Overview Repositories Revisions Requests Users Attributes Meta

Revisions of python

Richard Brown's avatar Richard Brown (RBrownSUSE) accepted request 875546 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 154) 
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
  use of semicolon as a query string separator (bpo#42967,
  bsc#1182379, CVE-2021-23336).
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
  use of semicolon as a query string separator (bpo#42967,
  bsc#1182379, CVE-2021-23336).
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
  use of semicolon as a query string separator (bpo#42967,
  bsc#1182379, CVE-2021-23336).
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 868217 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 153) 
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 860672 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 152) 
- (bsc#1180125) We really don't Require python-rpm-macros package.
  Unnecessary dependency.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 810400 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 151) 
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
  configure.ac to consider the correct version of
  PYTHON_FO_REGEN (bsc#1078326).
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 798115 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 150) 
- Update to 2.7.18, final release of Python 2. Ever.:
  - Newline characters have been escaped when performing uu
    encoding to prevent them from overflowing into to content
    section of the encoded file. This prevents malicious or
    accidental modification of data during the decoding process.
  - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch
    by Ben Caller.
  - Fixed line numbers and column offsets for AST nodes for calls
    without arguments in decorators.
  - Disallow control characters in hostnames in http.client,
    addressing CVE-2019-18348. Such potentially malicious header
    injection URLs now cause a InvalidURL to be raised.
  - Fix urllib.urlretrieve failing on subsequent ftp transfers
    from the same host.
  - Fix problems identified by GCC's -Wstringop-truncation
    warning.
  - AddRefActCtx() was needlessly being checked for failure in
    PC/dl_nt.c.
  - Prevent failure of test_relative_path in test_py_compile on
    macOS Catalina.
  - Fixed possible leak in :c:func:`PyArg_Parse` and similar
    functions for format units "es#" and "et#" when the macro
    :c:macro:`PY_SSIZE_T_CLEAN` is not defined.
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 772516 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 149) 
- Add CVE-2019-9674-zip-bomb.patch to improve documentation
  warning about dangers of zip-bombs and other security problems
  with zipfile library. (bsc#1162825 CVE-2019-9674)

- Change to Requires: libpython%{so_version} == %{version}-%{release}
  to python-base to keep both packages always synchronized (add
  %{so_version}) (bsc#1162224).
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 769788 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 148) 
- Provide python-testsuite from devel subkg to ease py2->py3
  dependencies

- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
  off tests coliding with the combination of modern Python and
  ancient OpenSSL on SLE-12.

- Provide python-testsuite from devel subkg to ease py2->py3
  dependencies

- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
  off tests coliding with the combination of modern Python and
  ancient OpenSSL on SLE-12.

- libnsl is required only on more recent SLEs and openSUSE, older
  glibc supported NIS on its own.

- Provide python-testsuite from devel subkg to ease py2->py3
  dependencies

- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
  off tests coliding with the combination of modern Python and
  ancient OpenSSL on SLE-12.

- libnsl is required only on more recent SLEs and openSUSE, older
  glibc supported NIS on its own.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 763333 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 147) 
- libnsl is required only on more recent SLEs and openSUSE, older
  glibc supported NIS on its own.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 760397 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 146) 
- Add provides in gdbm subpackage to provide dbm symbols. This
  allows us to use %%{python_module dbm} as a dependency and have
  it properly resolved for both python2 and python3

- Add provides in gdbm subpackage to provide dbm symbols. This
  allows us to use %%{python_module dbm} as a dependency and have
  it properly resolved for both python2 and python3

- Add provides in gdbm subpackage to provide dbm symbols. This
  allows us to use %%{python_module dbm} as a dependency and have
  it properly resolved for both python2 and python3
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 753190 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 144) 
- Move /etc/pythonstart script to shared-python-startup
  package. 

- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from
  bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes
  bsc#1149792

- Add adapted-from-F00251-change-user-install-location.patch fixing
  pip/distutils to install into /usr/local.

  - python-2.7.14-CVE-2018-1000030-1.patch
  - python-2.7.14-CVE-2018-1000030-2.patch
- Renamed remove-static-libpython.diff and python-bsddb6.diff to
  remove-static-libpython.patch and python-bsddb6.patch to unify
  filenames.
- Add CVE-2019-16056-email-parse-addr.patch fixing the email
  module wrongly parses email addresses [bsc#1149955,
  CVE-2019-16056]

- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch
  which fixes regression introduced by the previous patch.
  (CVE-2019-10160)
  Upstream gh#python/cpython#13812

  no error will be raised (CVE-2019-9636).
        remove-static-libpython.patch
- bsc#1109847: add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
  fixing bpo-34623.

- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 734624 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 141) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 677944 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 136) 
- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch
  fixing bpo-35746.
  An exploitable denial-of-service vulnerability exists in the
  X509 certificate parser of Python.org Python 2.7.11 / 3.7.2.
  A specially crafted X509 certificate can cause a NULL pointer
  dereference, resulting in a denial of service. An attacker can
  initiate or accept TLS connections using crafted certificates
  to trigger this vulnerability.
Displaying revisions 41 - 60 of 195
openSUSE Build Service is sponsored by
Places