Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libpython2_7-1_0-2.7.18-49.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: libpython2_7-1_0 Distribution: openSUSE Tumbleweed
Version: 2.7.18 Vendor: openSUSE
Release: 49.1 Build date: Mon Jul 15 14:19:43 2024
Group: Development/Languages/Python Build host: reproducible
Size: 1905728 Source RPM: python-base-2.7.18-49.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://www.python.org/
Summary: Python Interpreter shared library
Python is an interpreted, object-oriented programming language, and is
often compared to Tcl, Perl, Scheme, or Java.  You can find an overview
of Python in the documentation and tutorials included in the python-doc
(HTML) or python-doc-pdf (PDF) packages.

This package contains libpython2.7 shared library for embedding in
other applications.

Provides

Requires

License

Python-2.0

Changelog

* Mon Jul 15 2024 Matej Cepl <mcepl@cepl.eu>
  - Stop using %%defattr, it seems to be breaking proper executable
    attributes on /usr/bin/ scripts (bsc#1227378).
* Wed May 22 2024 Matej Cepl <mcepl@cepl.eu>
  - Restore _multibuild
* Sat May 18 2024 Matej Cepl <mcepl@suse.com>
  - bsc#1221854 (CVE-2024-0450) Add
    CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
    detecting the vulnerability of the "quoted-overlap" zipbomb
    (from gh#python/cpython!110016).
* Sat May 11 2024 Matej Cepl <mcepl@cepl.eu>
  - Switch to using the system libexpat (bsc#1219559,
    CVE-2023-52425)
  - Make sure to remove all embedded versions of other packages
    (including expat).
  - Add CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch
    removing failing test fixing bpo#3151, which we just not
    support.
  - Remove patches over those embedded packages (cffi):
    - python-2.7-libffi-aarch64.patch
    - sparc_longdouble.patch
* Tue Apr 16 2024 Matej Cepl <mcepl@cepl.eu>
  - Modify CVE-2023-27043-email-parsing-errors.patch to fix the
    unicode string handling in email.utils.parseaddr()
    (bsc#1222537).
  - Revert CVE-2022-48560-after-free-heappushpop.patch, the fix was
    unneeded.
* Mon Mar 18 2024 Matej Cepl <mcepl@cepl.eu>
  - Switch off tests. ONLY FOR FACTORY!!! (bsc#1219306)
* Tue Mar 05 2024 Daniel Garcia <daniel.garcia@suse.com>
  - Build with -std=gnu89 to build correctly with gcc14, bsc#1220970
* Mon Jan 08 2024 Daniel Garcia <daniel.garcia@suse.com>
  - Add CVE-2023-27043-email-parsing-errors.patch to
    gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
* Mon Nov 27 2023 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2022-48560-after-free-heappushpop.patch fixing
    use-after-free in Python via heappushpop in heapq (bsc#1214675,
    CVE-2022-48560).
  - switch from %patchN style to the %patch -P N one.
* Sat Sep 16 2023 Matej Cepl <mcepl@suse.com>
  - (bsc#1214691, CVE-2022-48566) Add
    CVE-2022-48566-compare_digest-more-constant.patch to make
    compare_digest more constant-time.
  - Allow nis.so for SLE-12.
* Thu Sep 14 2023 Matej Cepl <mcepl@suse.com>
  - (bsc#1214685, CVE-2022-48565) Add
    CVE-2022-48565-plistlib-XML-vulns.patch (from
    gh#python/cpython#86217) reject XML entity declarations in
    plist files.
  - Remove BOTH CVE-2023-27043-email-parsing-errors.patch and
    Revert-gh105127-left-tests.patch (as per discussion on
    bsc#1210638).
* Tue Sep 12 2023 Daniel Garcia <daniel.garcia@suse.com>
  - Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing
    gh#python/cpython#108310, backport from upstream patch
    gh#python/cpython#108315
    (bsc#1214692, CVE-2023-40217)
* Thu Aug 03 2023 Matej Cepl <mcepl@suse.com>
  - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED!
  - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
    partially reverting CVE-2023-27043-email-parsing-errors.patch,
    because of the regression in gh#python/cpython#106669.
* Tue Jul 11 2023 Matej Cepl <mcepl@suse.com>
  - (bsc#1210638, CVE-2023-27043) Add
    CVE-2023-27043-email-parsing-errors.patch, which detects email
    address parsing errors and returns empty tuple to indicate the
    parsing error (old API).
* Wed Jun 07 2023 Matej Cepl <mcepl@suse.com>
  - Fix the application of the python-2.7.17-switch-off-failing-SSL-tests.patch.
* Tue May 30 2023 Andreas Schwab <schwab@suse.de>
  - python-2.7.5-multilib.patch: Update for riscv64
  - Don't fail if _ctypes or dl extension was not built
* Mon May 29 2023 Matej Cepl <mcepl@suse.com>
  - The condition around libnsl-devel BuildRequires is NOT
    switching off NIS support on SLE < 15, support for NIS used to
    be in the glibc itself. Partial revert of sr#1061583.
* Wed May 24 2023 Matej Cepl <mcepl@suse.com>
  - Add PygmentsBridge-trime_doctest_flags.patch to allow build of
    the documentation even with the current Sphinx. (SUSE-ONLY
    PATCH, DO NOT SEND UPSTREAM!)
* Wed Mar 08 2023 Matej Cepl <mcepl@suse.com>
  - Enable --with-system-ffi for non-standard architectures.
* Mon Mar 06 2023 Matej Cepl <mcepl@suse.com>
  - SLE-12 builds nis.so as well.
* Wed Mar 01 2023 Matej Cepl <mcepl@suse.com>
  - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
    bsc#1208471) blocklists bypass via the urllib.parse component
    when supplying a URL that starts with blank characters
* Fri Jan 27 2023 Thorsten Kukuk <kukuk@suse.com>
  - Disable NIS for new products, it's deprecated and gets removed
* Thu Jan 19 2023 Matej Cepl <mcepl@suse.com>
  - Add skip_unverified_test.patch because apparently switching off
    SSL verification doesn't work on older SLE.
* Tue Nov 22 2022 Matej Cepl <mcepl@suse.com>
  - Restore python-2.7.9-sles-disable-verification-by-default.patch
    for SLE-12.
* Wed Nov 09 2022 Matej Cepl <mcepl@suse.com>
  - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
    CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
    extremely long domain names.
* Tue Sep 13 2022 Bernhard Wiedemann <bwiedemann@suse.com>
  - Add bpo34990-2038-problem-compileall.patch making compileall.py
    compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
    backport of fix to Python 2.7.
* Wed Sep 07 2022 Steve Kowalik <steven.kowalik@suse.com>
  - Add patch CVE-2021-28861-double-slash-path.patch:
    * BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server
      when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
* Thu Jun 09 2022 Matej Cepl <mcepl@suse.com>
  - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
    CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
    command injection in the mailcap module.
* Tue May 24 2022 Martin Liška <mliska@suse.cz>
  - Filter out executable-stack error that is triggered for i586
    target.
* Sat Feb 26 2022 Matej Cepl <mcepl@suse.com>
  - Update bundled pip wheel to the latest SLE version patched
    against bsc#1186819 (CVE-2021-3572).
  - Recover again proper value of %python2_package_prefix
    (bsc#1175619).
* Fri Feb 18 2022 Matej Cepl <mcepl@suse.com>
  - BuildRequire rpm-build-python: The provider to inject python(abi)
    has been moved there. rpm-build pulls rpm-build-python
    automatically in when building anything against python3-base, but
    this implies that the initial build of python3-base does not
    trigger the automatic installation.
* Fri Feb 18 2022 Matej Cepl <mcepl@suse.com>
  - Older SLE versions should use old OpenSSL.
* Wed Feb 09 2022 Matej Cepl <mcepl@suse.com>
  - Add CVE-2022-0391-urllib_parse-newline-parsing.patch
    (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs
    containing ASCII newline and tabs in urlparse.
* Sun Feb 06 2022 Matej Cepl <mcepl@suse.com>
  - Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,
    bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib
    not trust the PASV response.
* Mon Dec 06 2021 Dirk Müller <dmueller@suse.com>
  - build against openssl 1.1.x (incompatible with openssl 3.0x)
    for now.
* Tue Nov 02 2021 Marcus Meissner <meissner@suse.com>
  - on sle12, python2 modules will still be called python-xxxx until EOL,
    for newer SLE versions they will be python2-xxxx
* Fri Oct 15 2021 Dominique Leuenberger <dimstar@opensuse.org>
  - BuildRequire rpm-build-python: The provider to inject python(abi)
    has been moved there. rpm-build pulls rpm-build-python
    automatically in when building anything against python3-base, but
    this implies that the initial build of python3-base does not
    trigger the automatic installation.
* Tue Sep 21 2021 Matej Cepl <mcepl@suse.com>
  - Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
    (CVE-2019-20907, bpo#39017) avoiding possible infinite loop
    in specifically crafted tarball.
    Add recursion.tar as a testing tarball for the patch.
  - Provide the newest setuptools wheel (bsc#1176262,
    CVE-2019-20916) in their correct form (bsc#1180686).
  - Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
    (CVE-2020-26116, bpo#39603) no longer allowing special characters in
    the method parameter of HTTPConnection.putrequest in httplib, stopping
    injection of headers. Such characters now raise ValueError.
* Thu Aug 26 2021 Fusion Future <qydwhotmail@gmail.com>
  - Renamed patch for assigned CVE:
    * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
      CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
      (boo#1189241, CVE-2021-3737)
* Mon Aug 23 2021 Fusion Future <qydwhotmail@gmail.com>
  - Renamed patch for assigned CVE:
    * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
      (boo#1189287, CVE-2021-3733)
  - Fix python-doc build (bpo#35293):
    * sphinx-update-removed-function.patch
  - Update documentation formatting for Sphinx 3.0 (bpo#40204).
* Tue Aug 10 2021 Fusion Future <qydwhotmail@gmail.com>
  - Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
    request (bpo#43075, boo#1189287).
  - Add missing security announcement to
    bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
* Mon Aug 09 2021 Fusion Future <qydwhotmail@gmail.com>
  - Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    which fixes http client infinite line reading (DoS) after a http
    100 (bpo#44022, boo#1189241).
* Fri Jul 16 2021 Matej Cepl <mcepl@suse.com>
  - Modify Lib/ensurepip/__init__.py to contain the same version
    numbers as are in reality the ones in the bundled wheels
    (bsc#1187668).
* Fri Feb 26 2021 Matej Cepl <mcepl@suse.com>
  - Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
    use of semicolon as a query string separator (bpo#42967,
    bsc#1182379, CVE-2021-23336).
* Mon Jan 25 2021 Matej Cepl <mcepl@suse.com>
  - Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
    bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
    _ctypes/callproc.c, which may lead to remote code execution.
* Tue Jan 05 2021 Matej Cepl <mcepl@suse.com>
  - (bsc#1180125) We really don't Require python-rpm-macros package.
    Unnecessary dependency.

Files

/usr/lib64/libpython2.7.so.1.0


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Nov 16 00:58:04 2024