Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

python-base-32bit-2.7.14-lp151.10.13.2 RPM for x86_64

From OpenSuSE Leap 15.1 updates for x86_64

Name: python-base-32bit Distribution: openSUSE Leap 15.1
Version: 2.7.14 Vendor: openSUSE
Release: lp151.10.13.2 Build date: Sat Nov 30 23:10:44 2019
Group: Development/Languages/Python Build host: cloud125
Size: 3162420 Source RPM: python-base-2.7.14-lp151.10.13.2.src.rpm
Summary: Python Interpreter base package
Python is an interpreted, object-oriented programming language, and is
often compared to Tcl, Perl, Scheme, or Java.  You can find an overview
of Python in the documentation and tutorials included in the python-doc
(HTML) or python-doc-pdf (PDF) packages.

This package contains all of stand-alone Python files, minus binary
modules that would pull in extra dependencies.






* Tue Nov 05 2019 Matej Cepl <>
  - Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from
    bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes
* Tue Oct 08 2019 Matej Cepl <>
  - Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing
    bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in
* Wed Sep 25 2019 Matej Cepl <>
  - bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch
    Address the issue by disallowing URL paths with embedded
    whitespace or control characters through into the underlying
    http client request. Such potentially malicious header
    injection URLs now cause a ValueError to be raised.
* Mon Sep 16 2019 Matej Cepl <>
  - Add CVE-2019-16056-email-parse-addr.patch fixing the email
    module wrongly parses email addresses [bsc#1149955,
* Thu Jul 25 2019 Matej Cepl <>
  - boo#1141853 (CVE-2018-20852) add
    CVE-2018-20852-cookie-domain-check.patch fixing
    http.cookiejar.DefaultPolicy.domain_return_ok which did not
    correctly validate the domain: it could be tricked into sending
    cookies to the wrong server.
* Wed Jul 03 2019 Matej Cepl <>
  - bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch
    which fixes regression introduced by the previous patch.
    (CVE-2019-10160) and getting Lib/ and tests in sync
    with the latest upstream state.
    Upstream gh#python/cpython#13812
* Mon Apr 08 2019 Matej Cepl <>
  - bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch
    removing unnecessary (and potentially harmful) URL scheme
* Fri Mar 29 2019 Matej Cepl <>
  - bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
    Characters in the netloc attribute that decompose under NFKC
    normalization (as used by the IDNA encoding) into any of ``/``,
    ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
    URL is decomposed before parsing, or is not a Unicode string,
    no error will be raised.
    Upstream commits e37ef41 and 507bd8c.
* Sat Jan 19 2019
  - bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch
    fixing bpo-35746.
    An exploitable denial-of-service vulnerability exists in the
    X509 certificate parser of Python 2.7.11 / 3.7.2.
    A specially crafted X509 certificate can cause a NULL pointer
    dereference, resulting in a denial of service. An attacker can
    initiate or accept TLS connections using crafted certificates
    to trigger this vulnerability.
* Tue Sep 25 2018 Matěj Cepl <>
  - Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which
    converts shutil._call_external_zip to use subprocess rather than
    distutils.spawn. [bsc#1109663, CVE-2018-1000802]
* Tue Feb 20 2018
  - Add python-sorted_tar.patch (boo#1081750)
* Mon Feb 05 2018
  - exclude test_socket & test_subprocess for PowerPC boo#1078485
    (same ref as previous change)
* Fri Feb 02 2018
  - Add python-skip_random_failing_tests.patch bypass boo#1078485
    and exclude many tests for PowerPC
* Tue Jan 30 2018
  - Add patch python-fix-shebang.patch to fix bsc#1078326
* Fri Dec 22 2017
  - exclude test_regrtest for s390, where it does not segfault as it should
    (fixes bsc#1073269)
  - fix segfault while creating weakref - bsc#1073748, bpo#29347
    (this is actually fixed by the 2.7.14 update; mentioning this for purposes
    of bugfix tracking)
* Mon Nov 20 2017
  - update to 2.7.14
    * dozens of bugfixes, see NEWS for details
    * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664)
    * fixed segfaults with dict mutated during search
    * fixed possible free-after-use problems with buffer objects with custom indexing
    * fixed urllib.splithost to correctly parse fragments (bpo-30500)
  - drop upstreamed python-2.7.13-overflow_check.patch
  - drop unneeded python-2.7.12-makeopcode.patch
  - drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch
* Thu Nov 02 2017
  - Call python2 instead of python in macros
* Thu Aug 17 2017
  - Add libnsl-devel build requires for glibc obsoleting libnsl
* Mon May 15 2017
  - obsolete/provide python-argparse and provide python2-argparse,
    because the argparse module is available from python 2.7 up
* Fri Feb 24 2017
  - Add reproducible.patch to allow reproducible builds of various
    python packages like python-amqp
* Tue Jan 03 2017
  - update to 2.7.13
    * dozens of bugfixes, see NEWS for details
    * updated cipher lists for openssl wrapper, support openssl >= 1.1.0
    * properly fix HTTPoxy (CVE-2016-1000110)
    * profile-opt build now applies PGO to modules as well
  - update python-2.7.10-overflow_check.patch
    with python-2.7.13-overflow_check.patch, incorporating upstream changes
  - add "-fwrapv" to optflags explicitly because upstream code still
    relies on it in many places
* Fri Dec 02 2016
  - provide python2-* symbols, for support of new packages built as
  - rename macros.python to macros.python2 accordingly
  - require python-rpm-macros package, drop macro definitions from
* Thu Jun 30 2016
  - update to 2.7.12
    * dozens of bugfixes, see NEWS for details
    * fixes multiple security issues:
      CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751)
      CVE-2016-5636 zipimporter heap overflow (bsc#985177)
      CVE-2016-5699 httplib header injection (bsc#985348)
      (this one is actually fixed since 2.7.10)
  - removed upstreamed python-2.7.7-mhlib-linkcount.patch
  - refreshed multilib patch
  - python-2.7.12-makeopcode.patch - run newly-built python interpreter
    to make opcodes, in order not to require pre-built python
  - update LD_LIBRARY_PATH to use $PWD instead of "." because the test
    process escapes to its own directory
  - modify shebang-fixing scriptlet to ignore
* Fri Jan 29 2016
  - Add python-2.7.10-overflow_check.patch to fix broken overflow checks.
* Mon Sep 14 2015
  - copy strict-tls-checks subpackage from SLE to retain future compatibility
    (not built in openSUSE)
  - do this properly to fix bnc#945401
* Wed Sep 09 2015
  - Add python-ncurses-6.0-accessors.patch: Fix build with
    NCurses 6.0 and OPAQUE_WINDOW set to 1.
* Wed Jun 10 2015
  - add __python2 compatibility macro (used by Fedora)
* Sun May 24 2015
  - update to 2.7.10
  - removed obsolete python-2.7-urllib2-localnet-ssl.patch
* Tue May 19 2015
  - Reenable test_posix on aarch64
* Sun Dec 21 2014
  - python-2.7.4-aarch64.patch: Remove obsolete patch
  - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for
* Fri Dec 12 2014
  - update to 2.7.9
    * contains full backport of ssl module from Python 3.4 (PEP466)
    * HTTPS certificate validation enabled by default (PEP476)
    * SSLv3 disabled by default (bnc#901715)
    * backported ensurepip module (PEP477)
    * fixes several missing CVEs from last release: CVE-2013-1752,
    * dozens of minor bugfixes
  - dropped upstreamed patches: python-2.7.6-poplib.patch,
    smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch
  - dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it
    with ssl module from Python 3
  - libffi was upgraded upstream, seems to contain our changes,
    so dropping libffi-ppc64le.diff as well
  - python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional
    "import ssl" from test_urllib2_localnet that caused it to fail without ssl
* Wed Oct 22 2014
  - skip test_thread in qemu_linux_user mode



Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Aug 8 23:40:27 2020