Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libpython2_7-1_0-2.7.17-1.1 RPM for ppc64le

From OpenSuSE Ports Tumbleweed for ppc64le

Name: libpython2_7-1_0 Distribution: openSUSE Tumbleweed
Version: 2.7.17 Vendor: openSUSE
Release: 1.1 Build date: Mon Nov 4 17:47:38 2019
Group: Development/Languages/Python Build host: obs-power8-02
Size: 3062440 Source RPM: python-base-2.7.17-1.1.src.rpm
Summary: Python Interpreter shared library
Python is an interpreted, object-oriented programming language, and is
often compared to Tcl, Perl, Scheme, or Java.  You can find an overview
of Python in the documentation and tutorials included in the python-doc
(HTML) or python-doc-pdf (PDF) packages.

This package contains libpython2.7 shared library for embedding in
other applications.






* Thu Oct 24 2019 Matej Cepl <>
  - Update to 2.7.17:
    - a bug fix release in the Python 2.7.x series. It is expected
      to be the penultimate release for Python 2.7.
  - Removed patches included upstream:
    - CVE-2018-20852-cookie-domain-check.patch
    - CVE-2019-16935-xmlrpc-doc-server_title.patch
    - CVE-2019-9636-netloc-no-decompose-characters.patch
    - CVE-2019-9947-no-ctrl-char-http.patch
    - CVE-2019-9948-avoid_local-file.patch
* Tue Oct 08 2019 Matej Cepl <>
  - Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing
    bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in
* Wed Sep 25 2019 Bernhard Wiedemann <>
  - Add bpo36302-sort-module-sources.patch (boo#1041090)
* Fri Jul 19 2019 Matej Cepl <>
  - boo#1141853 (CVE-2018-20852) add
    CVE-2018-20852-cookie-domain-check.patch fixing
    http.cookiejar.DefaultPolicy.domain_return_ok which did not
    correctly validate the domain: it could be tricked into sending
    cookies to the wrong server.
* Fri Jul 19 2019 Tomáš Chvátal <>
  - Skip test_urllib2_localnet that randomly fails in OBS
* Wed May 29 2019 Martin Liška <>
  -  Set _lto_cflags to nil as it will prevent to propage LTO
    for Python modules that are built in a separate package.
* Thu May 02 2019 Matej Cepl <>
  - bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch
    Address the issue by disallowing URL paths with embedded
    whitespace or control characters through into the underlying
    http client request. Such potentially malicious header
    injection URLs now cause a ValueError to be raised.
* Mon Apr 08 2019 Matej Cepl <>
  - bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch
    removing unnecessary (and potentially harmful) URL scheme
* Mon Apr 08 2019 Matej Cepl <>
  - bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
    Characters in the netloc attribute that decompose under NFKC
    normalization (as used by the IDNA encoding) into any of ``/``,
    ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
    URL is decomposed before parsing, or is not a Unicode string,
    no error will be raised.
    Upstream commits e37ef41 and 507bd8c.
* Thu Apr 04 2019 Matej Cepl <>
  - Update to 2.7.16:
    * bugfix-only release: complete list of changes on
    * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
      which are fully included in the tarball.
    * Updated patches to apply cleanly:
    * Update python-2.7.5-multilib.patch to pass with new platlib
* Sat Jan 19 2019
  - bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch
    fixing bpo-35746.
    An exploitable denial-of-service vulnerability exists in the
    X509 certificate parser of Python 2.7.11 / 3.7.2.
    A specially crafted X509 certificate can cause a NULL pointer
    dereference, resulting in a denial of service. An attacker can
    initiate or accept TLS connections using crafted certificates
    to trigger this vulnerability.
* Wed Dec 19 2018 Todd R <>
  - Use upstream-recommended %{_rpmconfigdir}/macros.d directory
    for the rpm macros.
* Fri Oct 26 2018 Tomáš Chvátal <>
  - Add patch openssl-111.patch to work with openssl-1.1.1
* Wed Sep 26 2018 Matěj Cepl <>
  - Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which
    converts shutil._call_external_zip to use subprocess rather than
    distutils.spawn. [bsc#1109663, CVE-2018-1000802]
* Mon May 21 2018
  - update to 2.7.15
    * dozens of bugfixes, see NEWS for details
  - removed obsolete patches:
    * python-ncurses-6.0-accessors.patch
    * python-fix-shebang.patch
    * gcc8-miscompilation-fix.patch
  - add patch from upstream:
    * do-not-use-non-ascii-in-test_ssl.patch
* Fri Apr 06 2018
  - Add gcc8-miscompilation-fix.patch (boo#1084650).
* Tue Feb 20 2018
  - Add python-sorted_tar.patch (boo#1081750)
* Mon Feb 05 2018
  - exclude test_socket & test_subprocess for PowerPC boo#1078485
    (same ref as previous change)
* Fri Feb 02 2018
  - Add python-skip_random_failing_tests.patch bypass boo#1078485
    and exclude many tests for PowerPC
* Tue Jan 30 2018
  - Add patch python-fix-shebang.patch to fix bsc#1078326



Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Nov 30 01:06:41 2019