over 1 year ago (revision 132)

- Disable NIS for new products, it's deprecated and gets removed

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1058286 from Matej Cepl (mcepl) over 1 year ago (revision 131)

baserev update by copy to link target

• Files Changed
• Browse Source

Matej Cepl (mcepl) accepted request 1058220 from Martin Liška (marxin) over 1 year ago (revision 130)

- Suppress warnings for Sphinx 6.0+.

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1041648 from Matej Cepl (mcepl) over 1 year ago (revision 129)

baserev update by copy to link target

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 128)

Actually remove the patch.

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 127)

  - CVE-2022-45061-DoS-by-IDNA-decode.patch

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 126)

- Update to 3.9.16:
  - python -m http.server no longer allows terminal control
    characters sent within a garbage request to be printed to the
    stderr server log.
    This is done by changing the http.server
    BaseHTTPRequestHandler .log_message method to replace control
    characters with a \xHH hex escape before printing.
  - Avoid publishing list of active per-interpreter audit hooks
    via the gc module
  - The IDNA codec decoder used on DNS hostnames by socket or
    asyncio related name resolution functions no longer involves
    a quadratic algorithm. This prevents a potential CPU denial
    of service if an out-of-spec excessive length hostname
    involving bidirectional characters were decoded. Some
    protocols such as urllib http 3xx redirects potentially allow
    for an attacker to supply such a name (CVE-2015-20107).
  - Update bundled libexpat to 2.5.0
  - Port XKCP’s fix for the buffer overflows in SHA-3
    (CVE-2022-37454).
  - On Linux the multiprocessing module returns to using
    filesystem backed unix domain sockets for communication with
    the forkserver process instead of the Linux abstract socket
    namespace. Only code that chooses to use the “forkserver”
    start method is affected.
    Abstract sockets have no permissions and could allow any
    user on the system in the same network namespace (often
    the whole system) to inject code into the multiprocessing
    forkserver process. This was a potential privilege
    escalation. Filesystem based socket permissions restrict this
    to the forkserver process user as was the default in Python

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1034968 from Matej Cepl (mcepl) over 1 year ago (revision 125)

baserev update by copy to link target

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 124)

- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1033552 from Matej Cepl (mcepl) over 1 year ago (revision 123)

baserev update by copy to link target

• Files Changed
• Browse Source

Matej Cepl (mcepl) committed over 1 year ago (revision 122)

- Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
  CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
  privilege escalation via the multiprocessing forkserver start
  method.

• Files Changed
• Browse Source