Hello community, here is the log from the commit of package python for openSUSE:Factory checked in at 2014-10-05 20:30:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python (Old) and /work/SRC/openSUSE:Factory/.python.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python" Changes: -------- --- /work/SRC/openSUSE:Factory/python/python-base.changes 2014-07-28 06:31:18.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python.new/python-base.changes 2014-10-05 20:31:03.000000000 +0200 @@ -1,0 +2,9 @@ +Tue Sep 30 15:06:15 UTC 2014 - jmatejek@suse.com + +- update to 2.7.8 + * bugfix-only release, dozens of bugs fixed + * fixes CVE-2014-4650 directory traversal in CGIHTTPServer + * fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer() +- dropped upstreamed CVE-2014-4650-CGIHTTPserver-traversal.patch + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/python/python-doc.changes 2014-06-25 15:24:07.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python.new/python-doc.changes 2014-10-05 20:31:03.000000000 +0200 @@ -1,0 +2,5 @@ +Tue Sep 30 15:32:07 UTC 2014 - jmatejek@suse.com + +- update to 2.7.8 + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/python/python.changes 2014-06-25 15:24:07.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python.new/python.changes 2014-10-05 20:31:03.000000000 +0200 @@ -1,0 +2,6 @@ +Tue Sep 30 15:27:40 UTC 2014 - jmatejek@suse.com + +- update to 2.7.8 + * bugfix-only release, dozens of bugs fixed + +------------------------------------------------------------------- Old: ---- CVE-2014-4650-CGIHTTPServer-traversal.patch Python-2.7.7.tar.xz Python-2.7.7.tar.xz.asc python-2.7.7-docs-html.tar.bz2 python-2.7.7-docs-pdf-a4.tar.bz2 python-2.7.7-docs-pdf-letter.tar.bz2 New: ---- Python-2.7.8.tar.xz Python-2.7.8.tar.xz.asc python-2.7.8-docs-html.tar.bz2 python-2.7.8-docs-pdf-a4.tar.bz2 python-2.7.8-docs-pdf-letter.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-base.spec ++++++ --- /var/tmp/diff_new_pack.Vo2fyt/_old 2014-10-05 20:31:05.000000000 +0200 +++ /var/tmp/diff_new_pack.Vo2fyt/_new 2014-10-05 20:31:05.000000000 +0200 @@ -17,7 +17,7 @@ Name: python-base -Version: 2.7.7 +Version: 2.7.8 Release: 0 Summary: Python Interpreter base package License: Python-2.0 @@ -57,8 +57,6 @@ # CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib Patch28: smtplib_maxline-2.7.patch Patch29: python-2.7.6-poplib.patch -# CVE-2014-4650 - File disclosure and directory traversal in CGIHTTPServer -Patch30: CVE-2014-4650-CGIHTTPServer-traversal.patch # remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere) Patch31: python-2.7.7-mhlib-linkcount.patch # COMMON-PATCH-END @@ -153,7 +151,6 @@ %patch26 -p1 %patch28 -p1 %patch29 -p1 -%patch30 -p1 %patch31 -p1 # drop Autoconf version requirement ++++++ python-doc.spec ++++++ --- /var/tmp/diff_new_pack.Vo2fyt/_old 2014-10-05 20:31:05.000000000 +0200 +++ /var/tmp/diff_new_pack.Vo2fyt/_new 2014-10-05 20:31:05.000000000 +0200 @@ -16,7 +16,7 @@ # Name: python-doc -Version: 2.7.7 +Version: 2.7.8 Release: 0 Summary: Additional Package Documentation for Python License: Python-2.0 @@ -60,8 +60,6 @@ # CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib Patch28: smtplib_maxline-2.7.patch Patch29: python-2.7.6-poplib.patch -# CVE-2014-4650 - File disclosure and directory traversal in CGIHTTPServer -Patch30: CVE-2014-4650-CGIHTTPServer-traversal.patch # remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere) Patch31: python-2.7.7-mhlib-linkcount.patch # COMMON-PATCH-END @@ -110,7 +108,6 @@ %patch26 -p1 %patch28 -p1 %patch29 -p1 -%patch30 -p1 %patch31 -p1 # drop Autoconf version requirement ++++++ python.spec ++++++ --- /var/tmp/diff_new_pack.Vo2fyt/_old 2014-10-05 20:31:05.000000000 +0200 +++ /var/tmp/diff_new_pack.Vo2fyt/_new 2014-10-05 20:31:05.000000000 +0200 @@ -16,7 +16,7 @@ # Name: python -Version: 2.7.7 +Version: 2.7.8 Release: 0 Summary: Python Interpreter License: Python-2.0 @@ -61,8 +61,6 @@ # CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib Patch28: smtplib_maxline-2.7.patch Patch29: python-2.7.6-poplib.patch -# CVE-2014-4650 - File disclosure and directory traversal in CGIHTTPServer -Patch30: CVE-2014-4650-CGIHTTPServer-traversal.patch # remove link count optimization that breaks mhlib on btrfs (and possibly elsewhere) Patch31: python-2.7.7-mhlib-linkcount.patch # COMMON-PATCH-END @@ -187,7 +185,6 @@ %patch26 -p1 %patch28 -p1 %patch29 -p1 -%patch30 -p1 %patch31 -p1 # drop Autoconf version requirement ++++++ Python-2.7.7.tar.xz -> Python-2.7.8.tar.xz ++++++ /work/SRC/openSUSE:Factory/python/Python-2.7.7.tar.xz /work/SRC/openSUSE:Factory/.python.new/Python-2.7.8.tar.xz differ: char 26, line 1 ++++++ python-2.7.7-docs-html.tar.bz2 -> python-2.7.8-docs-html.tar.bz2 ++++++ ++++ 239784 lines of diff (skipped) ++++++ python-2.7.7-docs-pdf-a4.tar.bz2 -> python-2.7.8-docs-pdf-a4.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/python/python-2.7.7-docs-pdf-a4.tar.bz2 /work/SRC/openSUSE:Factory/.python.new/python-2.7.8-docs-pdf-a4.tar.bz2 differ: char 11, line 1 ++++++ python-2.7.7-docs-pdf-letter.tar.bz2 -> python-2.7.8-docs-pdf-letter.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/python/python-2.7.7-docs-pdf-letter.tar.bz2 /work/SRC/openSUSE:Factory/.python.new/python-2.7.8-docs-pdf-letter.tar.bz2 differ: char 11, line 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org