import python2-2.7.18-4.module+el8.4.0+9577+0b56c8de
This commit is contained in:
parent
a82bf799b1
commit
a8b3294b63
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/Python-2.7.17-noexe.tar.xz
|
SOURCES/Python-2.7.18-noexe.tar.xz
|
||||||
|
@ -1 +1 @@
|
|||||||
e63124a9a86b4b52c09384915a0842adf00b9d45 SOURCES/Python-2.7.17-noexe.tar.xz
|
ce5e27d588d635469bdec487c4b1def2ffa84ba2 SOURCES/Python-2.7.18-noexe.tar.xz
|
||||||
|
@ -0,0 +1,88 @@
|
|||||||
|
diff --git a/Lib/httplib.py b/Lib/httplib.py
|
||||||
|
index fcc4152..a636774 100644
|
||||||
|
--- a/Lib/httplib.py
|
||||||
|
+++ b/Lib/httplib.py
|
||||||
|
@@ -257,6 +257,10 @@ _contains_disallowed_url_pchar_re = re.compile('[\x00-\x20\x7f-\xff]')
|
||||||
|
# _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$")
|
||||||
|
# We are more lenient for assumed real world compatibility purposes.
|
||||||
|
|
||||||
|
+# These characters are not allowed within HTTP method names
|
||||||
|
+# to prevent http header injection.
|
||||||
|
+_contains_disallowed_method_pchar_re = re.compile('[\x00-\x1f]')
|
||||||
|
+
|
||||||
|
# We always set the Content-Length header for these methods because some
|
||||||
|
# servers will otherwise respond with a 411
|
||||||
|
_METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'}
|
||||||
|
@@ -935,6 +939,8 @@ class HTTPConnection:
|
||||||
|
else:
|
||||||
|
raise CannotSendRequest()
|
||||||
|
|
||||||
|
+ self._validate_method(method)
|
||||||
|
+
|
||||||
|
# Save the method for use later in the response phase
|
||||||
|
self._method = method
|
||||||
|
|
||||||
|
@@ -1020,6 +1026,16 @@ class HTTPConnection:
|
||||||
|
# On Python 2, request is already encoded (default)
|
||||||
|
return request
|
||||||
|
|
||||||
|
+ def _validate_method(self, method):
|
||||||
|
+ """Validate a method name for putrequest."""
|
||||||
|
+ # prevent http header injection
|
||||||
|
+ match = _contains_disallowed_method_pchar_re.search(method)
|
||||||
|
+ if match:
|
||||||
|
+ raise ValueError(
|
||||||
|
+ "method can't contain control characters. %r "
|
||||||
|
+ "(found at least %r)"
|
||||||
|
+ % (method, match.group()))
|
||||||
|
+
|
||||||
|
def _validate_path(self, url):
|
||||||
|
"""Validate a url for putrequest."""
|
||||||
|
# Prevent CVE-2019-9740.
|
||||||
|
diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py
|
||||||
|
index d8a57f7..96a61dd 100644
|
||||||
|
--- a/Lib/test/test_httplib.py
|
||||||
|
+++ b/Lib/test/test_httplib.py
|
||||||
|
@@ -385,6 +385,29 @@ class HeaderTests(TestCase):
|
||||||
|
conn.putheader(name, value)
|
||||||
|
|
||||||
|
|
||||||
|
+class HttpMethodTests(TestCase):
|
||||||
|
+ def test_invalid_method_names(self):
|
||||||
|
+ methods = (
|
||||||
|
+ 'GET\r',
|
||||||
|
+ 'POST\n',
|
||||||
|
+ 'PUT\n\r',
|
||||||
|
+ 'POST\nValue',
|
||||||
|
+ 'POST\nHOST:abc',
|
||||||
|
+ 'GET\nrHost:abc\n',
|
||||||
|
+ 'POST\rRemainder:\r',
|
||||||
|
+ 'GET\rHOST:\n',
|
||||||
|
+ '\nPUT'
|
||||||
|
+ )
|
||||||
|
+
|
||||||
|
+ for method in methods:
|
||||||
|
+ with self.assertRaisesRegexp(
|
||||||
|
+ ValueError, "method can't contain control characters"):
|
||||||
|
+ conn = httplib.HTTPConnection('example.com')
|
||||||
|
+ conn.sock = FakeSocket(None)
|
||||||
|
+ conn.request(method=method, url="/")
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+
|
||||||
|
class BasicTest(TestCase):
|
||||||
|
def test_status_lines(self):
|
||||||
|
# Test HTTP status lines
|
||||||
|
@@ -1009,9 +1032,9 @@ class TunnelTests(TestCase):
|
||||||
|
|
||||||
|
@test_support.reap_threads
|
||||||
|
def test_main(verbose=None):
|
||||||
|
- test_support.run_unittest(HeaderTests, OfflineTest, BasicTest, TimeoutTest,
|
||||||
|
- HTTPTest, HTTPSTest, SourceAddressTest,
|
||||||
|
- TunnelTests)
|
||||||
|
+ test_support.run_unittest(HeaderTests, OfflineTest, HttpMethodTests,
|
||||||
|
+ BasicTest, TimeoutTest, HTTPTest, HTTPSTest,
|
||||||
|
+ SourceAddressTest, TunnelTests)
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
test_main()
|
181
SOURCES/00357-CVE-2021-3177.patch
Normal file
181
SOURCES/00357-CVE-2021-3177.patch
Normal file
@ -0,0 +1,181 @@
|
|||||||
|
commit 30e41798f40c684be57d7ccfebf5c6ad94c0ff97
|
||||||
|
Author: Petr Viktorin <pviktori@redhat.com>
|
||||||
|
Date: Wed Jan 20 15:21:43 2021 +0100
|
||||||
|
|
||||||
|
CVE-2021-3177: Replace snprintf with Python unicode formatting in ctypes param reprs
|
||||||
|
|
||||||
|
Backport of Python3 commit 916610ef90a0d0761f08747f7b0905541f0977c7:
|
||||||
|
https://bugs.python.org/issue42938
|
||||||
|
https://github.com/python/cpython/pull/24239
|
||||||
|
|
||||||
|
diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py
|
||||||
|
index 23c1b6e2259..77300d71ae1 100644
|
||||||
|
--- a/Lib/ctypes/test/test_parameters.py
|
||||||
|
+++ b/Lib/ctypes/test/test_parameters.py
|
||||||
|
@@ -206,6 +206,49 @@ class SimpleTypesTestCase(unittest.TestCase):
|
||||||
|
with self.assertRaises(ZeroDivisionError):
|
||||||
|
WorseStruct().__setstate__({}, b'foo')
|
||||||
|
|
||||||
|
+ def test_parameter_repr(self):
|
||||||
|
+ from ctypes import (
|
||||||
|
+ c_bool,
|
||||||
|
+ c_char,
|
||||||
|
+ c_wchar,
|
||||||
|
+ c_byte,
|
||||||
|
+ c_ubyte,
|
||||||
|
+ c_short,
|
||||||
|
+ c_ushort,
|
||||||
|
+ c_int,
|
||||||
|
+ c_uint,
|
||||||
|
+ c_long,
|
||||||
|
+ c_ulong,
|
||||||
|
+ c_longlong,
|
||||||
|
+ c_ulonglong,
|
||||||
|
+ c_float,
|
||||||
|
+ c_double,
|
||||||
|
+ c_longdouble,
|
||||||
|
+ c_char_p,
|
||||||
|
+ c_wchar_p,
|
||||||
|
+ c_void_p,
|
||||||
|
+ )
|
||||||
|
+ self.assertRegexpMatches(repr(c_bool.from_param(True)), r"^<cparam '\?' at 0x[A-Fa-f0-9]+>$")
|
||||||
|
+ self.assertEqual(repr(c_char.from_param('a')), "<cparam 'c' ('a')>")
|
||||||
|
+ self.assertRegexpMatches(repr(c_wchar.from_param('a')), r"^<cparam 'u' at 0x[A-Fa-f0-9]+>$")
|
||||||
|
+ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
|
||||||
|
+ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>")
|
||||||
|
+ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>")
|
||||||
|
+ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>")
|
||||||
|
+ self.assertRegexpMatches(repr(c_int.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
|
||||||
|
+ self.assertRegexpMatches(repr(c_uint.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
|
||||||
|
+ self.assertRegexpMatches(repr(c_long.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
|
||||||
|
+ self.assertRegexpMatches(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
|
||||||
|
+ self.assertRegexpMatches(repr(c_longlong.from_param(20000)), r"^<cparam '[liq]' \(20000\)>$")
|
||||||
|
+ self.assertRegexpMatches(repr(c_ulonglong.from_param(20000)), r"^<cparam '[LIQ]' \(20000\)>$")
|
||||||
|
+ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>")
|
||||||
|
+ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>")
|
||||||
|
+ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (1e+300)>")
|
||||||
|
+ self.assertRegexpMatches(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
|
||||||
|
+ self.assertRegexpMatches(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z' \(0x[A-Fa-f0-9]+\)>$")
|
||||||
|
+ self.assertRegexpMatches(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z' \(0x[A-Fa-f0-9]+\)>$")
|
||||||
|
+ self.assertRegexpMatches(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' \(0x0*12\)>$")
|
||||||
|
+
|
||||||
|
################################################################
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000000..7df65a156fe
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
|
||||||
|
+:class:`ctypes.c_longdouble` values.
|
||||||
|
diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
|
||||||
|
index 066fefc0cca..5cc3c4cf685 100644
|
||||||
|
--- a/Modules/_ctypes/callproc.c
|
||||||
|
+++ b/Modules/_ctypes/callproc.c
|
||||||
|
@@ -460,50 +460,62 @@ PyCArg_dealloc(PyCArgObject *self)
|
||||||
|
static PyObject *
|
||||||
|
PyCArg_repr(PyCArgObject *self)
|
||||||
|
{
|
||||||
|
- char buffer[256];
|
||||||
|
switch(self->tag) {
|
||||||
|
case 'b':
|
||||||
|
case 'B':
|
||||||
|
- sprintf(buffer, "<cparam '%c' (%d)>",
|
||||||
|
+ return PyString_FromFormat("<cparam '%c' (%d)>",
|
||||||
|
self->tag, self->value.b);
|
||||||
|
- break;
|
||||||
|
case 'h':
|
||||||
|
case 'H':
|
||||||
|
- sprintf(buffer, "<cparam '%c' (%d)>",
|
||||||
|
+ return PyString_FromFormat("<cparam '%c' (%d)>",
|
||||||
|
self->tag, self->value.h);
|
||||||
|
- break;
|
||||||
|
case 'i':
|
||||||
|
case 'I':
|
||||||
|
- sprintf(buffer, "<cparam '%c' (%d)>",
|
||||||
|
+ return PyString_FromFormat("<cparam '%c' (%d)>",
|
||||||
|
self->tag, self->value.i);
|
||||||
|
- break;
|
||||||
|
case 'l':
|
||||||
|
case 'L':
|
||||||
|
- sprintf(buffer, "<cparam '%c' (%ld)>",
|
||||||
|
+ return PyString_FromFormat("<cparam '%c' (%ld)>",
|
||||||
|
self->tag, self->value.l);
|
||||||
|
- break;
|
||||||
|
|
||||||
|
#ifdef HAVE_LONG_LONG
|
||||||
|
case 'q':
|
||||||
|
case 'Q':
|
||||||
|
- sprintf(buffer,
|
||||||
|
- "<cparam '%c' (%" PY_FORMAT_LONG_LONG "d)>",
|
||||||
|
+ return PyString_FromFormat("<cparam '%c' (%lld)>",
|
||||||
|
self->tag, self->value.q);
|
||||||
|
- break;
|
||||||
|
#endif
|
||||||
|
case 'd':
|
||||||
|
- sprintf(buffer, "<cparam '%c' (%f)>",
|
||||||
|
- self->tag, self->value.d);
|
||||||
|
- break;
|
||||||
|
- case 'f':
|
||||||
|
- sprintf(buffer, "<cparam '%c' (%f)>",
|
||||||
|
- self->tag, self->value.f);
|
||||||
|
- break;
|
||||||
|
-
|
||||||
|
+ case 'f': {
|
||||||
|
+ PyObject *s = PyString_FromFormat("<cparam '%c' (", self->tag);
|
||||||
|
+ if (s == NULL) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d);
|
||||||
|
+ if (f == NULL) {
|
||||||
|
+ Py_DECREF(s);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ PyObject *r = PyObject_Repr(f);
|
||||||
|
+ Py_DECREF(f);
|
||||||
|
+ if (r == NULL) {
|
||||||
|
+ Py_DECREF(s);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ PyString_ConcatAndDel(&s, r);
|
||||||
|
+ if (s == NULL) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ r = PyString_FromString(")>");
|
||||||
|
+ if (r == NULL) {
|
||||||
|
+ Py_DECREF(s);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ PyString_ConcatAndDel(&s, r);
|
||||||
|
+ return s;
|
||||||
|
+ }
|
||||||
|
case 'c':
|
||||||
|
- sprintf(buffer, "<cparam '%c' (%c)>",
|
||||||
|
+ return PyString_FromFormat("<cparam '%c' ('%c')>",
|
||||||
|
self->tag, self->value.c);
|
||||||
|
- break;
|
||||||
|
|
||||||
|
/* Hm, are these 'z' and 'Z' codes useful at all?
|
||||||
|
Shouldn't they be replaced by the functionality of c_string
|
||||||
|
@@ -512,16 +524,13 @@ PyCArg_repr(PyCArgObject *self)
|
||||||
|
case 'z':
|
||||||
|
case 'Z':
|
||||||
|
case 'P':
|
||||||
|
- sprintf(buffer, "<cparam '%c' (%p)>",
|
||||||
|
+ return PyUnicode_FromFormat("<cparam '%c' (%p)>",
|
||||||
|
self->tag, self->value.p);
|
||||||
|
- break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
- sprintf(buffer, "<cparam '%c' at %p>",
|
||||||
|
- self->tag, self);
|
||||||
|
- break;
|
||||||
|
+ return PyString_FromFormat("<cparam '%c' at %p>",
|
||||||
|
+ (unsigned char)self->tag, (void *)self);
|
||||||
|
}
|
||||||
|
- return PyString_FromString(buffer);
|
||||||
|
}
|
||||||
|
|
||||||
|
static PyMemberDef PyCArgType_members[] = {
|
@ -103,8 +103,8 @@
|
|||||||
Summary: An interpreted, interactive, object-oriented programming language
|
Summary: An interpreted, interactive, object-oriented programming language
|
||||||
Name: %{python}
|
Name: %{python}
|
||||||
# Remember to also rebase python2-docs when changing this:
|
# Remember to also rebase python2-docs when changing this:
|
||||||
Version: 2.7.17
|
Version: 2.7.18
|
||||||
Release: 2%{?dist}
|
Release: 4%{?dist}
|
||||||
License: Python
|
License: Python
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
Requires: %{python}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{python}-libs%{?_isa} = %{version}-%{release}
|
||||||
@ -173,9 +173,9 @@ BuildRequires: python2-pip-wheel
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Runtime require alternatives
|
# Runtime require alternatives
|
||||||
Requires: %{_sbindir}/alternatives
|
Requires: /usr/sbin/alternatives
|
||||||
Requires(post): %{_sbindir}/alternatives
|
Requires(post): /usr/sbin/alternatives
|
||||||
Requires(postun): %{_sbindir}/alternatives
|
Requires(postun): /usr/sbin/alternatives
|
||||||
|
|
||||||
# Previously, this was required for our rewheel patch to work.
|
# Previously, this was required for our rewheel patch to work.
|
||||||
# This is technically no longer needed, but we keep it recommended
|
# This is technically no longer needed, but we keep it recommended
|
||||||
@ -702,6 +702,20 @@ Patch289: 00289-disable-nis-detection.patch
|
|||||||
# See: https://bugs.python.org/issue39017
|
# See: https://bugs.python.org/issue39017
|
||||||
Patch351: 00351-cve-2019-20907-fix-infinite-loop-in-tarfile.patch
|
Patch351: 00351-cve-2019-20907-fix-infinite-loop-in-tarfile.patch
|
||||||
|
|
||||||
|
# 00354 #
|
||||||
|
# Reject control chars in HTTP method in httplib.putrequest to prevent
|
||||||
|
# HTTP header injection
|
||||||
|
#
|
||||||
|
# Backported from Python 3.5-3.10 (and adjusted for py2's single-module httplib):
|
||||||
|
# - https://bugs.python.org/issue39603
|
||||||
|
Patch354: 00354-cve-2020-26116-http-request-method-crlf-injection-in-httplib.patch
|
||||||
|
|
||||||
|
# 00357 #
|
||||||
|
# Security fix for CVE-2021-3177
|
||||||
|
# Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c
|
||||||
|
# Backported from the upstream python3 branches: https://bugs.python.org/issue42938
|
||||||
|
Patch357: 00357-CVE-2021-3177.patch
|
||||||
|
|
||||||
# (New patches go here ^^^)
|
# (New patches go here ^^^)
|
||||||
#
|
#
|
||||||
# When adding new patches to "python2" and "python3" in Fedora, EL, etc.,
|
# When adding new patches to "python2" and "python3" in Fedora, EL, etc.,
|
||||||
@ -800,7 +814,16 @@ Requires: python3-rpm-generators
|
|||||||
# installed when -devel is required.
|
# installed when -devel is required.
|
||||||
# See https://bugzilla.redhat.com/show_bug.cgi?id=1623922
|
# See https://bugzilla.redhat.com/show_bug.cgi?id=1623922
|
||||||
# See https://fedoraproject.org/wiki/Packaging:Directory_Replacement
|
# See https://fedoraproject.org/wiki/Packaging:Directory_Replacement
|
||||||
|
#
|
||||||
|
# This is not necessary when rebuilding when we're bundling the python2 stack
|
||||||
|
# into a Flatpak containe with prefix=/app, because we never upgrade packages
|
||||||
|
# in the Flatpak context. We want to avoid
|
||||||
|
# python2-setuptools => BuildRequires => python2-devel => Requires python2-setuptools
|
||||||
|
# since the old python2-setuptools will be the /usr version not the /app version.
|
||||||
|
|
||||||
|
%if !0%{?flatpak}
|
||||||
Requires: python2-setuptools
|
Requires: python2-setuptools
|
||||||
|
%endif
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1217376
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1217376
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1496757
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1496757
|
||||||
@ -1016,6 +1039,9 @@ rm Lib/ensurepip/_bundled/*.whl
|
|||||||
# Patch 351 adds binary file for testing. We need to apply it using Git.
|
# Patch 351 adds binary file for testing. We need to apply it using Git.
|
||||||
git apply %{PATCH351}
|
git apply %{PATCH351}
|
||||||
|
|
||||||
|
%patch354 -p1
|
||||||
|
%patch357 -p1
|
||||||
|
|
||||||
# This shouldn't be necesarry, but is right now (2.2a3)
|
# This shouldn't be necesarry, but is right now (2.2a3)
|
||||||
find -name "*~" |xargs rm -f
|
find -name "*~" |xargs rm -f
|
||||||
|
|
||||||
@ -1209,7 +1235,7 @@ make install DESTDIR=%{buildroot}
|
|||||||
# but doing so generated noise when ldconfig was rerun (rhbz:562980)
|
# but doing so generated noise when ldconfig was rerun (rhbz:562980)
|
||||||
#
|
#
|
||||||
%if 0%{?with_gdb_hooks}
|
%if 0%{?with_gdb_hooks}
|
||||||
DirHoldingGdbPy=%{_prefix}/lib/debug/%{_libdir}
|
DirHoldingGdbPy=%{_usr}/lib/debug/%{_libdir}
|
||||||
PathOfGdbPy=$DirHoldingGdbPy/$PyInstSoName-%{version}-%{release}.%{_arch}.debug-gdb.py
|
PathOfGdbPy=$DirHoldingGdbPy/$PyInstSoName-%{version}-%{release}.%{_arch}.debug-gdb.py
|
||||||
|
|
||||||
mkdir -p %{buildroot}$DirHoldingGdbPy
|
mkdir -p %{buildroot}$DirHoldingGdbPy
|
||||||
@ -1581,10 +1607,10 @@ fi
|
|||||||
%{_bindir}/pydoc2*
|
%{_bindir}/pydoc2*
|
||||||
%{_bindir}/%{python}
|
%{_bindir}/%{python}
|
||||||
%{_bindir}/python%{pybasever}
|
%{_bindir}/python%{pybasever}
|
||||||
%{_mandir}/man1/python2.1.gz
|
%{_mandir}/man1/python2.1*
|
||||||
%{_mandir}/man1/python2.7.1.gz
|
%{_mandir}/man1/python2.7.1*
|
||||||
%ghost %{_bindir}/unversioned-python
|
%ghost %{_bindir}/unversioned-python
|
||||||
%ghost %{_mandir}/man1/python.1.gz
|
%ghost %{_mandir}/man1/python.1*
|
||||||
|
|
||||||
|
|
||||||
%files libs
|
%files libs
|
||||||
@ -1953,6 +1979,22 @@ fi
|
|||||||
# ======================================================
|
# ======================================================
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 22 2021 Charalampos Stratakis <cstratak@redhat.com> - 2.7.18-4
|
||||||
|
- Security fix for CVE-2021-3177
|
||||||
|
Resolves: rhbz#1919163
|
||||||
|
|
||||||
|
* Wed Jan 13 2021 Charalampos Stratakis <cstratak@redhat.com> - 2.7.18-3
|
||||||
|
- Fixes for bundling prefix=/app build in gimp/inkscape containers
|
||||||
|
Resolves: rhbz#1907592
|
||||||
|
|
||||||
|
* Fri Oct 09 2020 Charalampos Stratakis <cstratak@redhat.com> - 2.7.18-2
|
||||||
|
- Security fix for CVE-2020-26116: Reject control chars in HTTP method in httplib.putrequest
|
||||||
|
Resolves: rhbz#1883258
|
||||||
|
|
||||||
|
* Fri Oct 09 2020 Charalampos Stratakis <cstratak@redhat.com> - 2.7.18-1
|
||||||
|
- Update to 2.7.18
|
||||||
|
Resolves: rhbz#1886754
|
||||||
|
|
||||||
* Mon Aug 17 2020 Tomas Orsava <torsava@redhat.com> - 2.7.17-2
|
* Mon Aug 17 2020 Tomas Orsava <torsava@redhat.com> - 2.7.17-2
|
||||||
- Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)
|
- Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)
|
||||||
Resolves: rhbz#1856481
|
Resolves: rhbz#1856481
|
||||||
|
Loading…
Reference in New Issue
Block a user