Hello community,
here is the log from the commit of package python for openSUSE:Factory checked in at 2014-07-28 06:31:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python (Old)
and /work/SRC/openSUSE:Factory/.python.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python"
Changes:
--------
--- /work/SRC/openSUSE:Factory/python/python-base.changes 2014-06-25 15:24:07.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.python.new/python-base.changes 2014-07-28 06:31:18.000000000 +0200
@@ -1,0 +2,9 @@
+Wed Jul 23 16:48:38 UTC 2014 - jmatejek@suse.com
+
+- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file
+ disclosure and directory traversal through URL-encoded characters
+ (CVE-2014-4650, bnc#885882)
+- python-2.7.7-mhlib-linkcount.patch: remove link count optimizations
+ that are incorrect on btrfs (and possibly other filesystems)
+
+-------------------------------------------------------------------
python.changes: same change
New:
----
CVE-2014-4650-CGIHTTPServer-traversal.patch
python-2.7.7-mhlib-linkcount.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-base.spec ++++++
--- /var/tmp/diff_new_pack.jfvqCf/_old 2014-07-28 06:31:20.000000000 +0200
+++ /var/tmp/diff_new_pack.jfvqCf/_new 2014-07-28 06:31:20.000000000 +0200
@@ -57,6 +57,10 @@
# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
Patch28: smtplib_maxline-2.7.patch
Patch29: python-2.7.6-poplib.patch
+# CVE-2014-4650 - File disclosure and directory traversal in CGIHTTPServer
+Patch30: CVE-2014-4650-CGIHTTPServer-traversal.patch
+# remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
+Patch31: python-2.7.7-mhlib-linkcount.patch
# COMMON-PATCH-END
%define python_version %(echo %{tarversion} | head -c 3)
BuildRequires: automake
@@ -149,6 +153,8 @@
%patch26 -p1
%patch28 -p1
%patch29 -p1
+%patch30 -p1
+%patch31 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
++++++ python-doc.spec ++++++
--- /var/tmp/diff_new_pack.jfvqCf/_old 2014-07-28 06:31:20.000000000 +0200
+++ /var/tmp/diff_new_pack.jfvqCf/_new 2014-07-28 06:31:20.000000000 +0200
@@ -60,6 +60,10 @@
# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
Patch28: smtplib_maxline-2.7.patch
Patch29: python-2.7.6-poplib.patch
+# CVE-2014-4650 - File disclosure and directory traversal in CGIHTTPServer
+Patch30: CVE-2014-4650-CGIHTTPServer-traversal.patch
+# remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
+Patch31: python-2.7.7-mhlib-linkcount.patch
# COMMON-PATCH-END
Provides: pyth_doc
Provides: pyth_ps
@@ -106,6 +110,8 @@
%patch26 -p1
%patch28 -p1
%patch29 -p1
+%patch30 -p1
+%patch31 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
++++++ python.spec ++++++
--- /var/tmp/diff_new_pack.jfvqCf/_old 2014-07-28 06:31:20.000000000 +0200
+++ /var/tmp/diff_new_pack.jfvqCf/_new 2014-07-28 06:31:20.000000000 +0200
@@ -61,6 +61,10 @@
# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
Patch28: smtplib_maxline-2.7.patch
Patch29: python-2.7.6-poplib.patch
+# CVE-2014-4650 - File disclosure and directory traversal in CGIHTTPServer
+Patch30: CVE-2014-4650-CGIHTTPServer-traversal.patch
+# remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere)
+Patch31: python-2.7.7-mhlib-linkcount.patch
# COMMON-PATCH-END
BuildRequires: automake
BuildRequires: db-devel
@@ -183,6 +187,8 @@
%patch26 -p1
%patch28 -p1
%patch29 -p1
+%patch30 -p1
+%patch31 -p1
# drop Autoconf version requirement
sed -i 's/^version_required/dnl version_required/' configure.ac
++++++ CVE-2014-4650-CGIHTTPServer-traversal.patch ++++++
# HG changeset patch
# User Benjamin Peterson