Hello community,
here is the log from the commit of package python for openSUSE:Factory checked
in at 2014-06-25 15:24:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python (Old)
and /work/SRC/openSUSE:Factory/.python.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python"
Changes:
--------
--- /work/SRC/openSUSE:Factory/python/python-base.changes 2014-03-21
15:47:37.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.python.new/python-base.changes 2014-06-25
15:24:07.000000000 +0200
@@ -1,0 +2,18 @@
+Fri Jun 20 13:11:34 UTC 2014 - jmate...@suse.com
+
+- update to 2.7.7
+ * bugfix-only release, over a hundred bugs fixed
+ * backported hmac.compare_digest from python3, first step of PEP 466
+- drop upstreamed patches:
+ * CVE-2014-1912-recvfrom_into.patch
+ * python-2.7.4-no-REUSEPORT.patch
+ * python-2.7.6-bdist-rpm.patch
+ * python-2.7.6-imaplib.patch
+ * python-2.7.6-sqlite-3.8.4-tests.patch
+- refresh patches:
+ * python-2.7.3-ssl_ca_path.patch
+ * python-2.7.4-canonicalize2.patch
+ * xmlrpc_gzip_27.patch
+- added python keyring and signature for the main tarball
+
+-------------------------------------------------------------------
--- /work/SRC/openSUSE:Factory/python/python-doc.changes 2014-03-21
15:47:37.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.python.new/python-doc.changes 2014-06-25
15:24:07.000000000 +0200
@@ -1,0 +2,5 @@
+Fri Jun 20 13:46:40 UTC 2014 - jmate...@suse.com
+
+- update to 2.7.7
+
+-------------------------------------------------------------------
--- /work/SRC/openSUSE:Factory/python/python.changes 2014-03-21
15:47:37.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.python.new/python.changes 2014-06-25
15:24:07.000000000 +0200
@@ -1,0 +2,6 @@
+Fri Jun 20 13:46:22 UTC 2014 - jmate...@suse.com
+
+- update to 2.7.7
+ * bugfix-only release, over a hundred bugs fixed
+
+-------------------------------------------------------------------
Old:
----
CVE-2014-1912-recvfrom_into.patch
Python-2.7.6.tar.xz
python-2.7.4-no-REUSEPORT.patch
python-2.7.6-bdist-rpm.patch
python-2.7.6-docs-html.tar.bz2
python-2.7.6-docs-pdf-a4.tar.bz2
python-2.7.6-docs-pdf-letter.tar.bz2
python-2.7.6-imaplib.patch
python-2.7.6-sqlite-3.8.4-tests.patch
New:
----
Python-2.7.7.tar.xz
Python-2.7.7.tar.xz.asc
python-2.7.7-docs-html.tar.bz2
python-2.7.7-docs-pdf-a4.tar.bz2
python-2.7.7-docs-pdf-letter.tar.bz2
python.keyring
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-base.spec ++++++
--- /var/tmp/diff_new_pack.6D7Jw3/_old 2014-06-25 15:24:09.000000000 +0200
+++ /var/tmp/diff_new_pack.6D7Jw3/_new 2014-06-25 15:24:09.000000000 +0200
@@ -17,7 +17,7 @@
Name: python-base
-Version: 2.7.6
+Version: 2.7.7
Release: 0
Summary: Python Interpreter base package
License: Python-2.0
@@ -26,6 +26,8 @@
%define tarversion %{version}
%define tarname Python-%{tarversion}
Source0: http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz
+Source4:
http://www.python.org/ftp/python/%{version}/%{tarname}.tar.xz.asc
+Source6: python.keyring
Source1: macros.python
Source2: baselibs.conf
Source3: README.SUSE
@@ -47,21 +49,14 @@
Patch20: python-bundle-lang.patch
# PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module
Patch22: python-2.7.4-aarch64.patch
-Patch23: python-2.7.4-no-REUSEPORT.patch
Patch24: python-bsddb6.diff
# PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module
Patch25: libffi-ppc64le.diff
# CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client
Patch26: xmlrpc_gzip_27.patch
# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
-Patch27: python-2.7.6-imaplib.patch
Patch28: smtplib_maxline-2.7.patch
Patch29: python-2.7.6-poplib.patch
-# [bnc#857470] add missing import to bdist_rpm command
-Patch30: python-2.7.6-bdist-rpm.patch
-# CVE-2014-1912 [bnc#863741] buffer overflow in recvfrom_into
-Patch31: CVE-2014-1912-recvfrom_into.patch
-Patch32: python-2.7.6-sqlite-3.8.4-tests.patch
# COMMON-PATCH-END
%define python_version %(echo %{tarversion} | head -c 3)
BuildRequires: automake
@@ -149,16 +144,11 @@
%patch18 -p1
%patch20 -p1
%patch22 -p1
-%patch23 -p1
%patch24 -p1
%patch25 -p0
%patch26 -p1
-%patch27 -p1
%patch28 -p1
%patch29 -p1
-%patch30 -p1
-%patch31 -p1
-%patch32 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
++++++ python-doc.spec ++++++
--- /var/tmp/diff_new_pack.6D7Jw3/_old 2014-06-25 15:24:10.000000000 +0200
+++ /var/tmp/diff_new_pack.6D7Jw3/_new 2014-06-25 15:24:10.000000000 +0200
@@ -16,7 +16,7 @@
#
Name: python-doc
-Version: 2.7.6
+Version: 2.7.7
Release: 0
Summary: Additional Package Documentation for Python
License: Python-2.0
@@ -52,21 +52,14 @@
Patch20: python-bundle-lang.patch
# PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module
Patch22: python-2.7.4-aarch64.patch
-Patch23: python-2.7.4-no-REUSEPORT.patch
Patch24: python-bsddb6.diff
# PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module
Patch25: libffi-ppc64le.diff
# CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client
Patch26: xmlrpc_gzip_27.patch
# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
-Patch27: python-2.7.6-imaplib.patch
Patch28: smtplib_maxline-2.7.patch
Patch29: python-2.7.6-poplib.patch
-# [bnc#857470] add missing import to bdist_rpm command
-Patch30: python-2.7.6-bdist-rpm.patch
-# CVE-2014-1912 [bnc#863741] buffer overflow in recvfrom_into
-Patch31: CVE-2014-1912-recvfrom_into.patch
-Patch32: python-2.7.6-sqlite-3.8.4-tests.patch
# COMMON-PATCH-END
Provides: pyth_doc
Provides: pyth_ps
@@ -108,16 +101,11 @@
%patch18 -p1
%patch20 -p1
%patch22 -p1
-%patch23 -p1
%patch24 -p1
%patch25 -p0
%patch26 -p1
-%patch27 -p1
%patch28 -p1
%patch29 -p1
-%patch30 -p1
-%patch31 -p1
-%patch32 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
++++++ python.spec ++++++
--- /var/tmp/diff_new_pack.6D7Jw3/_old 2014-06-25 15:24:10.000000000 +0200
+++ /var/tmp/diff_new_pack.6D7Jw3/_new 2014-06-25 15:24:10.000000000 +0200
@@ -16,7 +16,7 @@
#
Name: python
-Version: 2.7.6
+Version: 2.7.7
Release: 0
Summary: Python Interpreter
License: Python-2.0
@@ -53,21 +53,14 @@
Patch20: python-bundle-lang.patch
# PATCH-FIX-OPENSUSE Properly support aarch64 in _ctypes module
Patch22: python-2.7.4-aarch64.patch
-Patch23: python-2.7.4-no-REUSEPORT.patch
Patch24: python-bsddb6.diff
# PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module
Patch25: libffi-ppc64le.diff
# CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client
Patch26: xmlrpc_gzip_27.patch
# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
-Patch27: python-2.7.6-imaplib.patch
Patch28: smtplib_maxline-2.7.patch
Patch29: python-2.7.6-poplib.patch
-# [bnc#857470] add missing import to bdist_rpm command
-Patch30: python-2.7.6-bdist-rpm.patch
-# CVE-2014-1912 [bnc#863741] buffer overflow in recvfrom_into
-Patch31: CVE-2014-1912-recvfrom_into.patch
-Patch32: python-2.7.6-sqlite-3.8.4-tests.patch
# COMMON-PATCH-END
BuildRequires: automake
BuildRequires: db-devel
@@ -185,16 +178,11 @@
%patch18 -p1
%patch20 -p1
%patch22 -p1
-%patch23 -p1
%patch24 -p1
%patch25 -p0
%patch26 -p1
-%patch27 -p1
%patch28 -p1
%patch29 -p1
-%patch30 -p1
-%patch31 -p1
-%patch32 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
++++++ Python-2.7.6.tar.xz -> Python-2.7.7.tar.xz ++++++
/work/SRC/openSUSE:Factory/python/Python-2.7.6.tar.xz
/work/SRC/openSUSE:Factory/.python.new/Python-2.7.7.tar.xz differ: char 27,
line 1
++++++ python-2.7.3-ssl_ca_path.patch ++++++
--- /var/tmp/diff_new_pack.6D7Jw3/_old 2014-06-25 15:24:10.000000000 +0200
+++ /var/tmp/diff_new_pack.6D7Jw3/_new 2014-06-25 15:24:10.000000000 +0200
@@ -1,16 +1,16 @@
-Index: Python-2.7.5/Modules/_ssl.c
+Index: Python-2.7.7/Modules/_ssl.c
===================================================================
---- Python-2.7.5.orig/Modules/_ssl.c
-+++ Python-2.7.5/Modules/_ssl.c
-@@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock,
+--- Python-2.7.7.orig/Modules/_ssl.c 2014-06-20 14:34:28.157656595 +0200
++++ Python-2.7.7/Modules/_ssl.c 2014-06-20 14:35:20.092929774 +0200
+@@ -273,6 +273,7 @@
char *errstr = NULL;
int ret;
int verification_mode;
+ struct stat stat_buf;
+ long options;
self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
- if (self == NULL)
-@@ -327,20 +328,32 @@ newPySSLObject(PySocketSockObject *Sock,
+@@ -331,20 +332,32 @@
if (certreq != PY_SSL_CERT_NONE) {
if (cacerts_file == NULL) {
++++++ python-2.7.4-canonicalize2.patch ++++++
--- /var/tmp/diff_new_pack.6D7Jw3/_old 2014-06-25 15:24:10.000000000 +0200
+++ /var/tmp/diff_new_pack.6D7Jw3/_new 2014-06-25 15:24:10.000000000 +0200
@@ -1,6 +1,8 @@
---- a/Python/sysmodule.c
-+++ b/Python/sysmodule.c
-@@ -1620,7 +1620,20 @@
+Index: Python-2.7.7/Python/sysmodule.c
+===================================================================
+--- Python-2.7.7.orig/Python/sysmodule.c 2014-06-20 14:33:06.696228064
+0200
++++ Python-2.7.7/Python/sysmodule.c 2014-06-20 14:33:10.960250497 +0200
+@@ -1624,7 +1624,20 @@
char *p = NULL;
Py_ssize_t n = 0;
PyObject *a;
@@ -22,7 +24,7 @@
char link[MAXPATHLEN+1];
char argv0copy[2*MAXPATHLEN+1];
int nr = 0;
-@@ -1647,7 +1660,8 @@
+@@ -1651,7 +1664,8 @@
}
}
}
@@ -32,7 +34,7 @@
#if SEP == '\\' /* Special case for MS filename syntax */
if (argc > 0 && argv0 != NULL && strcmp(argv0, "-c") != 0) {
char *q;
-@@ -1676,11 +1690,6 @@
+@@ -1680,11 +1694,6 @@
}
#else /* All other filename syntaxes */
if (argc > 0 && argv0 != NULL && strcmp(argv0, "-c") != 0) {
@@ -44,7 +46,7 @@
p = strrchr(argv0, SEP);
}
if (p != NULL) {
-@@ -1698,6 +1707,9 @@
+@@ -1702,6 +1711,9 @@
a = PyString_FromStringAndSize(argv0, n);
if (a == NULL)
Py_FatalError("no mem for sys.path insertion");
@@ -54,9 +56,11 @@
if (PyList_Insert(path, 0, a) < 0)
Py_FatalError("sys.path.insert(0) failed");
Py_DECREF(a);
---- a/pyconfig.h.in
-+++ b/pyconfig.h.in
-@@ -106,6 +106,9 @@
+Index: Python-2.7.7/pyconfig.h.in
+===================================================================
+--- Python-2.7.7.orig/pyconfig.h.in 2014-05-31 20:58:40.000000000 +0200
++++ Python-2.7.7/pyconfig.h.in 2014-06-20 14:33:10.961250502 +0200
+@@ -109,6 +109,9 @@
/* Define to 1 if you have the 'chflags' function. */
#undef HAVE_CHFLAGS
@@ -66,11 +70,13 @@
/* Define to 1 if you have the `chown' function. */
#undef HAVE_CHOWN
---- a/configure.ac
-+++ b/configure.ac
-@@ -2913,7 +2913,7 @@
+Index: Python-2.7.7/configure.ac
+===================================================================
+--- Python-2.7.7.orig/configure.ac 2014-06-20 14:33:06.694228054 +0200
++++ Python-2.7.7/configure.ac 2014-06-20 14:33:10.961250502 +0200
+@@ -2935,7 +2935,7 @@
getpriority getresuid getresgid getpwent getspnam getspent getsid getwd \
- initgroups kill killpg lchmod lchown lstat mkfifo mknod mktime \
+ initgroups kill killpg lchmod lchown lstat mkfifo mknod mktime mmap \
mremap nice pathconf pause plock poll pthread_init \
- putenv readlink realpath \
+ putenv readlink realpath canonicalize_file_name \
++++++ python-2.7.6-docs-html.tar.bz2 -> python-2.7.7-docs-html.tar.bz2 ++++++
++++ 59205 lines of diff (skipped)
++++++ python-2.7.6-docs-pdf-a4.tar.bz2 -> python-2.7.7-docs-pdf-a4.tar.bz2
++++++
/work/SRC/openSUSE:Factory/python/python-2.7.6-docs-pdf-a4.tar.bz2
/work/SRC/openSUSE:Factory/.python.new/python-2.7.7-docs-pdf-a4.tar.bz2 differ:
char 11, line 1
++++++ python-2.7.6-docs-pdf-letter.tar.bz2 ->
python-2.7.7-docs-pdf-letter.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/python/python-2.7.6-docs-pdf-letter.tar.bz2
/work/SRC/openSUSE:Factory/.python.new/python-2.7.7-docs-pdf-letter.tar.bz2
differ: char 11, line 1
++++++ xmlrpc_gzip_27.patch ++++++
--- /var/tmp/diff_new_pack.6D7Jw3/_old 2014-06-25 15:24:13.000000000 +0200
+++ /var/tmp/diff_new_pack.6D7Jw3/_new 2014-06-25 15:24:13.000000000 +0200
@@ -1,7 +1,8 @@
-diff --git a/Doc/library/xmlrpclib.rst b/Doc/library/xmlrpclib.rst
---- a/Doc/library/xmlrpclib.rst
-+++ b/Doc/library/xmlrpclib.rst
-@@ -120,6 +120,15 @@
+Index: Python-2.7.7/Doc/library/xmlrpclib.rst
+===================================================================
+--- Python-2.7.7.orig/Doc/library/xmlrpclib.rst 2014-05-31
20:58:38.000000000 +0200
++++ Python-2.7.7/Doc/library/xmlrpclib.rst 2014-06-20 14:51:40.282081132
+0200
+@@ -127,6 +127,15 @@
*__dict__* attribute and don't have a base class that is marshalled in a
special way.
@@ -17,11 +18,53 @@
.. seealso::
-diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py
---- a/Lib/test/test_xmlrpc.py
-+++ b/Lib/test/test_xmlrpc.py
-@@ -19,6 +19,11 @@
- threading = None
+Index: Python-2.7.7/Lib/xmlrpclib.py
+===================================================================
+--- Python-2.7.7.orig/Lib/xmlrpclib.py 2014-05-31 20:58:39.000000000 +0200
++++ Python-2.7.7/Lib/xmlrpclib.py 2014-06-20 14:51:40.282081132 +0200
+@@ -49,6 +49,7 @@
+ # 2003-07-12 gp Correct marshalling of Faults
+ # 2003-10-31 mvl Add multicall support
+ # 2004-08-20 mvl Bump minimum supported Python version to 2.1
++# 2013-01-20 ch Add workaround for gzip bomb vulnerability
+ #
+ # Copyright (c) 1999-2002 by Secret Labs AB.
+ # Copyright (c) 1999-2002 by Fredrik Lundh.
+@@ -147,6 +148,10 @@
+ except ImportError:
+ gzip = None #python can be built without zlib/gzip support
+
++# Limit the maximum amount of decoded data that is decompressed. The
++# limit prevents gzip bomb attacks.
++MAX_GZIP_DECODE = 20 * 1024 * 1024 # 20 MB
++
+ # --------------------------------------------------------------------
+ # Internal stuff
+
+@@ -1178,11 +1183,16 @@
+ f = StringIO.StringIO(data)
+ gzf = gzip.GzipFile(mode="rb", fileobj=f)
+ try:
+- decoded = gzf.read()
++ if MAX_GZIP_DECODE < 0: # no limit
++ decoded = gzf.read()
++ else:
++ decoded = gzf.read(MAX_GZIP_DECODE + 1)
+ except IOError:
+ raise ValueError("invalid data")
+ f.close()
+ gzf.close()
++ if MAX_GZIP_DECODE >= 0 and len(decoded) > MAX_GZIP_DECODE:
++ raise ValueError("max gzipped payload length exceeded")
+ return decoded
+
+ ##
+Index: Python-2.7.7/Lib/test/test_xmlrpc.py
+===================================================================
+--- Python-2.7.7.orig/Lib/test/test_xmlrpc.py 2014-05-31 20:58:39.000000000
+0200
++++ Python-2.7.7/Lib/test/test_xmlrpc.py 2014-06-20 14:51:59.993184645
+0200
+@@ -24,6 +24,11 @@
+ gzip = None
try:
+ import gzip
@@ -32,7 +75,7 @@
unicode
except NameError:
have_unicode = False
-@@ -731,7 +736,7 @@
+@@ -737,7 +742,7 @@
with cm:
p.pow(6, 8)
@@ -41,7 +84,7 @@
t = self.Transport()
p = xmlrpclib.ServerProxy(URL, transport=t)
old = self.requestHandler.encode_threshold
-@@ -744,6 +749,27 @@
+@@ -750,6 +755,27 @@
self.requestHandler.encode_threshold = old
self.assertTrue(a>b)
@@ -69,56 +112,3 @@
#Test special attributes of the ServerProxy object
class ServerProxyTestCase(unittest.TestCase):
def setUp(self):
-@@ -1011,11 +1037,8 @@
- xmlrpc_tests.append(SimpleServerTestCase)
- xmlrpc_tests.append(KeepaliveServerTestCase1)
- xmlrpc_tests.append(KeepaliveServerTestCase2)
-- try:
-- import gzip
-+ if gzip is not None:
- xmlrpc_tests.append(GzipServerTestCase)
-- except ImportError:
-- pass #gzip not supported in this build
- xmlrpc_tests.append(MultiPathServerTestCase)
- xmlrpc_tests.append(ServerProxyTestCase)
- xmlrpc_tests.append(FailingServerTestCase)
-diff --git a/Lib/xmlrpclib.py b/Lib/xmlrpclib.py
---- a/Lib/xmlrpclib.py
-+++ b/Lib/xmlrpclib.py
-@@ -49,6 +49,7 @@
- # 2003-07-12 gp Correct marshalling of Faults
- # 2003-10-31 mvl Add multicall support
- # 2004-08-20 mvl Bump minimum supported Python version to 2.1
-+# 2013-01-20 ch Add workaround for gzip bomb vulnerability
- #
- # Copyright (c) 1999-2002 by Secret Labs AB.
- # Copyright (c) 1999-2002 by Fredrik Lundh.
-@@ -147,6 +148,10 @@
- except ImportError:
- gzip = None #python can be built without zlib/gzip support
-
-+# Limit the maximum amount of decoded data that is decompressed. The
-+# limit prevents gzip bomb attacks.
-+MAX_GZIP_DECODE = 20 * 1024 * 1024 # 20 MB
-+
- # --------------------------------------------------------------------
- # Internal stuff
-
-@@ -1178,11 +1183,16 @@
- f = StringIO.StringIO(data)
- gzf = gzip.GzipFile(mode="rb", fileobj=f)
- try:
-- decoded = gzf.read()
-+ if MAX_GZIP_DECODE < 0: # no limit
-+ decoded = gzf.read()
-+ else:
-+ decoded = gzf.read(MAX_GZIP_DECODE + 1)
- except IOError:
- raise ValueError("invalid data")
- f.close()
- gzf.close()
-+ if MAX_GZIP_DECODE >= 0 and len(decoded) > MAX_GZIP_DECODE:
-+ raise ValueError("max gzipped payload length exceeded")
- return decoded
-
- ##
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
