| |
@@ -153,7 +153,7 @@
|
| |
Summary: Version 3 of the Python programming language aka Python 3000
|
| |
Name: python%{pyshortver}
|
| |
Version: %{pybasever}.10
|
| |
- Release: 2%{?dist}
|
| |
+ Release: 4%{?dist}
|
| |
License: Python
|
| |
|
| |
|
| |
@@ -509,6 +509,20 @@
|
| |
# but the LIBPL variable defined there doesn't respect libdir macro
|
| |
Patch205: 00205-make-libpl-respect-lib64.patch
|
| |
|
| |
+ # 00320 #
|
| |
+ # Security fix for CVE-2019-10160: Information Disclosure due to urlsplit improper NFKC normalization
|
| |
+ # Fixed upstream for later branches: https://bugs.python.org/issue36742
|
| |
+ # Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1718867
|
| |
+ Patch320: 00320-CVE-2019-10160.patch
|
| |
+
|
| |
+ # 00332 #
|
| |
+ # Fix CVE-2019-16056: Don't parse email addresses containing
|
| |
+ # multiple '@' characters.
|
| |
+ # Fixed upstream and backported from the 3.5 branch:
|
| |
+ # https://bugs.python.org/issue34155
|
| |
+ # Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1750457
|
| |
+ Patch332: 00332-CVE-2019-16056.patch
|
| |
+
|
| |
# (New patches go here ^^^)
|
| |
#
|
| |
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
| |
@@ -545,6 +559,16 @@
|
| |
Provides: bundled(python%{pyshortver}-setuptools) = 28.8.0
|
| |
%endif
|
| |
|
| |
+ # The IUS repository previously maintained a python34u package. Python 3.4 is
|
| |
+ # EOL upstream, meaning IUS pacakges will be retired soon. As a coordinated
|
| |
+ # effort, obsolete it here to transition users to the EPEL package. See this
|
| |
+ # issue for more details:
|
| |
+ # https://github.com/iusrepo/packaging/issues/7
|
| |
+ Provides: python34u = %{version}-%{release}
|
| |
+ Provides: python34u%{?_isa} = %{version}-%{release}
|
| |
+ Obsoletes: python34u < 3.4.8-2
|
| |
+
|
| |
+
|
| |
%description
|
| |
Python 3 is a new version of the language that is incompatible with the 2.x
|
| |
line of releases. The language is mostly the same, but many details, especially
|
| |
@@ -566,6 +590,12 @@
|
| |
Requires: expat >= 2.1.0
|
| |
%endif
|
| |
|
| |
+ # Obsolete IUS package
|
| |
+ Provides: python34u-libs = %{version}-%{release}
|
| |
+ Provides: python34u-libs%{?_isa} = %{version}-%{release}
|
| |
+ Obsoletes: python34u-libs < 3.4.8-2
|
| |
+
|
| |
+
|
| |
%description libs
|
| |
This package contains files used to embed Python 3 into applications.
|
| |
|
| |
@@ -581,6 +611,12 @@
|
| |
%endif
|
| |
Conflicts: %{name} < %{version}-%{release}
|
| |
|
| |
+ # Obsolete IUS package
|
| |
+ Provides: python34u-devel = %{version}-%{release}
|
| |
+ Provides: python34u-devel%{?_isa} = %{version}-%{release}
|
| |
+ Obsoletes: python34u-devel < 3.4.8-2
|
| |
+
|
| |
+
|
| |
%description devel
|
| |
This package contains libraries and header files used to build applications
|
| |
with and native libraries for Python 3
|
| |
@@ -590,6 +626,12 @@
|
| |
Requires: %{name} = %{version}-%{release}
|
| |
Requires: %{name}-tkinter = %{version}-%{release}
|
| |
|
| |
+ # Obsolete IUS package
|
| |
+ Provides: python34u-tools = %{version}-%{release}
|
| |
+ Provides: python34u-tools%{?_isa} = %{version}-%{release}
|
| |
+ Obsoletes: python34u-tools < 3.4.8-2
|
| |
+
|
| |
+
|
| |
%description tools
|
| |
This package contains several tools included with Python 3
|
| |
|
| |
@@ -597,6 +639,12 @@
|
| |
Summary: A GUI toolkit for Python 3
|
| |
Requires: %{name} = %{version}-%{release}
|
| |
|
| |
+ # Obsolete IUS package
|
| |
+ Provides: python34u-tkinter = %{version}-%{release}
|
| |
+ Provides: python34u-tkinter%{?_isa} = %{version}-%{release}
|
| |
+ Obsoletes: python34u-tkinter < 3.4.8-2
|
| |
+
|
| |
+
|
| |
%description tkinter
|
| |
The Tkinter (Tk interface) program is an graphical user interface for
|
| |
the Python scripting language.
|
| |
@@ -606,6 +654,12 @@
|
| |
Requires: %{name} = %{version}-%{release}
|
| |
Requires: %{name}-tools = %{version}-%{release}
|
| |
|
| |
+ # Obsolete IUS package
|
| |
+ Provides: python34u-test = %{version}-%{release}
|
| |
+ Provides: python34u-test%{?_isa} = %{version}-%{release}
|
| |
+ Obsoletes: python34u-test < 3.4.8-2
|
| |
+
|
| |
+
|
| |
%description test
|
| |
The test modules from the main %{name} package.
|
| |
These are in a separate package to save space, as they are almost never used
|
| |
@@ -628,6 +682,12 @@
|
| |
Requires: %{name}-tkinter%{?_isa} = %{version}-%{release}
|
| |
Requires: %{name}-tools%{?_isa} = %{version}-%{release}
|
| |
|
| |
+ # Obsolete IUS package
|
| |
+ Provides: python34u-debug = %{version}-%{release}
|
| |
+ Provides: python34u-debug%{?_isa} = %{version}-%{release}
|
| |
+ Obsoletes: python34u-debug < 3.4.8-2
|
| |
+
|
| |
+
|
| |
%description debug
|
| |
python%{pyshortver}-debug provides a version of the Python 3 runtime with numerous debugging
|
| |
features enabled, aimed at advanced Python users, such as developers of Python
|
| |
@@ -753,6 +813,8 @@
|
| |
%patch196 -p1
|
| |
%patch203 -p1
|
| |
%patch205 -p1
|
| |
+ %patch320 -p1
|
| |
+ %patch332 -p1
|
| |
|
| |
# Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there
|
| |
# are many differences between 2.6 and the Python 3 library.
|
| |
@@ -1688,6 +1750,11 @@
|
| |
# ======================================================
|
| |
|
| |
%changelog
|
| |
+ * Thu Oct 03 2019 Carl George <carl@george.computer> - 3.4.10-4
|
| |
+ - Obsolete IUS python34u packages
|
| |
+ - Fix CVE-2019-10160 (rhbz#1718867)
|
| |
+ - Fix CVE-2019-16056 (rhbz#1750457)
|
| |
+
|
| |
* Tue Apr 30 2019 Miro Hrončok <mhroncok@redhat.com> - 3.4.10-2
|
| |
- Require python3-other-rpm-macros instead of python3-rpm-macros
|
| |
|
| |
The latest ISU version is 3.4.10-3. Is this the latest ISU version that was named including the "u"?