This release fixes CVE-2019-9740, CVE-2019-9948, CVE-2019-15903.
Adjust 0002-Fix-get_python_inc-for-cross-compilation.patch for 2.7.17.
Remove the following patches (now on upstream):
* 0035-bpo-35907-CVE-2019-9948-urllib-rejects-local_file-sc.patch
* 0036-bpo-36216-Add-check-for-characters-in-netloc-that-no.patch
* 0037-3.7-bpo-36216-Only-print-test-messages-when-verbose-.patch
* 0038-bpo-36742-Fixes-handling-of-pre-normalization-charac.patch
* 0039-bpo-36742-Corrects-fix-to-handle-decomposition-in-us.patch
* 0040-2.7-bpo-36742-Fix-urlparse.urlsplit-error-message-fo.patch
* 0041-bpo-30458-Disallow-control-chars-in-http-URLs-GH-127.patch
Full release details at:
https://github.com/python/cpython/blob/v2.7.17/Misc/NEWS.d/2.7.17rc1.rst
run-tests results:
10:30:20 TestPython2 Starting
10:30:21 TestPython2 Building
10:37:37 TestPython2 Building done
10:37:47 TestPython2 Cleaning up
.
----------------------------------------------------------------------
Ran 1 test in 448.616s
OK
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2013-1752: Change use of readline() in :class:`imaplib.IMAP4_SSL` to limit line length
- CVE-2018-14647: The C accelerated _elementtree module now initializes hash
randomization salt from _Py_HashSecret instead of libexpat's default
CSPRNG.
For more details, see the NEWS file:
https://github.com/python/cpython/blob/v2.7.16/Misc/NEWS.d/2.7.16rc1.rst
Refresh patches, drop now upstream
package/python/0035-bpo-35746-Fix-segfault-in-ssl-s-cert-parser-GH-11569.patch
and adjust hash of LICENSE file for a change of copyright years.
run-tests results:
16:05:41 TestPython2 Starting
16:05:42 TestPython2 Building
16:11:26 TestPython2 Building done
16:11:32 TestPython2 Cleaning up
.
----------------------------------------------------------------------
Ran 1 test in 351.905s
OK
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Rebased 011-remove-python-symlink.patch
[Peter: correct .hash file comment as pointed out by Baruch]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patches are simply refreshed, except
004-sysconfigdata-install-location.patch where a minor conflict
resolution was needed.
[Peter: fixup .hash as pointed out by Arnout]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
