Overview

File _patchinfo of Package patchinfo.14950

<patchinfo incident="14950">
  <issue tracker="bnc" id="1027282">Update python to 2.7.13 and python3 to 3.4.6</issue>
  <issue tracker="bnc" id="1041090">trackerbug: packages do not build reproducibly from unsorted input</issue>
  <issue tracker="bnc" id="1042670">Python and python3 fail to build with openssl-1.1</issue>
  <issue tracker="bnc" id="1073269">python-base fails to build on s390x and ppc64le</issue>
  <issue tracker="bnc" id="1073748">Segfault in libpython2.7.so.1</issue>
  <issue tracker="bnc" id="1078326">python-devel has dependency on /usr/bin/python3</issue>
  <issue tracker="bnc" id="1078485">python-base test_multiprocessing on self.assertTrue(got_signal[0]) failure ppc64le</issue>
  <issue tracker="bnc" id="1081750">python tarfile uses random order</issue>
  <issue tracker="bnc" id="1084650">GCC 8: python-base is miscompiled</issue>
  <issue tracker="bnc" id="1086001">python tarfile uses random order</issue>
  <issue tracker="bnc" id="1149792">openssl 1.1.1c causes build failures in other packages</issue>
  <issue tracker="bnc" id="1153830">No application launcher for Phyton IDLE in K-launcher.</issue>
  <issue tracker="bnc" id="1155094">VUL-0: CVE-2019-18348: python,python36,python3,python27: CRLF injection via the host part of the url passed to urlopen()</issue>
  <issue tracker="bnc" id="1159035">Unify python packages over different distributions</issue>
  <issue tracker="bnc" id="1162224">Installed version missmatch between libpython3_6m1_0 and python3-base (problem for cmake)</issue>
  <issue tracker="bnc" id="1162367">VUL-0: CVE-2020-8492: python,python36,python3,python27: Python urllib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)</issue>
  <issue tracker="bnc" id="1162825">VUL-1: CVE-2019-9674: python,python36,python3,python27: Lib/zipfile.py allows remote attackers to cause a denial of service via a ZIP bomb</issue>
  <issue tracker="bnc" id="1165894">Python3 conflicts with python2 on idle subpkg</issue>
  <issue tracker="bnc" id="1170411">get a error "Could not open PYTHONSTARTUP" after running python2.7 command</issue>
  <issue tracker="bnc" id="1171561">pytest-xdist fails with internal error</issue>
  <issue tracker="bnc" id="945401">python file conflict</issue>
  <issue tracker="cve" id="2019-18348"/>
  <issue tracker="cve" id="2019-9674"/>
  <issue tracker="cve" id="2020-8492"/>
  <issue tracker="fate" id="305065"/>
  <issue tracker="fate" id="318300"/>
  <issue tracker="fate" id="318838"/>
  <issue tracker="fate" id="321075"/>
  <issue tracker="jsc" id="ECO-379"/>
  <packager>mcepl</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for python</summary>
  <description>

This update for python to version 2.7.17 fixes the following issues:

Syncing with lots of upstream bug fixes and security fixes.

Bug fixes:

- CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825).
- CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094).
- CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367).
- Fixed mismatches between libpython and python-base versions (bsc#1162224).
- Fixed segfault in libpython2.7.so.1 (bsc#1073748).
- Unified packages among openSUSE:Factory and SLE versions (bsc#1159035).
- Added idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830).
- Excluded tsl_check files from python-base to prevent file conflict with python-strict-tls-checks package (bsc#945401).
- Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894).

Additionally a new "shared-python-startup" package is provided containing startup files.

python-rpm-macros was updated to fix:

- Do not write .pyc files for tests (bsc#1171561)

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places