Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: python-xml | Distribution: openSUSE Tumbleweed |
Version: 2.7.18 | Vendor: openSUSE |
Release: 49.1 | Build date: Mon Jul 15 14:19:43 2024 |
Group: Development/Libraries/Python | Build host: reproducible |
Size: 759617 | Source RPM: python-base-2.7.18-49.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://www.python.org/ | |
Summary: A Python XML Interface |
The expat module is a Python interface to the expat XML parser. Since Python2.x, it is part of the core Python distribution.
Python-2.0
* Mon Jul 15 2024 Matej Cepl <mcepl@cepl.eu> - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). * Wed May 22 2024 Matej Cepl <mcepl@cepl.eu> - Restore _multibuild * Sat May 18 2024 Matej Cepl <mcepl@suse.com> - bsc#1221854 (CVE-2024-0450) Add CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch detecting the vulnerability of the "quoted-overlap" zipbomb (from gh#python/cpython!110016). * Sat May 11 2024 Matej Cepl <mcepl@cepl.eu> - Switch to using the system libexpat (bsc#1219559, CVE-2023-52425) - Make sure to remove all embedded versions of other packages (including expat). - Add CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch removing failing test fixing bpo#3151, which we just not support. - Remove patches over those embedded packages (cffi): - python-2.7-libffi-aarch64.patch - sparc_longdouble.patch * Tue Apr 16 2024 Matej Cepl <mcepl@cepl.eu> - Modify CVE-2023-27043-email-parsing-errors.patch to fix the unicode string handling in email.utils.parseaddr() (bsc#1222537). - Revert CVE-2022-48560-after-free-heappushpop.patch, the fix was unneeded. * Mon Mar 18 2024 Matej Cepl <mcepl@cepl.eu> - Switch off tests. ONLY FOR FACTORY!!! (bsc#1219306) * Tue Mar 05 2024 Daniel Garcia <daniel.garcia@suse.com> - Build with -std=gnu89 to build correctly with gcc14, bsc#1220970 * Mon Jan 08 2024 Daniel Garcia <daniel.garcia@suse.com> - Add CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). * Mon Nov 27 2023 Matej Cepl <mcepl@cepl.eu> - Add CVE-2022-48560-after-free-heappushpop.patch fixing use-after-free in Python via heappushpop in heapq (bsc#1214675, CVE-2022-48560). - switch from %patchN style to the %patch -P N one. * Sat Sep 16 2023 Matej Cepl <mcepl@suse.com> - (bsc#1214691, CVE-2022-48566) Add CVE-2022-48566-compare_digest-more-constant.patch to make compare_digest more constant-time. - Allow nis.so for SLE-12. * Thu Sep 14 2023 Matej Cepl <mcepl@suse.com> - (bsc#1214685, CVE-2022-48565) Add CVE-2022-48565-plistlib-XML-vulns.patch (from gh#python/cpython#86217) reject XML entity declarations in plist files. - Remove BOTH CVE-2023-27043-email-parsing-errors.patch and Revert-gh105127-left-tests.patch (as per discussion on bsc#1210638). * Tue Sep 12 2023 Daniel Garcia <daniel.garcia@suse.com> - Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing gh#python/cpython#108310, backport from upstream patch gh#python/cpython#108315 (bsc#1214692, CVE-2023-40217) * Thu Aug 03 2023 Matej Cepl <mcepl@suse.com> - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. * Tue Jul 11 2023 Matej Cepl <mcepl@suse.com> - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). * Wed Jun 07 2023 Matej Cepl <mcepl@suse.com> - Fix the application of the python-2.7.17-switch-off-failing-SSL-tests.patch. * Tue May 30 2023 Andreas Schwab <schwab@suse.de> - python-2.7.5-multilib.patch: Update for riscv64 - Don't fail if _ctypes or dl extension was not built * Mon May 29 2023 Matej Cepl <mcepl@suse.com> - The condition around libnsl-devel BuildRequires is NOT switching off NIS support on SLE < 15, support for NIS used to be in the glibc itself. Partial revert of sr#1061583. * Wed May 24 2023 Matej Cepl <mcepl@suse.com> - Add PygmentsBridge-trime_doctest_flags.patch to allow build of the documentation even with the current Sphinx. (SUSE-ONLY PATCH, DO NOT SEND UPSTREAM!) * Wed Mar 08 2023 Matej Cepl <mcepl@suse.com> - Enable --with-system-ffi for non-standard architectures. * Mon Mar 06 2023 Matej Cepl <mcepl@suse.com> - SLE-12 builds nis.so as well. * Wed Mar 01 2023 Matej Cepl <mcepl@suse.com> - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters * Fri Jan 27 2023 Thorsten Kukuk <kukuk@suse.com> - Disable NIS for new products, it's deprecated and gets removed * Thu Jan 19 2023 Matej Cepl <mcepl@suse.com> - Add skip_unverified_test.patch because apparently switching off SSL verification doesn't work on older SLE. * Tue Nov 22 2022 Matej Cepl <mcepl@suse.com> - Restore python-2.7.9-sles-disable-verification-by-default.patch for SLE-12. * Wed Nov 09 2022 Matej Cepl <mcepl@suse.com> - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names. * Tue Sep 13 2022 Bernhard Wiedemann <bwiedemann@suse.com> - Add bpo34990-2038-problem-compileall.patch making compileall.py compliant with year 2038 (bsc#1202666, gh#python/cpython#79171), backport of fix to Python 2.7. * Wed Sep 07 2022 Steve Kowalik <steven.kowalik@suse.com> - Add patch CVE-2021-28861-double-slash-path.patch: * BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. (bsc#1202624, CVE-2021-28861) * Thu Jun 09 2022 Matej Cepl <mcepl@suse.com> - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. * Tue May 24 2022 Martin Liška <mliska@suse.cz> - Filter out executable-stack error that is triggered for i586 target. * Sat Feb 26 2022 Matej Cepl <mcepl@suse.com> - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). - Recover again proper value of %python2_package_prefix (bsc#1175619). * Fri Feb 18 2022 Matej Cepl <mcepl@suse.com> - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. * Fri Feb 18 2022 Matej Cepl <mcepl@suse.com> - Older SLE versions should use old OpenSSL. * Wed Feb 09 2022 Matej Cepl <mcepl@suse.com> - Add CVE-2022-0391-urllib_parse-newline-parsing.patch (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs containing ASCII newline and tabs in urlparse. * Sun Feb 06 2022 Matej Cepl <mcepl@suse.com> - Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146, bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib not trust the PASV response. * Mon Dec 06 2021 Dirk Müller <dmueller@suse.com> - build against openssl 1.1.x (incompatible with openssl 3.0x) for now. * Tue Nov 02 2021 Marcus Meissner <meissner@suse.com> - on sle12, python2 modules will still be called python-xxxx until EOL, for newer SLE versions they will be python2-xxxx * Fri Oct 15 2021 Dominique Leuenberger <dimstar@opensuse.org> - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. * Tue Sep 21 2021 Matej Cepl <mcepl@suse.com> - Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch. - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). - Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211 (CVE-2020-26116, bpo#39603) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Such characters now raise ValueError. * Thu Aug 26 2021 Fusion Future <qydwhotmail@gmail.com> - Renamed patch for assigned CVE: * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch -> CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (boo#1189241, CVE-2021-3737) * Mon Aug 23 2021 Fusion Future <qydwhotmail@gmail.com> - Renamed patch for assigned CVE: * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch (boo#1189287, CVE-2021-3733) - Fix python-doc build (bpo#35293): * sphinx-update-removed-function.patch - Update documentation formatting for Sphinx 3.0 (bpo#40204). * Tue Aug 10 2021 Fusion Future <qydwhotmail@gmail.com> - Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in request (bpo#43075, boo#1189287). - Add missing security announcement to bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch. * Mon Aug 09 2021 Fusion Future <qydwhotmail@gmail.com> - Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch which fixes http client infinite line reading (DoS) after a http 100 (bpo#44022, boo#1189241). * Fri Jul 16 2021 Matej Cepl <mcepl@suse.com> - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). * Fri Feb 26 2021 Matej Cepl <mcepl@suse.com> - Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336). * Mon Jan 25 2021 Matej Cepl <mcepl@suse.com> - Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution. * Tue Jan 05 2021 Matej Cepl <mcepl@suse.com> - (bsc#1180125) We really don't Require python-rpm-macros package. Unnecessary dependency.
/usr/lib64/python2.7/lib-dynload/pyexpat.so /usr/lib64/python2.7/xml /usr/lib64/python2.7/xml/__init__.py /usr/lib64/python2.7/xml/__init__.pyc /usr/lib64/python2.7/xml/__init__.pyo /usr/lib64/python2.7/xml/dom /usr/lib64/python2.7/xml/dom/NodeFilter.py /usr/lib64/python2.7/xml/dom/NodeFilter.pyc /usr/lib64/python2.7/xml/dom/NodeFilter.pyo /usr/lib64/python2.7/xml/dom/__init__.py /usr/lib64/python2.7/xml/dom/__init__.pyc /usr/lib64/python2.7/xml/dom/__init__.pyo /usr/lib64/python2.7/xml/dom/domreg.py /usr/lib64/python2.7/xml/dom/domreg.pyc /usr/lib64/python2.7/xml/dom/domreg.pyo /usr/lib64/python2.7/xml/dom/expatbuilder.py /usr/lib64/python2.7/xml/dom/expatbuilder.pyc /usr/lib64/python2.7/xml/dom/expatbuilder.pyo /usr/lib64/python2.7/xml/dom/minicompat.py /usr/lib64/python2.7/xml/dom/minicompat.pyc /usr/lib64/python2.7/xml/dom/minicompat.pyo /usr/lib64/python2.7/xml/dom/minidom.py /usr/lib64/python2.7/xml/dom/minidom.pyc /usr/lib64/python2.7/xml/dom/minidom.pyo /usr/lib64/python2.7/xml/dom/pulldom.py /usr/lib64/python2.7/xml/dom/pulldom.pyc /usr/lib64/python2.7/xml/dom/pulldom.pyo /usr/lib64/python2.7/xml/dom/xmlbuilder.py /usr/lib64/python2.7/xml/dom/xmlbuilder.pyc /usr/lib64/python2.7/xml/dom/xmlbuilder.pyo /usr/lib64/python2.7/xml/etree /usr/lib64/python2.7/xml/etree/ElementInclude.py /usr/lib64/python2.7/xml/etree/ElementInclude.pyc /usr/lib64/python2.7/xml/etree/ElementInclude.pyo /usr/lib64/python2.7/xml/etree/ElementPath.py /usr/lib64/python2.7/xml/etree/ElementPath.pyc /usr/lib64/python2.7/xml/etree/ElementPath.pyo /usr/lib64/python2.7/xml/etree/ElementTree.py /usr/lib64/python2.7/xml/etree/ElementTree.pyc /usr/lib64/python2.7/xml/etree/ElementTree.pyo /usr/lib64/python2.7/xml/etree/__init__.py /usr/lib64/python2.7/xml/etree/__init__.pyc /usr/lib64/python2.7/xml/etree/__init__.pyo /usr/lib64/python2.7/xml/etree/cElementTree.py /usr/lib64/python2.7/xml/etree/cElementTree.pyc /usr/lib64/python2.7/xml/etree/cElementTree.pyo /usr/lib64/python2.7/xml/parsers /usr/lib64/python2.7/xml/parsers/__init__.py /usr/lib64/python2.7/xml/parsers/__init__.pyc /usr/lib64/python2.7/xml/parsers/__init__.pyo /usr/lib64/python2.7/xml/parsers/expat.py /usr/lib64/python2.7/xml/parsers/expat.pyc /usr/lib64/python2.7/xml/parsers/expat.pyo /usr/lib64/python2.7/xml/sax /usr/lib64/python2.7/xml/sax/__init__.py /usr/lib64/python2.7/xml/sax/__init__.pyc /usr/lib64/python2.7/xml/sax/__init__.pyo /usr/lib64/python2.7/xml/sax/_exceptions.py /usr/lib64/python2.7/xml/sax/_exceptions.pyc /usr/lib64/python2.7/xml/sax/_exceptions.pyo /usr/lib64/python2.7/xml/sax/expatreader.py /usr/lib64/python2.7/xml/sax/expatreader.pyc /usr/lib64/python2.7/xml/sax/expatreader.pyo /usr/lib64/python2.7/xml/sax/handler.py /usr/lib64/python2.7/xml/sax/handler.pyc /usr/lib64/python2.7/xml/sax/handler.pyo /usr/lib64/python2.7/xml/sax/saxutils.py /usr/lib64/python2.7/xml/sax/saxutils.pyc /usr/lib64/python2.7/xml/sax/saxutils.pyo /usr/lib64/python2.7/xml/sax/xmlreader.py /usr/lib64/python2.7/xml/sax/xmlreader.pyc /usr/lib64/python2.7/xml/sax/xmlreader.pyo
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Oct 18 00:12:25 2024