python-tk-2.7.18-150000.68.1<>,tgM p9|*?UՂ&j&\Fz n!"@՗!.tur들dH%9Tm()/G:Em2q7j&KVwl8iGz}k3%=l3JAV>Ϝٗ 'T %Z;ܓ=<hiw"zQyg 1EK;H1 4测"0:2ekQrTn`& ~Px=kvxuSdjs!2K[o>A(?d   =  $*4oo o o ho !o "o#o%o((<o)*T*+(,8,r9-r:5brB&FFG\oHoIoXDY`Z[\o]`o^bmcdefluovhw|ox8oyqzCpython-tk2.7.18150000.68.1TkInter - Python Tk InterfacePython interface to Tk. Tk is the GUI toolkit that comes with Tcl.gM h03-ch2b;SUSE Linux Enterprise 15SUSE LLC Python-2.0https://www.suse.com/Development/Libraries/Pythonhttps://www.python.org/linuxx86_64'<<"%% ,, h h-wZwZ,22sk  6 + +w4(>'>'77 ,,,''C>> b Pmg}g}_))g66+##m!9!9A큤A큤A큤A큤gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMgMgMg4gMgMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgMg4gMgM9232b29a15c0a3ee07d969059d5367c691be5b5f0a7966bbc818b4b84c071c72074e1bb0397d6689e5dbb1ae4e5ccd1c0d0c4704656729d3cdd1fa44f986d077d1f46058c1ad276dc74e227bba85e03b210330b26467c7d35b82cb38854180d6d1f46058c1ad276dc74e227bba85e03b210330b26467c7d35b82cb38854180d6886afde4c1589a688afc857a0fb5039f8388f225443283081d9ddf072571b06412a95a52546a5f7b58030e471e4f9d55f5cbe88221422a3ab2446d983a1b827012a95a52546a5f7b58030e471e4f9d55f5cbe88221422a3ab2446d983a1b82709229d117eca73b48a41b6303bffed14184add10afd20273976715fdd4840042af973f6e165cbfc429cbf3634d027998c71175dc77f9a4fa286818c06b6bf146ff973f6e165cbfc429cbf3634d027998c71175dc77f9a4fa286818c06b6bf146f808ece582c4a8e502c062b23aa16949d85878a9f3485d2111fd19ac6bdbb02e807d50d4dcfe8873b938540857a79ad99c6bfe81c019f4f1d1723a5548972815bf7efb3ec5613e57587acf25c88c1e21683b80d4ad1ea2993f26a3644199400f154f55b9696013117aa8758f901f77cc30dce6ad6f13df8b85c26c5af843a7fa0d3ca2d455909795d7ee4188ccb5121cbb40e61c9da7a0b0c0204466b70c378fbd3ca2d455909795d7ee4188ccb5121cbb40e61c9da7a0b0c0204466b70c378fb1dbc9f1fc85237211d52b96ee1cc1c5553c81e0a62fd7143b95e16d32f5abafd042f5d0ac1a7195e4ae4e44e30e216a6cb8e940f5dddff7a78639aeffefd3af9042f5d0ac1a7195e4ae4e44e30e216a6cb8e940f5dddff7a78639aeffefd3af90e875733af8af973cb94d088dbe5b4ed36dd3db1241970ec2bf19ea97ec5fbf87d19210ac228fb73e4dd1248ea3ef25fed1f91257556246a08d553c5aeccfa977d19210ac228fb73e4dd1248ea3ef25fed1f91257556246a08d553c5aeccfa97c01314dc51d1c8effeba2528720a65da133596d4143200c68595c02067bf1da2d8c06b9190a9e3ba9939f98033e4e308e6c3f346957c25f5522197f1d6224d99d8c06b9190a9e3ba9939f98033e4e308e6c3f346957c25f5522197f1d6224d99c8fb5c768f76788cb678922aed330e2b7ae3cc825fdabea1a09b18db557711dcc1607aa157386f983becc9ed6ff8acd648b2600a873b70f2137996c0fadceb61c1607aa157386f983becc9ed6ff8acd648b2600a873b70f2137996c0fadceb6198b2cd8b857ff09c0e6b3a330b98415a97282d70fa80b9cd15d1e14b2d2aea88cb22d5f2f90acbcc84f855536a137d6aa945396a77008b44bf5d91a50b7c4729cb22d5f2f90acbcc84f855536a137d6aa945396a77008b44bf5d91a50b7c4729fe3c79d5da8616ca37f7a9d8fddaac2c9164b593c7b116580aa99690a5f59ab5e82c816f3b0fdff328dfc84a8076385feec2208ac94a7e402af9138f8b6996e771f0df0646f9d10d12dca3e0d53503a8f721d37693f3782d31433f997f8489f871f0df0646f9d10d12dca3e0d53503a8f721d37693f3782d31433f997f8489f8e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855974b4e2c57daa33c609f7adc37bc541fcf13c44e35bd35427642ab6430c7a008974b4e2c57daa33c609f7adc37bc541fcf13c44e35bd35427642ab6430c7a0080e9cbeed9f1bbec6f79a2bcebee7e12f896caba3b1a167d935446d009262dca2d9987ed30c57809257833865ef479fd5606d4e48692285b49f69082ed1d925c5d9987ed30c57809257833865ef479fd5606d4e48692285b49f69082ed1d925c5fe5f12d6412050e1414dfabc16ecc2341779d627362e1d81666e8b466986c50a3fb1be1b52f8ca1ee6c7e9bd23e3fc6f066e34470a90bdd849cad48e9a15f2653fb1be1b52f8ca1ee6c7e9bd23e3fc6f066e34470a90bdd849cad48e9a15f26507078aa64be8d2d3a02fcfa10eb73eebf06583fae23134ae47b9d4b2bf66d23a424df1bad708b9686c542da3f59a4377b2d115b1f4f06f02b21a1606a4e695d2424df1bad708b9686c542da3f59a4377b2d115b1f4f06f02b21a1606a4e695d2ba8ad521638ef8148d07be0925111fb57cb1b64dadf770f1ca2bd17e1bb356d68bc2a58f02c1caf5b98d1dcfc51d4e089690aa1a4f82c5a2b407588e4d5b1c248bc2a58f02c1caf5b98d1dcfc51d4e089690aa1a4f82c5a2b407588e4d5b1c249e9439bfa528e20f0e045905ea5a3eca4cd27c4c9f190c62c192f9945caaae28b305f16b669d9b8ce67b5f6fca431dbbd56312def20bded79f106d28d02496a6b305f16b669d9b8ce67b5f6fca431dbbd56312def20bded79f106d28d02496a6ea0ebbfcc26a428337548a5e3c6768294497b81cce8f845d23e035ea62cd1aabd04e72bd663e8e9844229486947cea95792c9c8329016bdb3b62e63b1a86a8edd04e72bd663e8e9844229486947cea95792c9c8329016bdb3b62e63b1a86a8ed49029a61956e79a10fb9b79000283c1e83cabc0645adacf9824a99dbe2dece5f9c421cd23a7275f94a8eb03f120ed8454d2d85d63367abf293c60aed8b9ca2e99c421cd23a7275f94a8eb03f120ed8454d2d85d63367abf293c60aed8b9ca2e919a6ca5753fe74ec6248d166d2a54acfcd70f823ea578cfe803baf8f87ea346d887f472712bfb0d3e8d5c4e53749ecb92a0b51e7567211580188dce7b5b76dc6887f472712bfb0d3e8d5c4e53749ecb92a0b51e7567211580188dce7b5b76dc6e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855609b2a034669bd1e523516f54ebf84b6355cd227d219fe96c881266a4816faab609b2a034669bd1e523516f54ebf84b6355cd227d219fe96c881266a4816faab53b465fb6754d8c39458a1e1ba7f8504f40d724e7dbcc7ab8fc38ea65c08c02e168338c9682058170c6098b025ce0eac79cfe5061e9481e3593e5bcf0eb3e261168338c9682058170c6098b025ce0eac79cfe5061e9481e3593e5bcf0eb3e2619d53e31b151af887cd26829a1331843c02288a8480ca74a7fc631833ce60d0cb2da949d987f1ca2117131dba85c7ee693ee4d18c9ff8b75f065d3c6dc0ddef2a2da949d987f1ca2117131dba85c7ee693ee4d18c9ff8b75f065d3c6dc0ddef2a9fc1aec0a300d4754c94d77b4ee8f029540eb88bcf0ef288551f52e9410de8d39cd1f5426330e44f1555a20a6fc2b3cc1947bb8a4ed9df3641de78893f312ba89cd1f5426330e44f1555a20a6fc2b3cc1947bb8a4ed9df3641de78893f312ba89241c97e08b337b0b92ee5b4e029936fa3eb53bdc821c080e78b020699e2aed79a3eb980f74248dc00d6ebef3e939673b1f00224678818c487b1ef16e4840b159a3eb980f74248dc00d6ebef3e939673b1f00224678818c487b1ef16e4840b1515df8a908a8e80163bca643c76ec6e4ceff80ee83da5d1fc4e10c364fadbbb853375d12debfa4b29407bd232dbc7b66aa51aa92b7d074d230175e50fd937a4fc3375d12debfa4b29407bd232dbc7b66aa51aa92b7d074d230175e50fd937a4fc2205693a5fa6a8b9e408b24e9dc938f74f6250a1212c5fe5bcf31f09be16d936a2cfd62df965fb4eda19dae52f39d94307c01ae43b8278bc811c15adefe067d3a2cfd62df965fb4eda19dae52f39d94307c01ae43b8278bc811c15adefe067d35b6a1486c4c1ce533b146cf455c599d5ef8eec94a8eb9821a847985c12e3ddcd01ce9d665b612a05ae7c81b04984c3b97b70b6b21aac51e176b95ff5ef605c3601ce9d665b612a05ae7c81b04984c3b97b70b6b21aac51e176b95ff5ef605c369547e4f72af28ec4262f88a00b6d2eb912ff49e2f5b3aa16b5a50a3230964d83f5c07bbd748d3ef9ca9c75e00998ae83445c7d505530025f63ebda551e180a47f5c07bbd748d3ef9ca9c75e00998ae83445c7d505530025f63ebda551e180a47360ba16e412f9d00617baa89c0ca476d49576a34bfff026cebebc71e630505a90d3a1037b90e26e128d75e432d88bbfd0f1bef05dd3ac473c6ce59ac159557280d3a1037b90e26e128d75e432d88bbfd0f1bef05dd3ac473c6ce59ac159557282f28b22cc571ed211824ac750e2c1b98574748f90829a7b01efd0ddfce6cbf327052a09145df614dd2c8be5b17d021e930f4877ce64b7e12935850fe4b9d345d7052a09145df614dd2c8be5b17d021e930f4877ce64b7e12935850fe4b9d345dcdb0fcb4cc54d55fe963aac128269754c09f8583afa00b445926951e5fb5118b198cea627bc97a66f8202edc3ab929d03d8fa07885c996bb370acbb6d1bc5bd7198cea627bc97a66f8202edc3ab929d03d8fa07885c996bb370acbb6d1bc5bd74b09f3aaccecb4a434d94937cb737b65767f7b595cd51a3fa48fcaddbde984e3fcae6a23abadde9d80950b7fcd7d4d2e506641311fca1d3170107c9a6f9c77d9fcae6a23abadde9d80950b7fcd7d4d2e506641311fca1d3170107c9a6f9c77d9b4c15f951994f60a263b271323e31896e8f6e049135c9f5904d8a877ee8ea8accc535ac03f78ef9941113d1c35cb2d6b8a178dcdcdadd8a70ae0e6242d3e7d01cc535ac03f78ef9941113d1c35cb2d6b8a178dcdcdadd8a70ae0e6242d3e7d01cdb5a419bd0bb4b98221fa23a480c7a92733824b259b8bfefaac5da7517643dbc0ebefb1a90ec587601635ce6de5a1173587ca2992ac0aaecf8bb2b724759313c0ebefb1a90ec587601635ce6de5a1173587ca2992ac0aaecf8bb2b724759313rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpython-2.7.18-150000.68.1.src.rpmpyth_tkpyth_tklpython-tkpython-tk(x86-64)python-tkinterpython2-tkpython_tkinter_lib@@@@@@@@     libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.4)(64bit)libpthread.so.0()(64bit)libpython2.7.so.1.0()(64bit)libtcl8.6.so()(64bit)libtk8.6.so()(64bit)python(abi)python-baserpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PartialHardlinkSets)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.72.7.183.0.4-14.6.0-14.0.4-14.0-15.2-14.14.1g4f@fH@f?]fh@e,e @eedeeeRd˖dD@dq@du@dtdm@dxdc>@cӼc0c|ck@c pcbbb@b@b@ba@a@a(@aim@aI@a'@a#aj@a`t`8`_T^J^@^@^>^>^;^8 @^.^g@^ @]f@]@]]]d@]d@]@]z@]V]y@]9]1]\t@\\7\7\\J@\J@\C@\2[[#@[6@[@[ @[Za@Z@ZxG@ZtRZp^@Z CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (boo#1189241, CVE-2021-3737)- Renamed patch for assigned CVE: * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch (boo#1189287, CVE-2021-3733) - Fix python-doc build (bpo#35293): * sphinx-update-removed-function.patch - Update documentation formatting for Sphinx 3.0 (bpo#40204).- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in request (bpo#43075, boo#1189287). - Add missing security announcement to bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch which fixes http client infinite line reading (DoS) after a http 100 (bpo#44022, boo#1189241).- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336).- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution.- (bsc#1180125) We really don't Require python-rpm-macros package. Unnecessary dependency.- Add patch configure_PYTHON_FOR_REGEN.patch which makes configure.ac to consider the correct version of PYTHON_FO_REGEN (bsc#1078326).- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).- Update to 2.7.18, final release of Python 2. Ever.: - Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben Caller. - Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators. - bsc#1155094 (CVE-2019-18348) Disallow control characters in hostnames in http.client. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host. - Fix problems identified by GCC's -Wstringop-truncation warning. - AddRefActCtx() was needlessly being checked for failure in PC/dl_nt.c. - Prevent failure of test_relative_path in test_py_compile on macOS Catalina. - Fixed possible leak in `PyArg_Parse` and similar functions for format units "es#" and "et#" when the macro `PY_SSIZE_T_CLEAN` is not defined. - Remove upstreamed patches: - CVE-2019-18348-CRLF_injection_via_host_part.patch - python-2.7.14-CVE-2017-1000158.patch - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch - CVE-2018-1061-DOS-via-regexp-difflib.patch - CVE-2019-10160-netloc-port-regression.patch - CVE-2019-16056-email-parse-addr.patch- Add CVE-2019-9674-zip-bomb.patch to improve documentation warning about dangers of zip-bombs and other security problems with zipfile library. (bsc#1162825 CVE-2019-9674)- Change to Requires: libpython%{so_version} == %{version}-%{release} to python-base to keep both packages always synchronized (add %{so_version}) (bsc#1162224).- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug "Python urrlib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)" (bsc#1162367)- Provide python-testsuite from devel subkg to ease py2->py3 dependencies- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch off tests coliding with the combination of modern Python and ancient OpenSSL on SLE-12.- libnsl is required only on more recent SLEs and openSUSE, older glibc supported NIS on its own.- Add provides in gdbm subpackage to provide dbm symbols. This allows us to use %%{python_module dbm} as a dependency and have it properly resolved for both python2 and python3- Drop appstream-glib BuildRequires and no longer call appstream-util validate-relax: eliminate a build cycle between as-glib and python. The only thing would would gain by calling as-uril is catching if upstream breaks the appdata.xml file in a future release. Considering py2 is dying, chances for a new release, let alone one breaking the xml file, are slim.- Unify packages among openSUSE:Factory and SLE versions. (bsc#1159035) ; add missing records to this changelog. - Add idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830)- Add python2_split_startup Provide to make it possible to conflict older packages by shared-python-startup.- Move /etc/pythonstart script to shared-python-startup package.- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes bsc#1149792- Add adapted-from-F00251-change-user-install-location.patch fixing pip/distutils to install into /usr/local.- Update to 2.7.17: - a bug fix release in the Python 2.7.x series. It is expected to be the penultimate release for Python 2.7. - Removed patches included upstream: - CVE-2018-20852-cookie-domain-check.patch - CVE-2019-16935-xmlrpc-doc-server_title.patch - CVE-2019-9636-netloc-no-decompose-characters.patch - CVE-2019-9947-no-ctrl-char-http.patch - CVE-2019-9948-avoid_local-file.patch - python-2.7.14-CVE-2018-1000030-1.patch - python-2.7.14-CVE-2018-1000030-2.patch - Renamed remove-static-libpython.diff and python-bsddb6.diff to remove-static-libpython.patch and python-bsddb6.patch to unify filenames.- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in python/Lib/DocXMLRPCServer.py- Add bpo36302-sort-module-sources.patch (boo#1041090)- Add CVE-2019-16056-email-parse-addr.patch fixing the email module wrongly parses email addresses [bsc#1149955, CVE-2019-16056]- boo#1141853 (CVE-2018-20852) add CVE-2018-20852-cookie-domain-check.patch fixing http.cookiejar.DefaultPolicy.domain_return_ok which did not correctly validate the domain: it could be tricked into sending cookies to the wrong server.- Skip test_urllib2_localnet that randomly fails in OBS- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) Upstream gh#python/cpython#13812- Set _lto_cflags to nil as it will prevent to propage LTO for Python modules that are built in a separate package.- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised.- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch removing unnecessary (and potentially harmful) URL scheme local-file://.- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised (CVE-2019-9636). Upstream commits e37ef41 and 507bd8c.- (bsc#1111793) Update to 2.7.16: * bugfix-only release: complete list of changes on https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch which are fully included in the tarball. * Updated patches to apply cleanly: CVE-2019-5010-null-defer-x509-cert-DOS.patch bpo36160-init-sysconfig_vars.patch do-not-use-non-ascii-in-test_ssl.patch openssl-111-middlebox-compat.patch openssl-111-ssl_options.patch python-2.5.1-sqlite.patch python-2.6-gettext-plurals.patch python-2.7-dirs.patch python-2.7.2-fix_date_time_compiler.patch python-2.7.4-canonicalize2.patch python-2.7.5-multilib.patch python-2.7.9-ssl_ca_path.patch python-bsddb6.diff remove-static-libpython.patch * Update python-2.7.5-multilib.patch to pass with new platlib regime.- bsc#1109847 (CVE-2018-14647): add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo-34623.- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance of PyWeakReference struct and does not intialize wr_prev and wr_next of new isntance. These pointers can have garbage and point to random memory locations. Python should not crash while destroying the isntance created in the same interpreter function. As per my understanding, both wr_prev and wr_next of PyWeakReference instance should be initialized to NULL to avoid segfault.- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746 (CVE-2019-5010). An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.- Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros.- Add patch openssl-111.patch to work with openssl-1.1.1 (bsc#1113755)- Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802]- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS (CVE-2018-1061). Prior to this patch mail server's timestamp was susceptible to catastrophic backtracking on long evil response from the server. Also, it was susceptible to catastrophic backtracking, which was a potential DOS vector. [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]- Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this check, attackers could cause a denial of service (divide-by-zero error and application crash) via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207]- Apply "python-sorted_tar.patch" (bsc#1086001, boo#1081750) sort tarfile output directory listing- update to 2.7.15 * dozens of bugfixes, see NEWS for details - removed obsolete patches: * python-ncurses-6.0-accessors.patch * python-fix-shebang.patch * gcc8-miscompilation-fix.patch - add patch from upstream: * do-not-use-non-ascii-in-test_ssl.patch- Add gcc8-miscompilation-fix.patch (boo#1084650).- Apply "python-2.7.14-CVE-2017-1000158.patch" to prevent integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution. [bsc#1068664, CVE-2017-1000158]- exclude test_socket & test_subprocess for PowerPC boo#1078485 (same ref as previous change)- Add python-skip_random_failing_tests.patch bypass boo#1078485 and exclude many tests for PowerPC- Add patch python-fix-shebang.patch to fix bsc#1078326- exclude test_regrtest for s390, where it does not segfault as it should (fixes bsc#1073269) - fix segfault while creating weakref - bsc#1073748, bpo#29347 (this is actually fixed by the 2.7.14 update; mentioning this for purposes of bugfix tracking)- update to 2.7.14 * dozens of bugfixes, see NEWS for details * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664) * fixed segfaults with dict mutated during search * fixed possible free-after-use problems with buffer objects with custom indexing * fixed urllib.splithost to correctly parse fragments (bpo-30500) - drop upstreamed python-2.7.13-overflow_check.patch - drop unneeded python-2.7.12-makeopcode.patch - drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch - Apply "python-2.7.14-CVE-2018-1000030-1.patch" and "python-2.7.14-CVE-2018-1000030-2.patch" to remedy a bug that would crash the Python interpreter when multiple threads used the same I/O stream concurrently. This issue is not classified as a security vulnerability due to the fact that an attacker must be able to run code, however in some situations -- such as function as a service -- this vulnerability can potentially be used by an attacker to violate a trust boundary. [bsc#1079300, CVE-2018-1000030]- Call python2 instead of python in macros- Fix test broken with OpenSSL 1.1 (bsc#1042670) * add 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch- drop SUSE_ASNEEDED=0 as it is not needed anymore- Add libnsl-devel build requires for glibc obsoleting libnsl- obsolete/provide python-argparse and provide python2-argparse, because the argparse module is available from python 2.7 up- SLE package update (bsc#1027282) - refresh python-2.7.5-multilib.patch - dropped upstreamed patches: python-fix-short-dh.patch python-2.7.7-mhlib-linkcount.patch python-2.7-urllib2-localnet-ssl.patch CVE-2016-0772-smtplib-starttls.patch CVE-2016-5699-http-header-injection.patch CVE-2016-5636-zipimporter-overflow.patch python-2.7-httpoxy.patch - Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1. (dimstar@opensuse.org)- Add reproducible.patch to allow reproducible builds of various python packages like python-amqp Upstream: https://github.com/python/cpython/pull/296- update to 2.7.13 * dozens of bugfixes, see NEWS for details * updated cipher lists for openssl wrapper, support openssl >= 1.1.0 * properly fix HTTPoxy (CVE-2016-1000110) * profile-opt build now applies PGO to modules as well - update python-2.7.10-overflow_check.patch with python-2.7.13-overflow_check.patch, incorporating upstream changes (bnc#964182) - add "-fwrapv" to optflags explicitly because upstream code still relies on it in many places- provide python2-* symbols, for support of new packages built as python2-foo - rename macros.python to macros.python2 accordingly - require python-rpm-macros package, drop macro definitions from macros.python2- initial packaging of `python27` side-by-side variant (fate#321075, bsc#997436) - renamed `python` to `python27` in package names and requires - removed Provides and Obsoletes clauses - dropped SLE12-only patch python-2.7.9-sles-disable-verification-by-default.patch, companion sle_tls_checks_policy.py file and the python-strict-tls-checks subpackage - dropped profile files - removed /usr/bin/python and /usr/bin/python2, along with other unversioned aliases - rewrote macros file to enable stand-alone packages depending on py2.7 - re-included downloaded version of HTML documentation- update to 2.7.12 * dozens of bugfixes, see NEWS for details * fixes multiple security issues: CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) CVE-2016-5636 zipimporter heap overflow (bsc#985177) CVE-2016-5699 httplib header injection (bsc#985348) (this one is actually fixed since 2.7.10) - removed upstreamed python-2.7.7-mhlib-linkcount.patch - refreshed multilib patch - python-2.7.12-makeopcode.patch - run newly-built python interpreter to make opcodes, in order not to require pre-built python - update LD_LIBRARY_PATH to use $PWD instead of "." because the test process escapes to its own directory - modify shebang-fixing scriptlet to ignore makeopcodetargets.py- CVE-2016-0772-smtplib-starttls.patch: smtplib vulnerability opens startTLS stripping attack (CVE-2016-0772, bsc#984751) - CVE-2016-5636-zipimporter-overflow.patch: heap overflow when importing malformed zip files (CVE-2016-5636, bsc#985177) - CVE-2016-5699-http-header-injection.patch: incorrect validation of HTTP headers allow header injection (CVE-2016-5699, bsc#985348) - python-2.7-httpoxy.patch: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (CVE-2016-1000110, bsc#989523)- Add python-2.7.10-overflow_check.patch to fix broken overflow checks. [bnc#964182]- copy strict-tls-checks subpackage from SLE to retain future compatibility (not built in openSUSE) - do this properly to fix bnc#945401 - update SLE check to exclude Leap which also has version 1315, just to be sure- Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1.- add missing ssl.pyc and ssl.pyo to package - implement python-strict-tls-checks subpackage * when present, Python will perform TLS certificate checking by default. it is possible to remove the package to turn off the checks for compatibility with legacy scripts. * as discussed in fate#318300 * this is not built for openSUSE, but retained here in case we want to build the package for a SLE system- python-fix-short-dh.patch: Bump DH parameters to 2048 bit to fix logjam security issue. bsc#935856- add __python2 compatibility macro (used by Fedora) (fate#318838)- update to 2.7.10 - removed obsolete python-2.7-urllib2-localnet-ssl.patch- Reenable test_posix on aarch64- python-2.7.4-aarch64.patch: Remove obsolete patch - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64- update to 2.7.9 * contains full backport of ssl module from Python 3.4 (PEP466) * HTTPS certificate validation enabled by default (PEP476) * SSLv3 disabled by default (bnc#901715) * backported ensurepip module (PEP477) * fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 * dozens of minor bugfixes - dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch - dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it with ssl module from Python 3 - libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well - python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional "import ssl" from test_urllib2_localnet that caused it to fail without ssl- skip test_thread in qemu_linux_user modepyth_tkpyth_tklpython-tkinterh03-ch2b 1733153548 !"#$$&'((*++-..0113446779::<==?@@BCDDFGGIJJLMMOPPRSSUVVXYY[\\^__abbdeeghhjkkmnn2.7.18-150000.68.12.7.18-150000.68.12.7.18_tkinter.solib-tkCanvas.pyCanvas.pycCanvas.pyoDialog.pyDialog.pycDialog.pyoFileDialog.pyFileDialog.pycFileDialog.pyoFixTk.pyFixTk.pycFixTk.pyoScrolledText.pyScrolledText.pycScrolledText.pyoSimpleDialog.pySimpleDialog.pycSimpleDialog.pyoTix.pyTix.pycTix.pyoTkconstants.pyTkconstants.pycTkconstants.pyoTkdnd.pyTkdnd.pycTkdnd.pyoTkinter.pyTkinter.pycTkinter.pyotestREADMEruntktests.pyruntktests.pycruntktests.pyotest_tkinter__init__.py__init__.pyc__init__.pyotest_font.pytest_font.pyctest_font.pyotest_geometry_managers.pytest_geometry_managers.pyctest_geometry_managers.pyotest_images.pytest_images.pyctest_images.pyotest_loadtk.pytest_loadtk.pyctest_loadtk.pyotest_misc.pytest_misc.pyctest_misc.pyotest_text.pytest_text.pyctest_text.pyotest_variables.pytest_variables.pyctest_variables.pyotest_widgets.pytest_widgets.pyctest_widgets.pyotest_ttk__init__.py__init__.pyc__init__.pyosupport.pysupport.pycsupport.pyotest_extensions.pytest_extensions.pyctest_extensions.pyotest_functions.pytest_functions.pyctest_functions.pyotest_style.pytest_style.pyctest_style.pyotest_widgets.pytest_widgets.pyctest_widgets.pyowidget_tests.pywidget_tests.pycwidget_tests.pyotkColorChooser.pytkColorChooser.pyctkColorChooser.pyotkCommonDialog.pytkCommonDialog.pyctkCommonDialog.pyotkFileDialog.pytkFileDialog.pyctkFileDialog.pyotkFont.pytkFont.pyctkFont.pyotkMessageBox.pytkMessageBox.pyctkMessageBox.pyotkSimpleDialog.pytkSimpleDialog.pyctkSimpleDialog.pyottk.pyttk.pycttk.pyoturtle.pyturtle.pycturtle.pyo/usr/lib64/python2.7/lib-dynload//usr/lib64/python2.7//usr/lib64/python2.7/lib-tk//usr/lib64/python2.7/lib-tk/test//usr/lib64/python2.7/lib-tk/test/test_tkinter//usr/lib64/python2.7/lib-tk/test/test_ttk/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:36648/SUSE_SLE-15_Update/5cc773bde90c584ce45e7b98481ef41b-python.SUSE_SLE-15_Updatedrpmxz5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ec18935829fac654f37a505e1a0eaebc3adbf2d1, strippeddirectoryPython script, ASCII text executablepython 2.7 byte-compiledASCII textemptyPython script, UTF-8 Unicode text executable  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRW/+Lf 7mutf-89591677ba94b190c3c58e9a2fff81432923dd5697e4f89cccc77c0a2f71cf12c?7zXZ !t/s9]"k%a) \/sɝoec56 ^hDьFu^et&k0$U<2cOF{,UXג[RQ= ^%d?,#ቇ#IcwvCݹq:6-;'v/^ Hkb9N]^AUD<Ӣy r]^`T@= =UAY]up21ijMIQ4[HCK5@){i4;/J|!p~}dx0PmNvMz~ AM;0.̄3d .ڊiN8-> 15M`0Ī9=.RK'VǕҾ0GdYulu'~}("2-D jJ鑬&xln'Qw$8קPR(wCta).Q~mG xL]w@Open WS.,@L/6+YPdU%/jB8/a[7`'E2=էצyof # ;ơZc [@7M X [ uUX)<]E=)vm">nYKI˥^\wP[8. o.CY>!d[f*v-AGM*tGvi륻I4J2uBz;=wilxpn1M,PBT3HuO5gvۍeĭ96)Lo?ڝW17(˖!lgS"օɪ9[gAbN?ҷBͧDz넳ME XeJ_I,S2\_8ѩ8u-XhV}GАD9UGuImmao/w2ҥin*a(6o@/HwC {--ypdIGlD@Ntj Tm\}9ܙAu@_lY+TWrQ 3;D-?q_dpnk8@g~:3@Tp+'8IȬ»֝1&j%{뵌[| ZQ. u1o 4HIe֐-ʿ*46].=rI@reKXb*o*6 _fbBmQyWro%<uԫ! jU7aϩPD#J#1h\j$ R7jcUѳ/[CgCgu&a+Vf\ţIgg^dp^JPnhg0`pť4Kmd$Aag ~'u5ы`b*˾䍢49~[l?zm|Mzo;*YP,zE+QIzXuMf*U#F_BڊQʟ{c{^\>SH/Q+$ĭrp[0)٬>nX3h3a\J7kIJyUBԷg/ʍ7`w~gVɮLZi(r8-Sݍ$7AK{}m 9#۝Ļ) wj?Ίn\DZqr!,@t 2!'x~Ж,ɫvMܽw{+K_x¨7qeNJYvkt3+z]sְZ]B>#ۥ /Ek 6.V3MqGF5Xu=$:RqW\Y=gAJ%ezRA{$nLw|`QvWPG%uKL<;Ҫ62 wl/&*QLfMTEFur;#°I-d @(ۆsjr8 :M)Zo [,1w1HR@(yNLq\sہ羲NÅι9c W 3\b3`D AFT/F[nP&\!) \*R@7AXfu1MN뚴(enRuEKu3fSnq#e^% 1x<^D[7IT]eEbIw W^,%O9/=Ky+[€̹d;_"iSyjvb?+h]3d܎ 5*Ⱥ4dzmni|^}pݨGu\^J8E)MN~)Bݸ .L1\=KQ{-ZudYqOHQ\!G[׈ܙNG&5iq￙LؒK9u ?lp7L3 Z %K5R/N{|-Kׯt[jSys" 'vA8d2LwP8@l|kMUtqi+wI1uul -Y|,D[8O!אLHǕl+/0v*H*'lG T+qL~)Y^HgIlP&SXƐd)UFm" NE c\OۥZq/+2P&gc@$RV׊vqy 8:Ṷwdc H{U,QR4j4ޔ)K'`%;I/Syß dL T80'HH}LI2WmQ-|kHXe1O, sUv]AgTx`ӟéjjY0\Dy<1(rkf ⱼQWj$൒4SpBi?̰Z̡ ËCI֐jôIch=<  %, p7(Ƿ"i*xid2%σzLO:/ctvlE;E/U)gDl32,0@@7\Ifg44V@2T;2çRJV @!#gP`=)v?[9VӁ6Fw)+F":=:FLv>:'|IcOp@6uE%I1sj4aV^_ךӢRfPV۔P@KUp1Ԭݑ^ԸJJF >2< iIi?F6'ԡ|uBMSj5bV G)k5QnjKD|_ſ;Dkq&g/yqղ"'`mxvT=p,$֨AkpK6s$L/SHe>&3v(#3$*cyL~ ,PKxL{R*v^kE1ݾSj[f6IG)Gͳ=SQ;`^Ŗ)CR9ޛgg@m y=cpr^&d?e"(#-pkwR eL` }*w>o_p(,yy O]֮0'a@9nnwI0t 5 ؽU y[<x+N 6;1d|jyө"/X&l#u$V(FBK*m$2;%ٌG+0U5I;IMEt[ x}(рLnnq5>ZEw{%<+s 4Rx`2IQsϣ`vu}ʿnDljΫ#Q*ܢ-+!Õp{EP+5B]ٳ#N3RIYC R+&zwN0x=M&e~,K; %)r_H'X]b.R3t W>:f .M2/%F!ʃGuŨ.d9Q9"og}*gA\>*F276 5)-g? gJ&ezU heKCN<%օ N'p˔e=Q: _0 /Cz~ N==+ }^+impы*ҙ_#zS Y '_1Mfb Ȉ&k3r>]~ܐTP"9)R(c[Dt$gܲ_lӃnv<;i)sqz£w3Ҹﵣ1]}D0Abb e2$'!'r"B`b|41|el_g秥8 YH 1 l5bYpla"n٠uӆ(ϡT;& |wͱݼWCZ<{5{U>-3ӧDԷ߇?? A[TL Ow㴶Pd4dOʁxC7 HiZqP8[{V1;: b!iӒj@wPZ "5&l.4/rOۆ 0M꩗c/3P f _D)u}8~P}eΙx:9Fx;.DT?͗i{8==S UKF:D'&D^FS/Գ*$CM< E}Ewl G[r*BhTR+T*on oӰҞS ק#H/پ- {}zw,*m;/9$}çƸE-քyݎOa$'jfٮK3 sv92nj砯Q $~pq(`X7$bL[F>7܅VSC4nG2'o9amœULcpst_x 7ft`5r{P%rzv-U"y#/8+bKAh5*uZq0τ5(s4W\ qpP#DgߑQwEЯc^SJK:[X䧧$O룞5K95n@T׉ogsno bF999l+^A hh͘r3:F mX.ڏV@HJXÜ(Sl &鬈,<MژgT?-nFXlqo-;]AB4 )ZdhoFg߁3\}˛= lD8`EjNj6sy}{+_l#8:EiC ׵JV"i#Ovp|do5-+@x%W95n&t۰ډe\G:AI4k K 9b[n9K4P}٫VOtkQۑC v4)5Kl[Զ/#ײ\6;Vƣ{&A54^*C'Q%۲5м6X|%%Y-R>>â bN2ʫvfcfqк晴䐷Qs.%E(>Q֎z6i "uƅCE(F' 9SRjrFZ~Ͻ+!9 ZЊz o jX9kl=Dܠe׳P#e Fa,RtY /aX6!8S}. Pฆϭ7.̅ 5ޱ[LUs@ވDHͩr%(P1rAmDLMƦS\SxI~ Ė%^ӕ8USX‰;|l΄I1fZ86CEYx^ul h ёĞzNܧJw\cRj|h\W 1zfe騬,6pt7y&31DBHhP,Exk.]ky=]zi˿GX YIe 3oO(5 :]VguaXq,M-ӗZ_0úSPr|m5(Y4;!VQXݝ^LN&Q(Mxp /]>}捤+ dsr YueTIAKwYFDPQ8D&=G vf%CXZ_ }'\'W7f#q2 b!Y &(֎ćb77„'>I0 16eӹxsLY8& 27JL0ptyK;+d7FSq8eUIrr+\qݥ"p֊fz!#;&i1WgpڕЭD*S%H/g_Zԣ\] _7"#V)q : |*|Y#b_Ѭ&1p9C#YPn[i6 jbs*_!WXmU=>{֧6*% g?G^oDՉDhWeHU.X˴sjh}oǘؘaZЮ.P+SrϤ {B%d/ Nv }[kx\Os(y26z\(+^4OѰEo@$bWj`GA~.NFqàlu˽\d--HޝpsΙY::> UvplW"S(ΣKe+O[^̯` u"'L!&mB+}SqpKܮrG#υO9W2b jq"|&FQl3 RRQneE,c{⓸B"jFɞU wӸ>!(.$_;3k=! 2պM@b_ a\I8=2Y0<$2!E`Fd7H i--n'xȓTASep6!^y#8lԻJh|#8VA|aUt?$#".!J(]?&g%#'RU[ǵffcRM/^&ΔY2[;H9T^c^&\,[5,Uo2hW2I,IF0 yvd(WqV3'`ǡ\/pF١x $3C'Eba㲗!$[* B:frc_j V,Td}O%U^d yIy"ޚ)939bĦWz[NrO>y0>ݤmY+KҊ>aQ9x[e3ҧ/}q` 9ٙUD!~K7.j8$zƤA  j( ]ܯ#&f$^ҾK;*SC~)%WdMC\3EJ9M~nX̻8KXF&*wsr;u^۫f#/ RҺc /DMit{gZr$Q)a2ePڡDu:䮊kXNH~xSLJ` 3Rl28E /qwM`~fsKM2moy @5641k{rp#NȂ<|lmU KvE__@(fC,mNMg{9]@NKfޒ|5!n`Q↗RZ<+HD[}&hx]HYɏ 0~dO1OͿ Ŕڠa=Fԑ{[+aka^76+RS-Ei\U'˽ i G>X "I\qLPo}w1i$]ډp?I iW{^Af=Lpٵ`>6IC|h+w̮W5仺>.g#9o}J9Tۅ?8h+e[r|I ?X4[a6ނɷ_&Fn(,9JkSFlrpT_}itg؎h~_Eø"<N%{ʈݶd,Zl`taBXY  f0Utj X,AU9u*69H\da9>˱?IEp`"k)CP!P%`z[J|o#VCSNV{$Ohˣ)Gi'; ҕND\D~OY/T^L/#GDdE` qR1(u546ֈ2n+k^VuƇZ~YQ6-JR?4c }ɨ|vmS&ͥVXmAv\-£z_3!_od`x+/+n#7hU5]|gC᾽k*ʮLI i7?g O&f%SGDG}J6/;n^ sH(o6(>diA@I”dH胜 %, k\Èw%͸ddy/`BTO '&̿znR"x"C^011jk$ƈ9;1ؽ8;.B s:0>2#o -6Ţo]}N8G61Z{l^KFX{I>'e˾5jg{X\ެ4ı>̈́M {a/rfkb"lvc?Y?Qg!Q ::=޴ML̀*bItWɉR~':d'S\-@VֽO/:i&dC2M@Wu:4Z{| 8C|EAxTd;`&iJNo.Wt_F08հ$2qRJW`ֻS.3p5: <̐9p|o$ `lav,I W2ɆE)lWi+ԬA.6bq'S-=$#'9Xr4뉯8 g-%ls y FJ wľ8Bf;azC06vLgj]}L@&'&̪mji~7{+Ug=ݝ !ts{+@Fe6 (pj"\On>C7]x;l9Dr=40ᕚtpjpѐ~C^+m\Xc=Ϟm1?Ѣ!j2V-0N 4:Rz23?Ny6; 7)Ry; P4:{/=2VI^e5r룳=1 }@AA푻JG܊6mCzXw{a 4tZ&E8kq CIâacJ̾z$΍=S B5"rwYڃW:8BБh;zum`Su8P"!@t7qZtG&Ohȕo&QVq Z8y/.V܆^BccN^5Cpg)1f*^,$KSirVytKXfMsrz*-mul( Q{&(& 4QP _(%*amZK3!tz)tfj>zILԘ|9(kʚ6opߔGqϘ_p@V?)hbm **&H=AsopVK=~<8 ) j`Eq%|,X>DNQpxJtw:gx?-,Ini7ȝ0u܄ [1q d%B$rl15nP1}t- f}n@0WTWD{JZa9g 3$Hp)zpw( ߪ#8Dk5٤MP\K'N8h$vGھiHO.c 5a5T}v+"hΔTj([p{jzZ ~âa<./ ,_Ǚ β3@ow|Α#zKXFQ `QFz{1K%,(81;<C)Q2p/dRr[O{7f;DҪ,ŦDk*uϠ7 Ze<>VhJĵU9A d\h;~k2zŝȌJY ɭZۻ kmM!ڃV2i4tjVs YZ