* Sat Sep 30 2023 mcepl@suse.com - (bsc#1214691, CVE-2022-48566) Add CVE-2022-48566-compare_digest-more-constant.patch to make compare_digest more constant-time. - Allow nis.so for SLE-12. * Thu Sep 14 2023 mcepl@suse.com - (bsc#1214685, CVE-2022-48565) Add CVE-2022-48565-plistlib-XML-vulns.patch (from gh#python/cpython#86217) reject XML entity declarations in plist files. - Remove BOTH CVE-2023-27043-email-parsing-errors.patch and Revert-gh105127-left-tests.patch (as per discussion on bsc#1210638). * Tue Sep 12 2023 daniel.garcia@suse.com - Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing gh#python/cpython#108310, backport from upstream patch gh#python/cpython#108315 (bsc#1214692, CVE-2023-40217) * Thu Aug 3 2023 mcepl@suse.com - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. * Tue Jul 11 2023 mcepl@suse.com - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). * Wed Jun 7 2023 mcepl@suse.com - Fix the application of the python-2.7.17-switch-off-failing-SSL-tests.patch. * Tue May 30 2023 schwab@suse.de - python-2.7.5-multilib.patch: Update for riscv64 - Don't fail if _ctypes or dl extension was not built * Mon May 29 2023 mcepl@suse.com - The condition around libnsl-devel BuildRequires is NOT switching off NIS support on SLE < 15, support for NIS used to be in the glibc itself. Partial revert of sr#1061583. * Wed May 24 2023 mcepl@suse.com - Add PygmentsBridge-trime_doctest_flags.patch to allow build of the documentation even with the current Sphinx. (SUSE-ONLY PATCH, DO NOT SEND UPSTREAM!) * Wed Mar 8 2023 mcepl@suse.com - Enable --with-system-ffi for non-standard architectures. * Mon Mar 6 2023 mcepl@suse.com - SLE-12 builds nis.so as well. * Wed Mar 1 2023 mcepl@suse.com - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters * Fri Jan 27 2023 kukuk@suse.com - Disable NIS for new products, it's deprecated and gets removed * Thu Jan 19 2023 mcepl@suse.com - Add skip_unverified_test.patch because apparently switching off SSL verification doesn't work on older SLE. * Tue Nov 22 2022 mcepl@suse.com - Restore python-2.7.9-sles-disable-verification-by-default.patch for SLE-12. * Wed Nov 9 2022 mcepl@suse.com - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names. * Tue Sep 13 2022 bwiedemann@suse.com - Add bpo34990-2038-problem-compileall.patch making compileall.py compliant with year 2038 (bsc#1202666, gh#python/cpython#79171), backport of fix to Python 2.7. * Wed Sep 7 2022 steven.kowalik@suse.com - Add patch CVE-2021-28861-double-slash-path.patch: * BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. (bsc#1202624, CVE-2021-28861) * Thu Jun 9 2022 mcepl@suse.com - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. * Tue May 24 2022 mliska@suse.cz - Filter out executable-stack error that is triggered for i586 target. * Sat Feb 26 2022 mcepl@suse.com - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). - Recover again proper value of %%python2_package_prefix (bsc#1175619). * Fri Feb 18 2022 mcepl@suse.com - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. * Fri Feb 18 2022 mcepl@suse.com - Older SLE versions should use old OpenSSL. * Wed Feb 9 2022 mcepl@suse.com - Add CVE-2022-0391-urllib_parse-newline-parsing.patch (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs containing ASCII newline and tabs in urlparse. * Sun Feb 6 2022 mcepl@suse.com - Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146, bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib not trust the PASV response. * Mon Dec 6 2021 dmueller@suse.com - build against openssl 1.1.x (incompatible with openssl 3.0x) for now. * Tue Nov 2 2021 meissner@suse.com - on sle12, python2 modules will still be called python-xxxx until EOL, for newer SLE versions they will be python2-xxxx * Fri Oct 15 2021 dimstar@opensuse.org - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. * Tue Sep 21 2021 mcepl@suse.com - Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch. - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). - Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211 (CVE-2020-26116, bpo#39603) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Such characters now raise ValueError. * Thu Aug 26 2021 qydwhotmail@gmail.com - Renamed patch for assigned CVE: * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch -> CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (boo#1189241, CVE-2021-3737) * Mon Aug 23 2021 qydwhotmail@gmail.com - Renamed patch for assigned CVE: * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch (boo#1189287, CVE-2021-3733) - Fix python-doc build (bpo#35293): * sphinx-update-removed-function.patch - Update documentation formatting for Sphinx 3.0 (bpo#40204). * Tue Aug 10 2021 qydwhotmail@gmail.com - Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in request (bpo#43075, boo#1189287). - Add missing security announcement to bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch. * Mon Aug 9 2021 qydwhotmail@gmail.com - Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch which fixes http client infinite line reading (DoS) after a http 100 (bpo#44022, boo#1189241). * Fri Jul 16 2021 mcepl@suse.com - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). * Fri Feb 26 2021 mcepl@suse.com - Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336). * Mon Jan 25 2021 mcepl@suse.com - Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution. * Tue Jan 5 2021 mcepl@suse.com - (bsc#1180125) We really don't Require python-rpm-macros package. Unnecessary dependency. * Sat May 30 2020 mcepl@suse.com - Add patch configure_PYTHON_FOR_REGEN.patch which makes configure.ac to consider the correct version of PYTHON_FO_REGEN (bsc#1078326). * Mon Apr 27 2020 mcepl@suse.com - Use python3-Sphinx on anything more recent than SLE-15 (inclusive). * Thu Apr 23 2020 mcepl@suse.com - Update to 2.7.18, final release of Python 2. Ever.: - Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben Caller. - Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators. - bsc#1155094 (CVE-2019-18348) Disallow control characters in hostnames in http.client. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host. - Fix problems identified by GCC's -Wstringop-truncation warning. - AddRefActCtx() was needlessly being checked for failure in PC/dl_nt.c. - Prevent failure of test_relative_path in test_py_compile on macOS Catalina. - Fixed possible leak in `PyArg_Parse` and similar functions for format units "es#" and "et#" when the macro `PY_SSIZE_T_CLEAN` is not defined. - Remove upstreamed patches: - CVE-2019-18348-CRLF_injection_via_host_part.patch - python-2.7.14-CVE-2017-1000158.patch - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch - CVE-2018-1061-DOS-via-regexp-difflib.patch - CVE-2019-10160-netloc-port-regression.patch - CVE-2019-16056-email-parse-addr.patch * Sat Feb 8 2020 mcepl@suse.com - Add CVE-2019-9674-zip-bomb.patch to improve documentation warning about dangers of zip-bombs and other security problems with zipfile library. (bsc#1162825 CVE-2019-9674) * Sat Feb 8 2020 mcepl@suse.com - Change to Requires: libpython%%{so_version} == %%{version}-%%{release} to python-base to keep both packages always synchronized (add %%{so_version}) (bsc#1162224). * Thu Feb 6 2020 mcepl@suse.com - Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug "Python urrlib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)" (bsc#1162367) * Mon Feb 3 2020 tchvatal@suse.com - Provide python-testsuite from devel subkg to ease py2->py3 dependencies * Mon Jan 27 2020 mcepl@suse.com - Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch off tests coliding with the combination of modern Python and ancient OpenSSL on SLE-12. * Fri Jan 10 2020 mcepl@suse.com - libnsl is required only on more recent SLEs and openSUSE, older glibc supported NIS on its own. * Thu Jan 2 2020 tchvatal@suse.com - Add provides in gdbm subpackage to provide dbm symbols. This allows us to use %%%%{python_module dbm} as a dependency and have it properly resolved for both python2 and python3 * Thu Dec 19 2019 dimstar@opensuse.org - Drop appstream-glib BuildRequires and no longer call appstream-util validate-relax: eliminate a build cycle between as-glib and python. The only thing would would gain by calling as-uril is catching if upstream breaks the appdata.xml file in a future release. Considering py2 is dying, chances for a new release, let alone one breaking the xml file, are slim. * Wed Dec 11 2019 mcepl@suse.com - Unify packages among openSUSE:Factory and SLE versions. (bsc#1159035) ; add missing records to this changelog. - Add idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830) * Wed Dec 4 2019 mcepl@suse.com - Add python2_split_startup Provide to make it possible to conflict older packages by shared-python-startup. * Fri Nov 22 2019 mcepl@suse.com - Move /etc/pythonstart script to shared-python-startup package. * Tue Nov 5 2019 mcepl@suse.com - Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes bsc#1149792 * Tue Nov 5 2019 steven.kowalik@suse.com - Add adapted-from-F00251-change-user-install-location.patch fixing pip/distutils to install into /usr/local. * Thu Oct 24 2019 mcepl@suse.com - Update to 2.7.17: - a bug fix release in the Python 2.7.x series. It is expected to be the penultimate release for Python 2.7. - Removed patches included upstream: - CVE-2018-20852-cookie-domain-check.patch - CVE-2019-16935-xmlrpc-doc-server_title.patch - CVE-2019-9636-netloc-no-decompose-characters.patch - CVE-2019-9947-no-ctrl-char-http.patch - CVE-2019-9948-avoid_local-file.patch - python-2.7.14-CVE-2018-1000030-1.patch - python-2.7.14-CVE-2018-1000030-2.patch - Renamed remove-static-libpython.diff and python-bsddb6.diff to remove-static-libpython.patch and python-bsddb6.patch to unify filenames. * Tue Oct 8 2019 mcepl@suse.com - Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in python/Lib/DocXMLRPCServer.py * Wed Sep 25 2019 bwiedemann@suse.com - Add bpo36302-sort-module-sources.patch (boo#1041090) * Mon Sep 16 2019 mcepl@suse.com - Add CVE-2019-16056-email-parse-addr.patch fixing the email module wrongly parses email addresses [bsc#1149955, CVE-2019-16056] * Thu Jul 25 2019 mcepl@suse.com - boo#1141853 (CVE-2018-20852) add CVE-2018-20852-cookie-domain-check.patch fixing http.cookiejar.DefaultPolicy.domain_return_ok which did not correctly validate the domain: it could be tricked into sending cookies to the wrong server. * Fri Jul 19 2019 tchvatal@suse.com - Skip test_urllib2_localnet that randomly fails in OBS * Wed Jul 3 2019 mcepl@suse.com - bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) Upstream gh#python/cpython#13812 * Wed May 29 2019 mliska@suse.cz - Set _lto_cflags to nil as it will prevent to propage LTO for Python modules that are built in a separate package. * Thu May 2 2019 mcepl@suse.com - bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised. * Mon Apr 8 2019 mcepl@suse.com - bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch removing unnecessary (and potentially harmful) URL scheme local-file://. * Mon Apr 8 2019 mcepl@suse.com - bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised (CVE-2019-9636). Upstream commits e37ef41 and 507bd8c. * Thu Apr 4 2019 mcepl@suse.com - (bsc#1111793) Update to 2.7.16: * bugfix-only release: complete list of changes on https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch which are fully included in the tarball. * Updated patches to apply cleanly: CVE-2019-5010-null-defer-x509-cert-DOS.patch bpo36160-init-sysconfig_vars.patch do-not-use-non-ascii-in-test_ssl.patch openssl-111-middlebox-compat.patch openssl-111-ssl_options.patch python-2.5.1-sqlite.patch python-2.6-gettext-plurals.patch python-2.7-dirs.patch python-2.7.2-fix_date_time_compiler.patch python-2.7.4-canonicalize2.patch python-2.7.5-multilib.patch python-2.7.9-ssl_ca_path.patch python-bsddb6.diff remove-static-libpython.patch * Update python-2.7.5-multilib.patch to pass with new platlib regime. * Fri Jan 25 2019 mcepl@suse.com - bsc#1109847 (CVE-2018-14647): add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo-34623. * Fri Jan 25 2019 mcepl@suse.com - bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance of PyWeakReference struct and does not intialize wr_prev and wr_next of new isntance. These pointers can have garbage and point to random memory locations. Python should not crash while destroying the isntance created in the same interpreter function. As per my understanding, both wr_prev and wr_next of PyWeakReference instance should be initialized to NULL to avoid segfault. * Sat Jan 19 2019 mcepl@suse.com - bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746 (CVE-2019-5010). An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. * Wed Dec 19 2018 toddrme2178@gmail.com - Use upstream-recommended %%{_rpmconfigdir}/macros.d directory for the rpm macros. * Fri Oct 26 2018 tchvatal@suse.com - Add patch openssl-111.patch to work with openssl-1.1.1 (bsc#1113755) * Tue Sep 25 2018 mcepl@suse.com - Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802] * Fri Jun 29 2018 mcepl@suse.com - Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS (CVE-2018-1061). Prior to this patch mail server's timestamp was susceptible to catastrophic backtracking on long evil response from the server. Also, it was susceptible to catastrophic backtracking, which was a potential DOS vector. [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060] * Thu Jun 7 2018 psimons@suse.com - Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this check, attackers could cause a denial of service (divide-by-zero error and application crash) via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207] * Tue May 29 2018 mcepl@suse.com - Apply "python-sorted_tar.patch" (bsc#1086001, boo#1081750) sort tarfile output directory listing * Mon May 21 2018 michael@stroeder.com - update to 2.7.15 * dozens of bugfixes, see NEWS for details - removed obsolete patches: * python-ncurses-6.0-accessors.patch * python-fix-shebang.patch * gcc8-miscompilation-fix.patch - add patch from upstream: * do-not-use-non-ascii-in-test_ssl.patch * Fri Apr 6 2018 mliska@suse.cz - Add gcc8-miscompilation-fix.patch (boo#1084650). * Tue Mar 13 2018 psimons@suse.com - Apply "python-2.7.14-CVE-2017-1000158.patch" to prevent integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution. [bsc#1068664, CVE-2017-1000158] * Mon Feb 5 2018 normand@linux.vnet.ibm.com - exclude test_socket & test_subprocess for PowerPC boo#1078485 (same ref as previous change) * Fri Feb 2 2018 normand@linux.vnet.ibm.com - Add python-skip_random_failing_tests.patch bypass boo#1078485 and exclude many tests for PowerPC * Tue Jan 30 2018 tchvatal@suse.com - Add patch python-fix-shebang.patch to fix bsc#1078326 * Fri Dec 22 2017 jmatejek@suse.com - exclude test_regrtest for s390, where it does not segfault as it should (fixes bsc#1073269) - fix segfault while creating weakref - bsc#1073748, bpo#29347 (this is actually fixed by the 2.7.14 update; mentioning this for purposes of bugfix tracking) * Mon Nov 20 2017 jmatejek@suse.com - update to 2.7.14 * dozens of bugfixes, see NEWS for details * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664) * fixed segfaults with dict mutated during search * fixed possible free-after-use problems with buffer objects with custom indexing * fixed urllib.splithost to correctly parse fragments (bpo-30500) - drop upstreamed python-2.7.13-overflow_check.patch - drop unneeded python-2.7.12-makeopcode.patch - drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch - Apply "python-2.7.14-CVE-2018-1000030-1.patch" and "python-2.7.14-CVE-2018-1000030-2.patch" to remedy a bug that would crash the Python interpreter when multiple threads used the same I/O stream concurrently. This issue is not classified as a security vulnerability due to the fact that an attacker must be able to run code, however in some situations -- such as function as a service -- this vulnerability can potentially be used by an attacker to violate a trust boundary. [bsc#1079300, CVE-2018-1000030] * Thu Nov 2 2017 mpluskal@suse.com - Call python2 instead of python in macros * Thu Sep 14 2017 vcizek@suse.com - Fix test broken with OpenSSL 1.1 (bsc#1042670) * add 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch * Mon Aug 28 2017 jmatejek@suse.com - drop SUSE_ASNEEDED=0 as it is not needed anymore * Thu Aug 17 2017 kukuk@suse.de - Add libnsl-devel build requires for glibc obsoleting libnsl * Mon May 15 2017 jmatejek@suse.com - obsolete/provide python-argparse and provide python2-argparse, because the argparse module is available from python 2.7 up * Tue Feb 28 2017 jmatejek@suse.com - SLE package update (bsc#1027282) - refresh python-2.7.5-multilib.patch - dropped upstreamed patches: python-fix-short-dh.patch python-2.7.7-mhlib-linkcount.patch python-2.7-urllib2-localnet-ssl.patch CVE-2016-0772-smtplib-starttls.patch CVE-2016-5699-http-header-injection.patch CVE-2016-5636-zipimporter-overflow.patch python-2.7-httpoxy.patch - Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1. (dimstar@opensuse.org) * Fri Feb 24 2017 bwiedemann@suse.com - Add reproducible.patch to allow reproducible builds of various python packages like python-amqp Upstream: https://github.com/python/cpython/pull/296 * Tue Jan 3 2017 jmatejek@suse.com - update to 2.7.13 * dozens of bugfixes, see NEWS for details * updated cipher lists for openssl wrapper, support openssl >= 1.1.0 * properly fix HTTPoxy (CVE-2016-1000110) * profile-opt build now applies PGO to modules as well - update python-2.7.10-overflow_check.patch with python-2.7.13-overflow_check.patch, incorporating upstream changes (bnc#964182) - add "-fwrapv" to optflags explicitly because upstream code still relies on it in many places * Fri Dec 2 2016 jmatejek@suse.com - provide python2-* symbols, for support of new packages built as python2-foo - rename macros.python to macros.python2 accordingly - require python-rpm-macros package, drop macro definitions from macros.python2 * Mon Sep 26 2016 jmatejek@suse.com - initial packaging of `python27` side-by-side variant (fate#321075, bsc#997436) - renamed `python` to `python27` in package names and requires - removed Provides and Obsoletes clauses - dropped SLE12-only patch python-2.7.9-sles-disable-verification-by-default.patch, companion sle_tls_checks_policy.py file and the python-strict-tls-checks subpackage - dropped profile files - removed /usr/bin/python and /usr/bin/python2, along with other unversioned aliases - rewrote macros file to enable stand-alone packages depending on py2.7 - re-included downloaded version of HTML documentation * Thu Jun 30 2016 jmatejek@suse.com - update to 2.7.12 * dozens of bugfixes, see NEWS for details * fixes multiple security issues: CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) CVE-2016-5636 zipimporter heap overflow (bsc#985177) CVE-2016-5699 httplib header injection (bsc#985348) (this one is actually fixed since 2.7.10) - removed upstreamed python-2.7.7-mhlib-linkcount.patch - refreshed multilib patch - python-2.7.12-makeopcode.patch - run newly-built python interpreter to make opcodes, in order not to require pre-built python - update LD_LIBRARY_PATH to use $PWD instead of "." because the test process escapes to its own directory - modify shebang-fixing scriptlet to ignore makeopcodetargets.py * Fri Jun 17 2016 jmatejek@suse.com - CVE-2016-0772-smtplib-starttls.patch: smtplib vulnerability opens startTLS stripping attack (CVE-2016-0772, bsc#984751) - CVE-2016-5636-zipimporter-overflow.patch: heap overflow when importing malformed zip files (CVE-2016-5636, bsc#985177) - CVE-2016-5699-http-header-injection.patch: incorrect validation of HTTP headers allow header injection (CVE-2016-5699, bsc#985348) - python-2.7-httpoxy.patch: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (CVE-2016-1000110, bsc#989523) * Fri Jan 29 2016 rguenther@suse.com - Add python-2.7.10-overflow_check.patch to fix broken overflow checks. [bnc#964182] * Mon Sep 14 2015 jmatejek@suse.com - copy strict-tls-checks subpackage from SLE to retain future compatibility (not built in openSUSE) - do this properly to fix bnc#945401 - update SLE check to exclude Leap which also has version 1315, just to be sure * Wed Sep 9 2015 dimstar@opensuse.org - Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1. * Thu Aug 13 2015 jmatejek@suse.com - add missing ssl.pyc and ssl.pyo to package - implement python-strict-tls-checks subpackage * when present, Python will perform TLS certificate checking by default. it is possible to remove the package to turn off the checks for compatibility with legacy scripts. * as discussed in fate#318300 * this is not built for openSUSE, but retained here in case we want to build the package for a SLE system * Mon Jun 29 2015 meissner@suse.com - python-fix-short-dh.patch: Bump DH parameters to 2048 bit to fix logjam security issue. bsc#935856 * Wed Jun 10 2015 dmueller@suse.com - add __python2 compatibility macro (used by Fedora) (fate#318838) * Sun May 24 2015 michael@stroeder.com - update to 2.7.10 - removed obsolete python-2.7-urllib2-localnet-ssl.patch * Tue May 19 2015 schwab@suse.de - Reenable test_posix on aarch64 * Sun Dec 21 2014 schwab@suse.de - python-2.7.4-aarch64.patch: Remove obsolete patch - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64 * Fri Dec 12 2014 jmatejek@suse.com - update to 2.7.9 * contains full backport of ssl module from Python 3.4 (PEP466) * HTTPS certificate validation enabled by default (PEP476) * SSLv3 disabled by default (bnc#901715) * backported ensurepip module (PEP477) * fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 * dozens of minor bugfixes - dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch - dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it with ssl module from Python 3 - libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well - python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional "import ssl" from test_urllib2_localnet that caused it to fail without ssl * Wed Oct 22 2014 dmueller@suse.com - skip test_thread in qemu_linux_user mode * Wed Oct 1 2014 jmatejek@suse.com - CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow in buffer() (CVE-2014-7185, bnc#898572) * Tue Sep 30 2014 jmatejek@suse.com - update to 2.7.8 * bugfix-only release, dozens of bugs fixed * fixes CVE-2014-4650 directory traversal in CGIHTTPServer * fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer() - dropped upstreamed CVE-2014-4650-CGIHTTPserver-traversal.patch - dropped upstreamed CVE-2014-7185-buffer-wraparound.patch * Wed Jul 23 2014 jmatejek@suse.com - CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file disclosure and directory traversal through URL-encoded characters (CVE-2014-4650, bnc#885882) - python-2.7.7-mhlib-linkcount.patch: remove link count optimizations that are incorrect on btrfs (and possibly other filesystems) * Fri Jun 20 2014 jmatejek@suse.com - update to 2.7.7 * bugfix-only release, over a hundred bugs fixed * backported hmac.compare_digest from python3, first step of PEP 466 - drop upstreamed patches: * CVE-2014-1912-recvfrom_into.patch * python-2.7.4-no-REUSEPORT.patch * python-2.7.6-bdist-rpm.patch * python-2.7.6-imaplib.patch * python-2.7.6-sqlite-3.8.4-tests.patch - refresh patches: * python-2.7.3-ssl_ca_path.patch * python-2.7.4-canonicalize2.patch * xmlrpc_gzip_27.patch - added python keyring and signature for the main tarball * Sat Mar 15 2014 schwab@suse.de - Use profile-opt only when profiling is enabled - python-2.7.2-disable-tests-in-test_io.patch: removed, no longer needed - update testsuite exclusion list: * test_signal and test_posix fail due to qemu bugs * Fri Mar 14 2014 andreas.stieger@gmx.de - Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, adding python-2.7.6-sqlite-3.8.4-tests.patch * Mon Feb 10 2014 jmatejek@suse.com - added patches for CVE-2013-1752 (bnc#856836) issues that are missing in 2.7.6: python-2.7.6-imaplib.patch python-2.7.6-poplib.patch smtplib_maxline-2.7.patch - CVE-2013-1753 (bnc#856835) gzip decompression bomb in xmlrpc client: xmlrpc_gzip_27.patch - python-2.7.6-bdist-rpm.patch: fix broken "setup.py bdist_rpm" command (bnc#857470, issue18045) - multilib patch: add "~/.local/lib64" paths to search path (bnc#637176) - CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow in socket.recvfrom_into (CVE-2014-1912, bnc#863741) * Tue Dec 10 2013 uweigand@de.ibm.com - Add Obsoletes/Provides for python-ctypes. * Sat Dec 7 2013 matz@suse.de - Ignore uuid testcase in the testsuite, it relies on unreliable ifconfig output. * Tue Dec 3 2013 mls@suse.de - adapt python-2.7.5-multilib.patch for ppc64le * Tue Dec 3 2013 dvaleev@suse.com - adjust %%files for ppc64le * Tue Dec 3 2013 matz@suse.de - Support for ppc64le in _ctypes libffi copy. - added patches: * libffi-ppc64le.diff * Tue Dec 3 2013 adrian@suse.de - add ppc64le rules - avoid errors from source-validator * Thu Nov 21 2013 jmatejek@suse.com - update to 2.7.6 * bugfix-only release * SSL-related fixes * upstream fix for CVE-2013-4238 * upstream fixes for CVE-2013-1752 - removed upstreamed patch CVE-2013-4238_py27.patch - reintroduce audioop.so as the problems with it seem to be fixed (bnc#831442) * Thu Oct 10 2013 dmueller@suse.com - exclude test_mmap under qemu_linux_user - emulation fails here as the tests mmap address conflicts with qemu * Mon Aug 26 2013 lnussel@suse.de - update python-2.7.3-ssl_ca_path.patch patch to load default verify locations if no ca_certs file is specified (bnc#827982, bnc#836739) * Fri Aug 16 2013 jmatejek@suse.com - handle NULL bytes in certain fields of SSL certificates (CVE-2013-4238, bnc#834601) * Tue Jul 9 2013 jengelh@inai.de - Add python-bsddb6.diff to support building against libdb-6.0 * Sat Jul 6 2013 coolo@suse.com - have python-devel require python: http://lists.opensuse.org/opensuse-factory/2013-06/msg00622.html * Sun Jun 30 2013 schwab@suse.de - Disable test_multiprocessing in QEmu build * Wed Jun 5 2013 schwab@suse.de - Disable test_asyncore in QEmu build - Reenable testsuite on arm * Thu May 30 2013 jmatejek@suse.com - python-2.7.4-aarch64.patch: add missing bits of aarch64 support - python-2.7.4-no-REUSEPORT.patch: disable test of missing kernel functionality - drop unnecessary patch: python-2.7.1-distutils_test_path.patch - switch to xz archive * Tue May 28 2013 speilicke@suse.com - Update to version 2.7.5: + bugfix-only release + fixes several important regressions introduced in 2.7.4 + Issue #15535: Fixed regression in the pickling of named tuples by removing the __dict__ property introduced in 2.7.4. + Issue #17857: Prevent build failures with pre-3.5.0 versions of sqlite3, such as was shipped with Centos 5 and Mac OS X 10.4. + Issue #17703: Fix a regression where an illegal use of Py_DECREF() after interpreter finalization can cause a crash. + Issue #16447: Fixed potential segmentation fault when setting __name__ on a class. + Issue #17610: Don't rely on non-standard behavior of the C qsort() function. 12 See http://hg.python.org/cpython/file/ab05e7dd2788/Misc/NEWS for more - Drop upstreamed patches: + python-2.7.3-fix-dbm-64bit-bigendian.patch + python-test_structmembers.patch - Rebased other patches * Mon May 13 2013 dmueller@suse.com - add aarch64 to the list of 64-bit platforms * Thu May 9 2013 jmatejek@suse.com - update to 2.7.4 * bugfix-only release - drop upstreamed patches: pypirc-secure.diff python-2.7.3-multiprocessing-join.patch ctypes-libffi-aarch64.patch - drop python-2.7rc2-configure.patch as it doesn't seem necessary anymore * Fri Apr 5 2013 idonmez@suse.com - Add Source URL, see https://en.opensuse.org/SourceUrls * Wed Feb 27 2013 schwab@suse.de - Add aarch64 to the list of lib64 platforms * Mon Feb 25 2013 jmatejek@suse.com - fix pythonstart failing on $HOME-less users (bnc#804978) * Sat Feb 9 2013 schwab@suse.de - Add ctypes-libffi-aarch64.patch: import aarch64 support for libffi in _ctypes module * Fri Feb 8 2013 jmatejek@suse.com - multiprocessing: thread joining itself (bnc#747794) - gettext: fix cases where no bundle is found (bnc#794139) * Thu Oct 25 2012 coolo@suse.com - add explicit buildrequire on libbz2-devel * Mon Oct 15 2012 coolo@suse.com - buildrequire explicitly netcfg for the test suite * Mon Oct 8 2012 jmatejek@suse.com - remove distutils.cfg (bnc#658604) * this changes default prefix for distutils to /usr * see ML for details: http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html * Fri Aug 3 2012 dimstar@opensuse.org - Add python-bundle-lang.patch: gettext: If bindtextdomain is instructed to look in the default location of translations, we check additionally in locale-bundle. Fixes issues like bnc#617751 * Tue Jul 31 2012 jmatejek@suse.com - all subpackages require python-base=%%{version}-%%{release} explicitly (fixes bnc#766778 bug and similar that might arise in the future) * Tue Jun 26 2012 dvaleev@suse.com - Fix failing test_dbm on ppc64 * Thu May 17 2012 jfunk@funktronics.ca - Support directory-based certificate stores with the ca_certs parameter of SSL functions [bnc#761501] * Sat Apr 14 2012 dmueller@suse.com - update to 2.7.3: * no change - remove static libpython.a from build to avoid packages linking it statically * Wed Mar 28 2012 jmatejek@suse.com - update to 2.7.3rc2 * fixes several security issues: * CVE-2012-0845, bnc#747125 * CVE-2012-1150, bnc#751718 * CVE-2011-4944, bnc#754447 * CVE-2011-3389 - fix for insecure .pypirc (CVE-2011-4944, bnc#754447) !!important!! - disabled test_unicode which segfaults on 64bits. this should not happen, revisit in next RC! !!important!! * Thu Feb 16 2012 dvaleev@suse.com - skip broken test_io test on ppc * Mon Dec 12 2011 toddrme2178@gmail.com - Exclude /usr/bin/2to3 to prevent conflicts with python3-2to3 * Thu Dec 8 2011 jmatejek@suse.com - %%python_version now correctly refers to %%tarversion * Mon Nov 28 2011 saschpe@suse.de - Spec file cleanup: * Run spec-cleaner * Remove outdated %%clean section, AutoReqProv and authors from descr. - Fix license to Python-2.0 (also SPDX style) * Fri Sep 30 2011 adrian@suse.de - fix build for arm by removing an old hack for arm, bz2.so is built now * Fri Sep 16 2011 jmatejek@suse.com - dropped newslist.py from demos because of bad license (bnc#718009) * Fri Aug 19 2011 dmueller@suse.de - update to 2.7.2: * Bug fix only release, see http://hg.python.org/cpython/raw-file/eb3c9b74884c/Misc/NEWS for details - introduce a pre_checkin.sh file that synchronizes patches between python and python-base - rediff patches for 2.7.2 - replace kernel3 patch with the upstream solution * Fri Jul 22 2011 idonmez@novell.com - Copy Lib/plat-linux2 to Lix/plat-linux3 so that DLFCN module is also available for linux3 systems bnc#707667 * Sun Jul 10 2011 ro@suse.de - fix build on factory: setup reports linux3 not linux2 now, adapt checks * Tue May 31 2011 jmatejek@novell.com - added explicit requires to libpython-%%version-%%release to prevent bugs like bnc#697251 reappearing * Tue May 24 2011 jmatejek@novell.com - update to 2.7.1 * bugfix-only release, see NEWS for details - refreshed patches, dropped the upstreamed ones - dropped acrequire patch, replacing it with build-time sed - improved fix to bnc#673071 by defining the constants only for files that require it (as is done in python3) * Mon May 2 2011 jmatejek@novell.com - fixed a security flaw where malicious sites could redirect Python application from http to a local file (CVE-2011-1521, bnc#682554) - fixed race condition in Makefile which randomly failed parallel builds ( http://bugs.python.org/issue10013 ) * Thu Feb 17 2011 pth@suse.de - Prefix DATE and TIME with PY_BUILD_ and COMPILER with PYTHON_ as to not break external code (bnc#673071). * Mon Jan 17 2011 coolo@novell.com - provide pyxml to avoid touching tons of packages * Thu Nov 18 2010 coolo@novell.com - add patch from http://psf.upfronthosting.co.za/roundup/tracker/issue9960 to fix build on ppc64 * Fri Oct 1 2010 jmatejek@novell.com - moved unittest to python-base (it is a testing framework, not a testsuite, so it clearly belongs into stdlib) - fixed smtpd.py DoS (bnc#638233, CVE probably not assigned) * Tue Sep 21 2010 coolo@novell.com - fix baselibs.conf * Thu Aug 26 2010 suse-tux@gmx.de - fix for urllib2 (http://bugs.python.org/issue9639) * Thu Aug 26 2010 jmatejek@novell.com - fixed distutils test - dropped autoconf version requirement (it builds just fine with other versions) * Thu Aug 26 2010 jmatejek@novell.com - update to version 2.7 * improved handling of numeric types * deprecation warnings are now silent by default * new argparse module for command line arguments * many new features, see http://docs.python.org/dev/whatsnew/2.7.html for complete list * ** 2.7 is supposed to be the last version from the 2.x series, so its (upstream) maintenance period will probably be longer than usual. However, upstream development now focuses on 3.x series. - cleaned up spec and patches * Fri Jul 2 2010 jengelh@medozas.de - add patch from http://bugs.python.org/issue6029 - use %%_smp_mflags * Mon May 17 2010 matejcik@suse.cz - dropped audioop.so because of security vulnerabilities (bnc#603255) * Wed Apr 7 2010 matejcik@suse.cz - update to 2.6.5 (rpm version 2.6.5) - patched test_distutils to work * Thu Mar 11 2010 matejcik@suse.cz - update to 2.6.5rc2 (rpm version is 2.6.4.92) * bugfix-only release - removed fwrapv patch - no longer needed - removed expat patches (this version also fixes expat vulnerabilities from bnc#581765 ) - removed readline spacing patch - no longer needed - removed https_proxy patch - no longer needed - removed test_distutils patch - no longer needed - disabled test_distutils because of spurious failure, * TODO reenable at release * Thu Feb 4 2010 matejcik@suse.cz - removed precompiled exe files (as noted in bnc#577032) * Fri Jan 29 2010 matejcik@suse.cz - enabled ipv6 in configure (bnc#572673) * Wed Dec 23 2009 aj@suse.de - Apply patches with fuzz=0 * Mon Dec 14 2009 jengelh@medozas.de - add baselibs.conf as source * Wed Nov 4 2009 matejcik@suse.cz - readline shouldn't append space after completion (bnc#551715, python bug 5833) * Wed Oct 28 2009 crrodriguez@opensuse.org - python-devel Requires glibc-devel * Fri Sep 4 2009 matejcik@suse.cz - fixed potential DoS in python's copy of expat (bnc#534721) - added patch for potential SSL hangup during handshake (bnc#525295) * Sun Aug 2 2009 jansimon.moeller@opensuse.org - fix files section for ARM, as bz2.so isn't built on ARM. * Fri Jul 31 2009 matejcik@suse.cz - added /usr/lib/python2.6{,/site-packages} to the package even if it is on lib64 arch - added %%python_sitelib and %%python_sitearch for fedora compatibility * Thu Jul 30 2009 matejcik@suse.cz - fixed test in test_distutils suite that would generate a warning when the log threshold was set too low by preceding tests * Wed Jul 29 2009 matejcik@suse.cz - support noarch python packages (modified multilib patch to differentiate between purelib and platlib, added /usr/lib to search path in all cases * Thu Jul 16 2009 coolo@novell.com - disable as-needed to fix build * Mon Apr 27 2009 matejcik@suse.cz - update to 2.6.2 * bugfix-only release for 2.6 series * Fri Feb 6 2009 matejcik@suse.cz - excluded pyconfig.h and Makefile and Setup from -devel subpackage to prevent file conflicts of python-base and python-devel * Thu Jan 15 2009 matejcik@suse.cz - fixed gettext.py problem with empty plurals line (bnc#462375) * Wed Jan 7 2009 olh@suse.de - obsolete old -XXbit packages (bnc#437293) * Mon Dec 15 2008 matejcik@suse.cz - removed bsddb directory from python-base, reenabled in python ( bnc#441088 ) * Mon Oct 20 2008 matejcik@suse.cz - added libpython and python-base to baselibs.conf (bnc#432677) - disabled test_smtplib for ia64 so that the package actually gets built (bnc#436966) * Thu Oct 9 2008 matejcik@suse.cz - update to 2.6 final (version name is 2.6.0 to make upgrade from 2.6rc2 possible) - replaced site.py hack with a .pth file to do the same thing (cleaner solution that doesn't mess up documented behavior and also fixes virtualenv, bnc#430761) - enabled profile optimized build - fixed %%py_requires macro (bnc#346490) - provide %%name = 2.6 * Fri Sep 19 2008 matejcik@suse.cz - moved tests to %%check section - update to 2.6rc2, removing the last remaining security patch - included patch for https proxy support that resolves bnc#214983 (in a proper way) and bnc#298378 - included fix for socket.ssl() behavior regression, fixing bnc#426563 * Wed Sep 17 2008 matejcik@suse.cz - included /etc/rpm/macros.python to fix the split-caused breakage * Tue Sep 16 2008 matejcik@suse.cz - applied bug-no-proxy patch from python#3879, which should improve backwards compatibility (important i.e. for bzr) - moved python-xml to a subpackage of this (brings no additional dependencies, so it can as well stay) - moved Makefile and pyconfig.h to python-base, removing the need to have python-devel for installation - improved compatibility with older distros for 11.0 - moved ssl.py and sqlite3 module to python package - they won't work without their respective binary modules anyway * Mon Sep 15 2008 matejcik@suse.cz - updated to 2.6rc1 - bugfix-only pre-stable release - renamed python-base-devel to python-devel as it should be - removed macros from libpython package name * Fri Sep 12 2008 matejcik@suse.cz - moved python-devel to a subpackage of this - created libpython subpackage - moved essential files from -devel to -base, so that distutils should now be able to install without -devel package * Fri Sep 12 2008 matejcik@suse.cz - split package, as per fate#305065 - moved python-devel to be a subpackage of python-base - minor fixes & packaging cleanups * Wed Sep 10 2008 matejcik@suse.cz - fixed misapplied ssl-compat patch (caused segfaults when opening SSL connections, bnc#425138 ) * Wed Sep 3 2008 matejcik@suse.cz - updated to 2.6beta3 from BETA dist, summary of changes follows: * patches update/cleanup * removed failing tests (test_unicode, test_urllib2), those will be reworked later to not fail * fixed ncurses/panel.h include * removed most security fixes, as they are already included in this version * removed imageop/rgbimg (reasons: they only work in 32bit environment anyway, are deprecated by upstream and have inherent security problems) * fixed pythonstart script to trim history after 10000 lines (bnc#399190) - 2.6beta3 is mostly stable release of the 2.6 series, package will be updated to 2.6 final as soon as it comes out (in the beginning of October) * Wed Jul 30 2008 matejcik@suse.cz - security fixes for issues mentioned in bnc#406051: * CVE-2008-2315 - multiple integer overflows in basic types * CVE-2008-2316 - partial hashing of huge data with hashlib * CVE-2008-3142 - multiple buffer oveflows in unicode processing * CVE-2008-3144 - possible integer over/underflow in mysnprintf * buffer overflows in expandtabs() method (afaik no CVE assigned) - also mentioned CVE-2008-3143 is already fixed in python 2.5.2 * Mon Jun 30 2008 schwab@suse.de - Work around autoheader bug. * Fri Jun 13 2008 schwab@suse.de - Fix configure script. * Thu Apr 24 2008 matejcik@suse.cz - proper path for html documentation from python-doc, help text mentioning python-doc package in pydoc (bnc#380942) * Wed Apr 16 2008 matejcik@suse.cz - PyString_FromStringAndSize now checks size parameter (bnc#379534, CVE-2008-1721) * Tue Apr 15 2008 adrian@suse.de - disable DNS lookup test when running in build service. The XEN build hosts have no network. * Thu Apr 10 2008 ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support * Mon Apr 7 2008 schwab@suse.de - Limit virtual memory to avoid spurious testsuite failures. * Mon Mar 10 2008 matejcik@suse.cz - bnc#367853 turned out to be invalid, upstream is already on to the real problem - forcing -fwrapv to compiler flags until upstream has a solution * Wed Feb 27 2008 matejcik@suse.cz - update to 2.5.2 - bugfix-only release, over 100 bugs fixed - removed hppa patch (already included) - disabled test_str until gcc issue bnc#367853 is resolved * Tue Nov 13 2007 matejcik@suse.cz - patched a bug in sqlite module that would cause segfault on call to executescript() - > TODO return and improve the patch * Mon Sep 3 2007 matejcik@suse.cz - replaced fdupes oneliner with %%fdupes macro - added /usr/bin/python2 symlink (#307097) - obsoletes python-elementtree and python-sqlite (#301182) (obsoletes, but doesn't provide - the modules that obsolete those packages are renamed and dependent packages need to be changed) * Fri Aug 24 2007 bg@suse.de - fix build on hppa * Fri Aug 3 2007 jmatejek@suse.cz - replaced duplicate files with hardlinks * Fri Jul 27 2007 jmatejek@suse.cz - removed emacs python-mode and dependency on emacs * Fri Jun 8 2007 jmatejek@suse.cz - revisited & explained failing tests - applied EINTR recovery patch (#278622) - experimental replacement of shebang strings, removing dependency on /usr/bin/env * Thu May 24 2007 jmatejek@suse.cz - update to 2.5.1 - bugfix only release, over 150 bugs fixed - fixes off-by-one memory leak in _localemodule.c (#276889, CVE-2007-2052) - unnecessary patches removed, minor build cleanup - warns when attempting to use https proxy (#214983) * Mon May 21 2007 ro@suse.de - make setup.py accept db-4.5 * Thu Mar 29 2007 aj@suse.de - Add ncurses-devel to BuildRequires. * Sat Mar 24 2007 aj@suse.de - Add libbz2-devel to BuildRequires. * Fri Mar 23 2007 rguenther@suse.de - add gdbm-devel BuildRequires * Mon Jan 8 2007 cthiel@suse.de - fix sqlite3 support (#228733) * Tue Sep 19 2006 jmatejek@suse.cz - update to 2.5 final, going into STABLE dist - issue with lib/python/config is not caused by dirs patch * Wed Sep 13 2006 jmatejek@suse.cz - update to 2.5c2 - 2.5 final is expected next week - removed testfiles.tar.bz2 from package due to copyright issues (see #204867). Reminder: enable urlfetch or put it back (or both, using Nosource) * Tue Sep 5 2006 jmatejek@suse.cz - update to 2.5c1 - many new features, see http://www.python.org/dev/peps/pep-0356/ - 64bit indices issue will require changes of modules, see http://www.python.org/dev/peps/pep-0353/ for transition guidelines - non-backwards-compatible changes, see http://docs.python.org/dev/whatsnew/section-other.html (this link is expected to die, so just search for "what's new in 2.5") - open issues in build process: - sed'ing out /usr/local/bin/python from files causes build to fail if not filtered by grep (see %%prep section) - might be a bug in sed - 2.3.3-dirs patch + --enable-shared + --libdir breaks build, because "-L/usr/lib*/python2.5/config" is added instead of "-L." Workaround in 2.5c1-dirs-fix, should be replaced soon - test_file fails in autobuild, but is OK when building manually - test_nis fails in autobuild, probably due to a misconfiguration on autobuild servers - it might be good to create python-sqlite3 subpackage * Mon Apr 24 2006 jmatejek@suse.cz - update to 2.4.3 - no big changes, bugfix-only release (about 50 bugs fixed) * Wed Mar 15 2006 jmatejek@suse.cz - moved -doc and -doc-pdf into separate noarch specfile * Mon Feb 27 2006 jmatejek@suse.cz - implemented /usr/local path schemes for bug #149809 - python now recognizes packages in /usr/local/lib/python2.4 - distutils install by default into /usr/local/lib/python2.4/site-packages - on 64bit systems that is of course lib64 * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires * Sat Jan 14 2006 kukuk@suse.de - Add gmp-devel to nfb * Mon Nov 28 2005 jmatejek@suse.cz - reenabled optimization on ppc64 * Fri Nov 11 2005 nadvornik@suse.cz - fixed another bug in canonicalize patch [#133267] * Wed Oct 5 2005 jmatejek@suse.cz - update to 2.4.2 - additional fixes to canonicalize patch, restored interactive mode * Mon Sep 26 2005 jmatejek@suse.cz - replaced the previous patch with a new one - it now tries to use canonical_file_name(), falling back to realpath() and eventually readlink - canonical_file_name() branch now sets the buffer length * Fri Sep 23 2005 jmatejek@suse.cz - fixed to build with gcc's new buffer overflow checking - added patch from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169046 * Fri Apr 22 2005 schwab@suse.de - Always enable SSL bug workarounds. * Tue Apr 5 2005 mcihar@suse.cz - update to 2.4.1 * Thu Mar 24 2005 uli@suse.de - fixed to build on ARM * Tue Mar 1 2005 mcihar@suse.cz - skip some test on ia64 for now * Tue Feb 8 2005 mcihar@suse.cz - mark configuration files as %%config * Tue Feb 1 2005 mcihar@suse.cz - fix vulnerability in SimpleXMLRPCServer (bug #50321, CAN-2005-0089) * Tue Dec 28 2004 mcihar@suse.cz - disable bsddb tests, it fails probably on all 64-bit * Thu Dec 23 2004 mcihar@suse.cz - make lib64 installation also work on others than x86_64 * Mon Dec 20 2004 mcihar@suse.de - fixed build on ppc64 - update multiarch patch - do not test bsddb internals - remove optimalisation from flags, it breaks at least math * Mon Dec 20 2004 mcihar@suse.cz - added extra files needed for some tests (codecmaps and unicode normalisation) - enabled bsddb tests - reenabled test_shelve, as it works now * Thu Dec 16 2004 mcihar@suse.cz - update db 4.3 patch - fix bdist_rpm when spec file generates more than one rpm * Tue Dec 14 2004 bg@suse.de - disable tests for hppa * Mon Dec 6 2004 mcihar@suse.cz - fix bsddb module for current bsddb - improved readline detection * Fri Dec 3 2004 mcihar@suse.cz - updated documentation to 2.4 * Wed Dec 1 2004 mcihar@suse.cz - don't use wctype functions from glibc, it breaks at some situations - enable tests during compilation, removing currently known failures * Tue Nov 30 2004 mcihar@suse.cz - update to 2.4 final * Wed Nov 24 2004 mcihar@suse.cz - yet another ignore list update, ignore man and locale dirs * Wed Nov 24 2004 mcihar@suse.cz - ignore /etc and avoid infinite loop while generating directory list * Wed Nov 24 2004 mcihar@suse.cz - ignore one more directories in file list generating - handle correctly headers path in file list generating - handle extra_dir in file list generating - use same way as mandrake to support lib64, at least it's a bit cleaner solution than we had, so we now also have sys.lib - audioop is now enabled on 64-bit * Tue Nov 23 2004 mcihar@suse.cz - updated to 2.4c1 (2.4 release candidate 1) - dropped python-mpz package as it was dropped by upstream - completely rewritten and much simplified rpm file list generation, if you have problems with new version, please drop me a note - install also /etc/profile.d/python.csh * Tue Aug 24 2004 mcihar@suse.cz - updated README.SUSE - added startup script, which enables saving of history and completion for interactive usage * Thu May 27 2004 mcihar@suse.cz - update to 2.3.4 final (no changes from rc 1) * Wed May 19 2004 mcihar@suse.cz - update to 2.3.4 release candidate 1 (obsoletes some patches taken from cvs) - forcing of large file support is not needed (for quite a long time) - updated README.SUSE * Tue Mar 16 2004 mcihar@suse.cz - included some fixes from cvs: - fix possible segfault in bsddb - urllib2 supports non-anonymous ftp and absolute paths - fixed GC problems in PyWeakref_NewRef * Thu Mar 11 2004 mcihar@suse.cz - fix readline with utf-8 (bug #34302) * Wed Mar 3 2004 mcihar@suse.cz - obsoletes python21 * Thu Feb 26 2004 mcihar@suse.cz - all subpackages depend on current python version * Thu Feb 19 2004 mcihar@suse.cz - fix Lib/email/Charset.py for use in some locales - fix format string in zipimport module - use system readline - add more IPV6 socket options - use sed instead of perl for replacing - include LICENSE * Sat Jan 10 2004 adrian@suse.de - build as user * Mon Jan 5 2004 mcihar@suse.cz - updated to 2.3.3 (final) - call %%{run_ldconfig} in post and postun - libpython.2.3.so symlink moved to devel package (bug #33779) * Fri Dec 12 2003 mcihar@suse.cz - updated to 2.3.3 (release candidate 1) * Tue Nov 18 2003 mcihar@suse.cz - use wchar_t functions from libc, this reduces size of interpreter * Mon Oct 27 2003 kukuk@suse.de - Remove useless Requires - Remove not used packages from neededforbuild * Fri Oct 3 2003 mcihar@suse.cz - updated to 2.3.2 - A bug in autoconf that broke building on HP/UX systems is fixed. - A bug in the Python configure script that meant os.fsync() was never available is fixed. * Thu Oct 2 2003 mcihar@suse.cz - force use of directories passed to configure script (-dirs.patch), bug #31947 * Mon Sep 29 2003 mcihar@suse.cz - updated to 2.3.1, most of changes were alredy included in -cvs.patch - not so verbose untaring * Thu Sep 11 2003 mcihar@suse.cz - included fixes from cvs (branch release23-maint), this fixes some memory leaks and other bugs (-cvs.patch) - nicer output from pydoc (-pydoc.patch) - cleaned up configure parameters - compiling with -Wall * Wed Sep 10 2003 mcihar@suse.cz - build as shared * Wed Sep 3 2003 mcihar@suse.cz - python now obsoletes python-nothreads (bug #29907) * Thu Aug 14 2003 mcihar@suse.cz - fixed symlinks to configuration files - cleaned up spec file * Wed Aug 6 2003 mcihar@suse.cz - updated lib64 patch * Tue Aug 5 2003 mcihar@suse.cz - updated to final 2.3, some highlights: * Python 2.3 is about 20-30%% faster than Python 2.2.3 * Brand new IDLE * Some new or upgraded built-ins, includes better support for unicode, new bool type... * Lots of upgraded or new modules and packages. * PYTHONINSPECT variabale that can cause python to behave as it was executed with -i parameter. * Mon Jul 28 2003 ro@suse.de - added tk-devel to neededforbuild * Thu Jun 26 2003 mcihar@suse.cz - updated to cvs snapshot, mostly because of finally correct DESTDIR support, to avoid buildroot leftovers * Tue Jun 24 2003 mcihar@suse.cz - better excluding site-packages from generated dirlist * Tue Jun 17 2003 mcihar@suse.cz - ignore site-packages and share directories for filelists - include install dir if not site-packages in filelists * Tue Jun 17 2003 mcihar@suse.cz - better handle mutliple level of install directories when generating %%dir entries * Mon Jun 16 2003 mcihar@suse.cz - one more distutils patch update: * fix generating of dirs in chrooted installs for install_data * don't include directory for install_scripts * Mon Jun 16 2003 mcihar@suse.cz - updated patch to work around problems with self defined get_outputs * Mon Jun 16 2003 mcihar@suse.cz - modified distutils to allow generating complete file list for rpm (including directories with %%dir macro), to use this use - -record-rpm= instead of --record= * Thu Jun 5 2003 mcihar@suse.cz - move documentation where it was in 2.2 versions - fixed permissions for some scripts in devel package * Thu May 29 2003 mcihar@suse.cz - cleaned up specfile - make executable only files that should be * Mon May 19 2003 mcihar@suse.cz - removed .cvsignore files * Tue Apr 29 2003 mcihar@suse.cz - updated lib64 patch * Mon Apr 28 2003 mcihar@suse.cz - updated to 2.3b1, some highlights: - sum() builtin, adds a sequence of numbers, beats reduce(). - csv module, reads comma-separated-value files (and more). - timeit module, times code snippets. - os.walk(), a generator slated to replace os.path.walk(). - platform module, by Marc-Andre Lemburg, returns detailed platform information. * Thu Apr 10 2003 mcihar@suse.cz - added DEFS to config/Makefile as it was in 2.2 * Wed Apr 2 2003 mcihar@suse.cz - updated lib64 patch - fixed list of built modules for 64-bit arches * Tue Apr 1 2003 mcihar@suse.cz - updated to python 2.3 alpha 2 - updated many builtins and modules - new modules: bsddb, bz2, datetime, logging, optparse, sets, textwrap, zipimport, - some general things have changed: - Hex/oct literals prefixed with a minus sign were handled inconsistently. - Package index and metadata for distutils. - Encoding declarations - you can put a comment of the form "# -*- coding: -*-" in the first or second line of a Python source file to indicate the encoding (e.g. utf-8). - Import from zipfiles. - see Misc/NEWS in documentation or python website - http://python.org/2.3/highlights.html for more details - moved distutils into -devel package - cleaned up specfile * Tue Apr 1 2003 mcihar@suse.cz - removed RPM_BUILD_ROOT leftovers (bug #25963) * Thu Mar 6 2003 kukuk@suse.de - Provide/Obsolete python-tkinter * Tue Jan 28 2003 mcihar@suse.cz - idle symlink corrected for lib64 - fixed LIBDEST path for distutils, closes #22322 * Fri Jan 10 2003 mcihar@suse.cz - fixed distutils for lib64 * Wed Dec 18 2002 mcihar@suse.cz - improved blt detection for tkinter - build with detected version of tix - enabled SIGFPE catching - enabled signal module - enabled C++ support * Fri Nov 29 2002 mcihar@suse.cz - enabled ipv6 support - no apache is needed for building - python-nothreads is not built anymore as is seems that mod_python works correctly woth python 2.2.2 and threads - Makefile also copied to config directory in rpm * Wed Nov 27 2002 adrian@suse.de - Makefile.pre* to config directory (following the official spec file change) * Fri Nov 8 2002 mcihar@suse.cz - fixed bad source number for suse-start-python-mode.el * Thu Nov 7 2002 mcihar@suse.cz - fixed %%files section for idle on lib64 arches * Wed Nov 6 2002 mcihar@suse.cz - included python-mode.el for emacs - idle moved from demos to separate package - merged tk and tkinter * Wed Oct 30 2002 mcihar@suse.cz - removed not needed l2h and tetex from neededforbuild * Wed Oct 30 2002 ro@suse.de - changed neededforbuild to * Wed Oct 23 2002 mcihar@suse.cz - updated to 2.2.2 (bugfix release) - moved python-korean into separate source package * Tue Sep 17 2002 ro@suse.de - removed bogus self-provides * Tue Sep 10 2002 kukuk@suse.de - Add provides for correct update * Thu Sep 5 2002 ro@suse.de - remove l2h from neededforbuild (apparently no longer used) * Wed Aug 14 2002 ro@suse.de - no fpectl.so on alpha * Tue Aug 13 2002 uli@suse.de - rediffed lib64 patch * Thu Aug 8 2002 vinil@suse.de - new version 2.2.1 - new version of Korean codes 2.0.5 and splitted to standalone package 'python-korean' - get rid of Makefile.pre.in - clean part added to spec * Sun Jul 28 2002 kukuk@suse.de - removed termcap and tetex from neededforbuild (not used) * Fri Jul 26 2002 adrian@suse.de - fix neededforbuild * Tue Jun 11 2002 meissner@suse.de - add ppc64 to list of 64bit archs that don't compile 3 of the plugins. * Tue Jun 4 2002 stepan@suse.de - change more locations of lib to %%{_lib} on platforms that need it. - change Makefile to use install -d instead of mkdir to solve trouble when installing in buildroots. * Mon Jun 3 2002 stepan@suse.de - Change config/Makefile and config/Makefile.pre.in to use %%_lib instead of lib (fixes i.e. zope) * Fri May 17 2002 sf@suse.de - changed site.py to detect the correct location (is needed at least for postresql to build - it still needs to be corrected, as only 64-bit excutable shlibs have to reside in */lib64 * Wed May 15 2002 coolo@suse.de - fixing file list for s390x * Tue May 14 2002 ro@suse.de - use libdir - try to get this working with lib64 * Mon May 6 2002 schwab@suse.de - Build python library with -fPIC, for inclusion in shared library. * Wed Apr 17 2002 schwab@suse.de - Fix detection of readline library (use -lncurses instead of -ltermcap). * Sat Mar 23 2002 ro@suse.de - changed neededforbuild to * Thu Jan 31 2002 ro@suse.de - changed neededforbuild to * Wed Jan 9 2002 rvasice@suse.cz - used correct Makefile.pre.in * Wed Jan 9 2002 rvasice@suse.cz - added Makefile.pre.in to enable build other python packages * Mon Jan 7 2002 rvasice@suse.cz - update to version 2.2 - recreated modules list * Mon Dec 17 2001 ro@suse.de - fixed for gmp-4.x * Mon Sep 3 2001 rvasice@suse.cz - added patch for Large File Support * Mon Aug 27 2001 rvasice@suse.cz - removed conflicting file /etc/susehelp.d/pythonhtml.conf from subpackage python-doc * Fri Aug 17 2001 schwab@suse.de - Compile python library with -fPIC to allow inclusion in shared libraries. - Fix configure check for rl_completion_matches. - Replace use of config.guess by %%ifarch. * Mon Aug 13 2001 ro@suse.de - added regex module (needed for yodl) - filelist probably needs re-check * Mon Jul 30 2001 rvasice@suse.cz - fix /usr/local path * Fri Jul 27 2001 rvasice@suse.cz - update to version 2.1.1 * Tue May 8 2001 mfabian@suse.de - bzip2 sources * Fri Apr 13 2001 kukuk@suse.de - fix build with new readline library * Wed Apr 11 2001 utuerk@suse.de - added pythonhtml.conf for susehelp * Fri Feb 23 2001 ro@suse.de - changed neededforbuild to * Thu Feb 22 2001 ro@suse.de - added readline/readline-devel to neededforbuild (split from bash) * Mon Jan 22 2001 kukuk@suse.de - Use -fPIC * Tue Jan 16 2001 schwab@suse.de - Compile python library with -fpic so that it can be included in a shared library (for mod_python). * Mon Jan 15 2001 mt@suse.de - added uc-kr codec, thanks to Hwang, SangJin * Sun Dec 31 2000 schwab@suse.de - Fix filelist for ia64. * Mon Dec 18 2000 mt@suse.de - added sub-package python-nothreads for mod_python apache-module - added Obsoletes for old 8.3 packages names * Wed Dec 6 2000 mt@suse.de - cleaned up pythons tk dependencies * Thu Nov 30 2000 ro@suse.de - fixed tix-link * Wed Nov 29 2000 ro@suse.de - changed neededforbuild to * Mon Nov 27 2000 mt@suse.de - changed libnetpb to libnetpbm in neededforbuild - changed file-list in python-devel * Thu Nov 23 2000 mt@suse.de - added openssl-devel to neededforbuild * Wed Nov 22 2000 mt@suse.de - removed site-packages from Setup.in patch - python-64bit.patch should be used on all 64bit platforms * Sun Nov 19 2000 mt@suse.de - updated to BeOpen-Python-2.0 * Fri Oct 27 2000 kukuk@suse.de - Use long filenames - Fix some paths - Include * Wed Jul 5 2000 mt@suse.de - added anydbm (whichdb.py) patch from www.tummy.com * Sat May 27 2000 kukuk@suse.de - Use libtk8.3.so and libtcl8.3.so * Thu May 4 2000 kukuk@suse.de - Fix filelist for new doc dir * Mon Mar 13 2000 ro@suse.de - fixed filelist for alpha * Wed Mar 1 2000 werner@suse.de - Fix config.guess selection * Wed Feb 16 2000 uli@suse.de - passing MANDIR to "make install libinstall" (seems like it gets lost somewhere) * Tue Feb 15 2000 ro@suse.de - man to /usr/share using macro * Tue Feb 15 2000 mt@suse.de - stripped the python binary * Mon Oct 11 1999 max@suse.de - ready for the new Tcl/Tk packages * Mon Sep 27 1999 bs@suse.de - fixed requirements for sub packages * Mon Sep 20 1999 ro@suse.de - added python_image_lib as requires to pyth_tk and as provides to pyth_tkl * Mon Sep 13 1999 bs@suse.de - ran old prepare_spec on spec file to switch to new prepare_spec. * Mon Jun 7 1999 mt@suse.de - disabled pyth_dvi module in spec-file * Wed May 26 1999 ro@suse.de - added libpng to neededforbuild * Wed May 26 1999 ro@suse.de - added blt to neededforbuild * Tue May 25 1999 mt@suse.de - new version 1.5.2 - splited into sub-packages: pyth_doc, pyth_ps, pyth_pdf, pyth_dvi, pyth_dmo, pyth_tk, pyth_tkl, pyth_cur, pythgdbm to have better base-package compatibility to andrich.net. * Thu Mar 18 1999 ro@suse.de - don't set POSIXLY_CORRECT for second patch * Mon Jan 18 1999 ro@suse.de - added automake to neededforbuild - alpha-fix: don't mix up dec-osf with linux-alpha * Tue Dec 1 1998 mt@suse.de - removed TkInter into a separate package - pyth_tk - to make it possible to replace it with a PIL based TkInter (Python Imaging Lib) and better package dependecies (not each app needs TkInter) - removed Makefile.Linux - all build is done from spec file now - more /usr/local path fixes * Fri Nov 6 1998 ro@suse.de - added automake to neededforbuild - configure with threads * Thu Nov 5 1998 ro@suse.de - use db_185.h only for glibc-2.1 * Wed Sep 23 1998 ro@suse.de - two hacks to compile for glibc: Modules/bsddbmodule.c include db_185.h for glibc Modules/mpzmodule.c gmp-mparam.h dont exist for glibc / use define * Sun Aug 23 1998 ke@suse.de - Compress PostScript docu. * Mon Aug 17 1998 mt@suse.de - linked readline- and curses-modules with ncurses * Fri Aug 7 1998 mt@suse.de - python modules - file permissions changed (-x) * Sat Jul 11 1998 bs@suse.de - fixed neededforbuild * Wed Jul 8 1998 mt@suse.de - new revision 1.5.1 - docu in a separate package (pyth_doc) - Tkinter uses tk8.0/tcl8.0 now - first attempt to make it "alpha ready" (spec- & dif-file) * Mon Mar 2 1998 ro@suse.de - fixed dependency to /usr/local/bin/python * Mon Feb 9 1998 ro@suse.de - added some in neededforbuild * Wed Feb 4 1998 mt@suse.de - new Version 1.5 with more features, html documentation and new modules * Mon Sep 15 1997 mt@suse.de - added support for readline and (shared) modules: tkinter, dbm, gdbm, syslog, ncurses, ... - see /usr/lib/python1.4/config/Setup for details * Thu Jun 5 1997 mt@suse.de - new Version 1.4 - a symlink (python -> python1.4) will be used instead of a hardlink