Package Release Info

python-base-2.7.18-150000.38.2

Update Info: Base Release
Available in Package Hub : 15 SP4 Subpackages

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

python-devel

Change Logs

* Sat Feb 26 2022 mcepl@suse.com 
- Update bundled pip wheel to the latest SLE version patched
  against bsc#1186819 (CVE-2021-3572).
- Recover again proper value of %python2_package_prefix
  (bsc#1175619).
* Fri Feb 18 2022 mcepl@suse.com 
- BuildRequire rpm-build-python: The provider to inject python(abi)
  has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.
* Fri Feb 18 2022 mcepl@suse.com 
- Older SLE versions should use old OpenSSL.
* Wed Feb 09 2022 mcepl@suse.com 
- Add CVE-2022-0391-urllib_parse-newline-parsing.patch
  (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs
  containing ASCII newline and tabs in urlparse.
* Sun Feb 06 2022 mcepl@suse.com 
- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,
  bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib
  not trust the PASV response.
* Mon Dec 06 2021 dmueller@suse.com 
- build against openssl 1.1.x (incompatible with openssl 3.0x)
  for now.
* Tue Nov 02 2021 meissner@suse.com 
- on sle12, python2 modules will still be called python-xxxx until EOL,
  for newer SLE versions they will be python2-xxxx
* Fri Oct 15 2021 dimstar@opensuse.org 
- BuildRequire rpm-build-python: The provider to inject python(abi)
  has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.
* Tue Sep 21 2021 mcepl@suse.com 
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
  (CVE-2019-20907, bpo#39017) avoiding possible infinite loop
  in specifically crafted tarball.
  Add recursion.tar as a testing tarball for the patch.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
  (CVE-2020-26116, bpo#39603) no longer allowing special characters in
  the method parameter of HTTPConnection.putrequest in httplib, stopping
  injection of headers. Such characters now raise ValueError.
* Thu Aug 26 2021 qydwhotmail@gmail.com 
- Renamed patch for assigned CVE:
  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    (boo#1189241, CVE-2021-3737)