* Wed Mar 01 2023 mcepl@suse.com
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
* Fri Jan 27 2023 kukuk@suse.com
- Disable NIS for new products, it's deprecated and gets removed
* Thu Jan 19 2023 mcepl@suse.com
- Add skip_unverified_test.patch because apparently switching off
SSL verification doesn't work on older SLE.
* Tue Nov 22 2022 mcepl@suse.com
- Restore python-2.7.9-sles-disable-verification-by-default.patch
for SLE-12.
* Wed Nov 09 2022 mcepl@suse.com
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
* Tue Sep 13 2022 bwiedemann@suse.com
- Add bpo34990-2038-problem-compileall.patch making compileall.py
compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
backport of fix to Python 2.7.
* Wed Sep 07 2022 steven.kowalik@suse.com
- Add patch CVE-2021-28861-double-slash-path.patch:
* BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
* Thu Jun 09 2022 mcepl@suse.com
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
* Tue May 24 2022 mliska@suse.cz
- Filter out executable-stack error that is triggered for i586
target.
* Sat Feb 26 2022 mcepl@suse.com
- Update bundled pip wheel to the latest SLE version patched
against bsc#1186819 (CVE-2021-3572).
- Recover again proper value of %python2_package_prefix
(bsc#1175619).