Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libpython2_7-1_0-2.7.14-lp151.10.3.1 RPM for armv7hl

From OpenSuSE Ports Leap 15.1 updates for armv7hl

Name: libpython2_7-1_0 Distribution: openSUSE Leap 15.1
Version: 2.7.14 Vendor: openSUSE
Release: lp151.10.3.1 Build date: Tue Aug 6 17:50:37 2019
Group: Development/Languages/Python Build host: obs-arm-5
Size: 1895764 Source RPM: python-base-2.7.14-lp151.10.3.1.src.rpm
Summary: Python Interpreter shared library
Python is an interpreted, object-oriented programming language, and is
often compared to Tcl, Perl, Scheme, or Java.  You can find an overview
of Python in the documentation and tutorials included in the python-doc
(HTML) or python-doc-pdf (PDF) packages.

This package contains libpython2.7 shared library for embedding in
other applications.






* Wed Jul 03 2019 Matej Cepl <>
  - bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch
    which fixes regression introduced by the previous patch.
    (CVE-2019-10160) and getting Lib/ and tests in sync
    with the latest upstream state.
    Upstream gh#python/cpython#13812
* Mon Apr 08 2019 Matej Cepl <>
  - bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch
    removing unnecessary (and potentially harmful) URL scheme
* Fri Mar 29 2019 Matej Cepl <>
  - bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
    Characters in the netloc attribute that decompose under NFKC
    normalization (as used by the IDNA encoding) into any of ``/``,
    ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
    URL is decomposed before parsing, or is not a Unicode string,
    no error will be raised.
    Upstream commits e37ef41 and 507bd8c.
* Sat Jan 19 2019
  - bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch
    fixing bpo-35746.
    An exploitable denial-of-service vulnerability exists in the
    X509 certificate parser of Python 2.7.11 / 3.7.2.
    A specially crafted X509 certificate can cause a NULL pointer
    dereference, resulting in a denial of service. An attacker can
    initiate or accept TLS connections using crafted certificates
    to trigger this vulnerability.
* Wed Sep 26 2018 Matěj Cepl <>
  - Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which
    converts shutil._call_external_zip to use subprocess rather than
    distutils.spawn. [bsc#1109663, CVE-2018-1000802]
* Tue Feb 20 2018
  - Add python-sorted_tar.patch (boo#1081750)
* Mon Feb 05 2018
  - exclude test_socket & test_subprocess for PowerPC boo#1078485
    (same ref as previous change)
* Fri Feb 02 2018
  - Add python-skip_random_failing_tests.patch bypass boo#1078485
    and exclude many tests for PowerPC
* Tue Jan 30 2018
  - Add patch python-fix-shebang.patch to fix bsc#1078326
* Fri Dec 22 2017
  - exclude test_regrtest for s390, where it does not segfault as it should
    (fixes bsc#1073269)
  - fix segfault while creating weakref - bsc#1073748, bpo#29347
    (this is actually fixed by the 2.7.14 update; mentioning this for purposes
    of bugfix tracking)
* Mon Nov 20 2017
  - update to 2.7.14
    * dozens of bugfixes, see NEWS for details
    * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664)
    * fixed segfaults with dict mutated during search
    * fixed possible free-after-use problems with buffer objects with custom indexing
    * fixed urllib.splithost to correctly parse fragments (bpo-30500)
  - drop upstreamed python-2.7.13-overflow_check.patch
  - drop unneeded python-2.7.12-makeopcode.patch
  - drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch
* Thu Nov 02 2017
  - Call python2 instead of python in macros
* Thu Aug 17 2017
  - Add libnsl-devel build requires for glibc obsoleting libnsl
* Mon May 15 2017
  - obsolete/provide python-argparse and provide python2-argparse,
    because the argparse module is available from python 2.7 up
* Fri Feb 24 2017
  - Add reproducible.patch to allow reproducible builds of various
    python packages like python-amqp
* Tue Jan 03 2017
  - update to 2.7.13
    * dozens of bugfixes, see NEWS for details
    * updated cipher lists for openssl wrapper, support openssl >= 1.1.0
    * properly fix HTTPoxy (CVE-2016-1000110)
    * profile-opt build now applies PGO to modules as well
  - update python-2.7.10-overflow_check.patch
    with python-2.7.13-overflow_check.patch, incorporating upstream changes
  - add "-fwrapv" to optflags explicitly because upstream code still
    relies on it in many places
* Fri Dec 02 2016
  - provide python2-* symbols, for support of new packages built as
  - rename macros.python to macros.python2 accordingly
  - require python-rpm-macros package, drop macro definitions from
* Thu Jun 30 2016
  - update to 2.7.12
    * dozens of bugfixes, see NEWS for details
    * fixes multiple security issues:
      CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751)
      CVE-2016-5636 zipimporter heap overflow (bsc#985177)
      CVE-2016-5699 httplib header injection (bsc#985348)
      (this one is actually fixed since 2.7.10)
  - removed upstreamed python-2.7.7-mhlib-linkcount.patch
  - refreshed multilib patch
  - python-2.7.12-makeopcode.patch - run newly-built python interpreter
    to make opcodes, in order not to require pre-built python
  - update LD_LIBRARY_PATH to use $PWD instead of "." because the test
    process escapes to its own directory
  - modify shebang-fixing scriptlet to ignore
* Fri Jan 29 2016
  - Add python-2.7.10-overflow_check.patch to fix broken overflow checks.
* Mon Sep 14 2015
  - copy strict-tls-checks subpackage from SLE to retain future compatibility
    (not built in openSUSE)
  - do this properly to fix bnc#945401
* Wed Sep 09 2015
  - Add python-ncurses-6.0-accessors.patch: Fix build with
    NCurses 6.0 and OPAQUE_WINDOW set to 1.
* Wed Jun 10 2015
  - add __python2 compatibility macro (used by Fedora)
* Sun May 24 2015
  - update to 2.7.10
  - removed obsolete python-2.7-urllib2-localnet-ssl.patch
* Tue May 19 2015
  - Reenable test_posix on aarch64
* Sun Dec 21 2014
  - python-2.7.4-aarch64.patch: Remove obsolete patch
  - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for
* Fri Dec 12 2014
  - update to 2.7.9
    * contains full backport of ssl module from Python 3.4 (PEP466)
    * HTTPS certificate validation enabled by default (PEP476)
    * SSLv3 disabled by default (bnc#901715)
    * backported ensurepip module (PEP477)
    * fixes several missing CVEs from last release: CVE-2013-1752,
    * dozens of minor bugfixes
  - dropped upstreamed patches: python-2.7.6-poplib.patch,
    smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch
  - dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it
    with ssl module from Python 3
  - libffi was upgraded upstream, seems to contain our changes,
    so dropping libffi-ppc64le.diff as well
  - python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional
    "import ssl" from test_urllib2_localnet that caused it to fail without ssl
* Wed Oct 22 2014
  - skip test_thread in qemu_linux_user mode



Generated by rpm2html 1.8.1

Fabrice Bellet, Wed May 27 00:12:07 2020