python-doc-pdf-2.7.18-150000.89.1<>,Pi8,p9|E![ɬmKI8!} 6y熁b(S0cx_u?G5VqS>CQ0Nٽ!;uEߒOM6.ECDl{?Ƶ6l q#I_E|P!OŶ'}L>4?2!/)io$FҳVl1?|8"| qfM雚+!CΜMn!E,I+| wxWBF>>|?ld $ =-NY o44 4 T4 $4 4  444 4w(8y9y:pyB!F*G@4H4I4XY ZD[H\P4] 4^xbcdeflu04vz  &hCpython-doc-pdf2.7.18150000.89.1Python PDF DocumentationTutorial, Global Module Index, Language Reference, Library Reference, Extending and Embedding Reference, Python/C API Reference, Documenting Python, and Macintosh Module Reference in PDF format.i8,h04-ch1bOZSUSE Linux Enterprise 15SUSE LLC Python-2.0https://www.suse.com/Development/Languages/Pythonhttps://www.python.org/linuxnoarch 0B pNlLa)6k1IDz%/QB N/yy 0B pNlLa)6k1IDz%/QB N/yyA聠A聠Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z1Z16b8185d900cc3ff37b547be18911948097f6fe611e6f5952299375f47708a4aae0143653f51e04c90e307d2d2288f63b2718900202d113b873c0c05f726e16d3df865e83f9a186c4a57a79f28e65d984c8a092874fe5ead1e4a4aae8d057365dc05c40059e9784ddfac8313b83b430f55c8076724c9643fb3d9f34a2ad4c9b46cc8b3fd116a75fec51bd7154883afd25cb54ab6079c2a90542afdeef912ad1ae25750fe32b57317566bd6d89051f2eeba9157f77bdf07c7b4c0de2f68346870de689afe8357361e7d6fab9e2bb7476cbc53fa4e32f23cc5ad89da85d72effa50df4ab3c8720372ac83e2b690a3146060d17d9b0ef418ec0b16a53caefa84756c2bbf2520c8206d7f3b9362e32b47c85b6440292b92c8cfb8a072d9095cc81dc9e21352b4bfbf4bd35fb25395fd7a268fc1f4cf31cd71917b508609c79d330c6471c5b070a2d2de99424803578e315ff4a0d7c9dd9592dad3e751f6a10c3a9a85f8b15302cbd87a37dbc0594eabf17e25fd2ec1bdc95fd5b437bd47b1ce394d4a0ccaaf954403912fdfb2d65d8fbd62f0cc08fa0efa07ad1742af8db8f1c711e2797c818fe8cb79b34f612d3d529826479b8eb4bdd5e225de1547e922b2cf3766b33ade01284e417836de9231cde7c069b78934d3a18cc117214361ea2fa4d5c807841d8b9cd505e71a6508df0d3a29eb82bbd3fa39eb667c210b7f1c674d692ea2bef89b069e7c0b8d166aecb94aa191d844b675da189ee3127512c63babfeee2b8ff0d9d88e8d53243071a9af3991c3474cfea98e0d3f2c1762a7068fa71bd0e40ca7a600ee08349ba08a01b96177e8a8aa3538328a20496f48cdd47596f5e66f41d2420dfc71a12dddf7a8f820648370b8cba29706bf41aa7b08a82e5e080168f5501cfb868a99db4a2714a5ffa25fd6bbd0c6bcf39a8d3671ef35b5154ee533ea6ff29694c1b319bbf8da48cc06836e498f06ed0248f9d1b4f5964b8d167a07301fd163c3e8e866aab6e8368f6780ded7402539d298002a923d01ce62233beb0e8974bb63cba28450cf8531d287b6ef4e602cfd6a3ff932daeb7328b440d7726e02f25e05a34f143a7488b6be769b1b839f8cb54947788054066336afea4867d5159274af860fc9a95918fb09caf0216bb1749d469844fd73c6e28eaf79768e52dd1550f70abd95bd2039a7b3e50fcd2b886472b218dd61d78721a93f13e8425618238b68d2dcdffac0134363d92e165144ecafceb55a40c38324f5ae0fbf638ab5b6c5a457101636d77200e890fa5ce7d5621d5087ddfb4cf1977d1660b4a90b34a96df36314f38551aaf8adef20d7b8b8dba36707e04003fc2d1c6868bbf5ed9a6be79dd7dc7275219a782562e48011d1e8c10509c70eee9a3e508bd65155ada341ccf52916e97012648931f9537a94a9cf48866cd585519a8f80f8993fc3d3205ab5d6bd066f492273355670476eda4f453c0618df4a6213e2ca39cc481562c706fc78c26d4d157d6b6fc0eddf04457d94a43bdebb07d8675e60bf24f11b5fe0f83c640415520f90211eaac0d25c1acdab5c6fc966af1afcea479a300016810629cc976ff4750c63baa25fe59d8f13bbbb835c407a2645f930927bbd782d5b5a6725553d356c2633a31a10142645d41e73b67bcd7626320ed56617f04b334550cb39f964c6421ace11cdddf7071282e487afe66d476bdef0f4317365d259039996ba741f166e0f11b292b371e4c58cd29ad3ad98ba639e08d85cfeaac4e5ae5e138adf2d25e923964d8509c619eb1fc11961cab6729ea4fb00ef2d2525df047f77b39f79ca0a12bb8039c8b1b3ec67ea6b25f59fc5e756d17fa558e44ca312ca97e3007d3a673ee4e686e23af06b4ea18801c2b7eb7075870cefc4f2a388ebc50a9f96e30f5d6cfae445470e28d8fa4ffe5d649aab4df2a881c5da1cfa9128915a6c9c2af8359b8ed1a783787d7b7cf5326be6aef02526f29962a72b4267e5f95108666f8fe5d90b764ab7db2664083eec0a79d112a7774ff594bb8bc04d82feb7dbd50deb04d49f37ef9583780de72dc1c1126c5ec8b93d79feebf7e6bf47ab52b8c454a0903fef0eb1cfc30d5fa6a239905e1deed50fcb46471bc4cb4f5a7b96410b5cc8699f9c4bf5b271670a8c6aed67e6cd25b8213c492a7a2812a58b12885e499476d4d84c8b5e751ade36f1a3532aa18113a44a161f24d8a5620aa7fa110bca181c3e7e71b5315bbd7defaf549180fb71a90fa08b1e88336068rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpython-doc-2.7.18-150000.89.1.src.rpmpyth_pdfpython-doc-pdfpython2-doc-pdf    rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1i@i h@hxgw@g@g@g4f@fH@f?]fh@e,e @eedeeeRd˖dD@dq@du@dtdm@dxdc>@cӼc0c|ck@c pcbbb@b@b@ba@a@a(@aim@aI@a'@a#aj@a`t`8`_T^J^@^@^>^>^;^8 @^.^g@^ @]f@]@]]]d@]d@]@]z@]V]y@]9]1]\t@\\7\7\\J@\J@\C@\2[[#@[6@[@[ @[Za@Z@ZxG@ZtRZp^@Z, gh#python/cpython#103848#issuecomment-2708135083).- Modify CVE-2025-0938-sq-brackets-domain-names.patch: we don't use bracketed_host variable any more (correction of the fix for bsc#1236705, discovered during analysis for bsc#1223694).- Add CVE-2025-0938-sq-brackets-domain-names.patch which disallows square brackets ([ and ]) in domain names for parsed URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)- Add CVE-2024-11168-validation-IPv6-addrs.patch fixing bsc#1233307 (CVE-2024-11168, gh#python/cpython#103848): Improper validation of IPv6 and IPvFuture addresses. - Add ipaddress module from https://github.com/phihag/ipaddress - Remove -IVendor/ from python-config boo#1231795- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).- bsc#1221854 (CVE-2024-0450) Add CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch detecting the vulnerability of the "quoted-overlap" zipbomb (from gh#python/cpython!110016).- Switch to using the system libexpat (bsc#1219559, CVE-2023-52425) - Make sure to remove all embedded versions of other packages (including expat). - Add CVE-2023-52425-libexpat-2.6.0-remove-failing-tests.patch removing failing test fixing bpo#3151, which we just not support. - Remove patches over those embedded packages (cffi): - python-2.7-libffi-aarch64.patch - sparc_longdouble.patch- Modify CVE-2023-27043-email-parsing-errors.patch to fix the unicode string handling in email.utils.parseaddr() (bsc#1222537). - Revert CVE-2022-48560-after-free-heappushpop.patch, the fix was unneeded.- Switch off tests. ONLY FOR FACTORY!!! (bsc#1219306)- Build with -std=gnu89 to build correctly with gcc14, bsc#1220970- Add CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).- Add CVE-2022-48560-after-free-heappushpop.patch fixing use-after-free in Python via heappushpop in heapq (bsc#1214675, CVE-2022-48560). - switch from %patchN style to the %patch -P N one.- (bsc#1214691, CVE-2022-48566) Add CVE-2022-48566-compare_digest-more-constant.patch to make compare_digest more constant-time. - Allow nis.so for SLE-12.- (bsc#1214685, CVE-2022-48565) Add CVE-2022-48565-plistlib-XML-vulns.patch (from gh#python/cpython#86217) reject XML entity declarations in plist files. - Remove BOTH CVE-2023-27043-email-parsing-errors.patch and Revert-gh105127-left-tests.patch (as per discussion on bsc#1210638).- Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing gh#python/cpython#108310, backport from upstream patch gh#python/cpython#108315 (bsc#1214692, CVE-2023-40217)- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669.- (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API).- Fix the application of the python-2.7.17-switch-off-failing-SSL-tests.patch.- python-2.7.5-multilib.patch: Update for riscv64 - Don't fail if _ctypes or dl extension was not built- The condition around libnsl-devel BuildRequires is NOT switching off NIS support on SLE < 15, support for NIS used to be in the glibc itself. Partial revert of sr#1061583.- Add PygmentsBridge-trime_doctest_flags.patch to allow build of the documentation even with the current Sphinx. (SUSE-ONLY PATCH, DO NOT SEND UPSTREAM!)- Enable --with-system-ffi for non-standard architectures.- SLE-12 builds nis.so as well.- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters- Disable NIS for new products, it's deprecated and gets removed- Add skip_unverified_test.patch because apparently switching off SSL verification doesn't work on older SLE.- Restore python-2.7.9-sles-disable-verification-by-default.patch for SLE-12.- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names.- Add bpo34990-2038-problem-compileall.patch making compileall.py compliant with year 2038 (bsc#1202666, gh#python/cpython#79171), backport of fix to Python 2.7.- Add patch CVE-2021-28861-double-slash-path.patch: * BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. (bsc#1202624, CVE-2021-28861)- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module.- Filter out executable-stack error that is triggered for i586 target.- Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). - Recover again proper value of %python2_package_prefix (bsc#1175619).- BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation.- Older SLE versions should use old OpenSSL.- Add CVE-2022-0391-urllib_parse-newline-parsing.patch (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs containing ASCII newline and tabs in urlparse.- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146, bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib not trust the PASV response.- build against openssl 1.1.x (incompatible with openssl 3.0x) for now.- on sle12, python2 modules will still be called python-xxxx until EOL, for newer SLE versions they will be python2-xxxx- BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation.- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch. - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). - Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211 (CVE-2020-26116, bpo#39603) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Such characters now raise ValueError.- Renamed patch for assigned CVE: * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch -> CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (boo#1189241, CVE-2021-3737)- Renamed patch for assigned CVE: * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch (boo#1189287, CVE-2021-3733) - Fix python-doc build (bpo#35293): * sphinx-update-removed-function.patch - Update documentation formatting for Sphinx 3.0 (bpo#40204).- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in request (bpo#43075, boo#1189287). - Add missing security announcement to bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch which fixes http client infinite line reading (DoS) after a http 100 (bpo#44022, boo#1189241).- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336).- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution.- (bsc#1180125) We really don't Require python-rpm-macros package. Unnecessary dependency.- Add patch configure_PYTHON_FOR_REGEN.patch which makes configure.ac to consider the correct version of PYTHON_FO_REGEN (bsc#1078326).- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).- Update to 2.7.18, final release of Python 2. Ever.: - Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben Caller. - Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators. - bsc#1155094 (CVE-2019-18348) Disallow control characters in hostnames in http.client. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host. - Fix problems identified by GCC's -Wstringop-truncation warning. - AddRefActCtx() was needlessly being checked for failure in PC/dl_nt.c. - Prevent failure of test_relative_path in test_py_compile on macOS Catalina. - Fixed possible leak in `PyArg_Parse` and similar functions for format units "es#" and "et#" when the macro `PY_SSIZE_T_CLEAN` is not defined. - Remove upstreamed patches: - CVE-2019-18348-CRLF_injection_via_host_part.patch - python-2.7.14-CVE-2017-1000158.patch - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch - CVE-2018-1061-DOS-via-regexp-difflib.patch - CVE-2019-10160-netloc-port-regression.patch - CVE-2019-16056-email-parse-addr.patch- Add CVE-2019-9674-zip-bomb.patch to improve documentation warning about dangers of zip-bombs and other security problems with zipfile library. (bsc#1162825 CVE-2019-9674)- Change to Requires: libpython%{so_version} == %{version}-%{release} to python-base to keep both packages always synchronized (add %{so_version}) (bsc#1162224).- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug "Python urrlib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)" (bsc#1162367)- Provide python-testsuite from devel subkg to ease py2->py3 dependencies- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch off tests coliding with the combination of modern Python and ancient OpenSSL on SLE-12.- libnsl is required only on more recent SLEs and openSUSE, older glibc supported NIS on its own.- Add provides in gdbm subpackage to provide dbm symbols. This allows us to use %%{python_module dbm} as a dependency and have it properly resolved for both python2 and python3- Drop appstream-glib BuildRequires and no longer call appstream-util validate-relax: eliminate a build cycle between as-glib and python. The only thing would would gain by calling as-uril is catching if upstream breaks the appdata.xml file in a future release. Considering py2 is dying, chances for a new release, let alone one breaking the xml file, are slim.- Unify packages among openSUSE:Factory and SLE versions. (bsc#1159035) ; add missing records to this changelog. - Add idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830)- Add python2_split_startup Provide to make it possible to conflict older packages by shared-python-startup.- Move /etc/pythonstart script to shared-python-startup package.- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes bsc#1149792- Add adapted-from-F00251-change-user-install-location.patch fixing pip/distutils to install into /usr/local.- Update to 2.7.17: - a bug fix release in the Python 2.7.x series. It is expected to be the penultimate release for Python 2.7. - Removed patches included upstream: - CVE-2018-20852-cookie-domain-check.patch - CVE-2019-16935-xmlrpc-doc-server_title.patch - CVE-2019-9636-netloc-no-decompose-characters.patch - CVE-2019-9947-no-ctrl-char-http.patch - CVE-2019-9948-avoid_local-file.patch - python-2.7.14-CVE-2018-1000030-1.patch - python-2.7.14-CVE-2018-1000030-2.patch - Renamed remove-static-libpython.diff and python-bsddb6.diff to remove-static-libpython.patch and python-bsddb6.patch to unify filenames.- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in python/Lib/DocXMLRPCServer.py- Add bpo36302-sort-module-sources.patch (boo#1041090)- Add CVE-2019-16056-email-parse-addr.patch fixing the email module wrongly parses email addresses [bsc#1149955, CVE-2019-16056]- boo#1141853 (CVE-2018-20852) add CVE-2018-20852-cookie-domain-check.patch fixing http.cookiejar.DefaultPolicy.domain_return_ok which did not correctly validate the domain: it could be tricked into sending cookies to the wrong server.- Skip test_urllib2_localnet that randomly fails in OBS- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) Upstream gh#python/cpython#13812- Set _lto_cflags to nil as it will prevent to propage LTO for Python modules that are built in a separate package.- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised.- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch removing unnecessary (and potentially harmful) URL scheme local-file://.- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised (CVE-2019-9636). Upstream commits e37ef41 and 507bd8c.- (bsc#1111793) Update to 2.7.16: * bugfix-only release: complete list of changes on https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch which are fully included in the tarball. * Updated patches to apply cleanly: CVE-2019-5010-null-defer-x509-cert-DOS.patch bpo36160-init-sysconfig_vars.patch do-not-use-non-ascii-in-test_ssl.patch openssl-111-middlebox-compat.patch openssl-111-ssl_options.patch python-2.5.1-sqlite.patch python-2.6-gettext-plurals.patch python-2.7-dirs.patch python-2.7.2-fix_date_time_compiler.patch python-2.7.4-canonicalize2.patch python-2.7.5-multilib.patch python-2.7.9-ssl_ca_path.patch python-bsddb6.diff remove-static-libpython.patch * Update python-2.7.5-multilib.patch to pass with new platlib regime.- bsc#1109847 (CVE-2018-14647): add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo-34623.- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance of PyWeakReference struct and does not intialize wr_prev and wr_next of new isntance. These pointers can have garbage and point to random memory locations. Python should not crash while destroying the isntance created in the same interpreter function. As per my understanding, both wr_prev and wr_next of PyWeakReference instance should be initialized to NULL to avoid segfault.- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746 (CVE-2019-5010). An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.- Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros.- Add patch openssl-111.patch to work with openssl-1.1.1 (bsc#1113755)- Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802]- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS (CVE-2018-1061). Prior to this patch mail server's timestamp was susceptible to catastrophic backtracking on long evil response from the server. Also, it was susceptible to catastrophic backtracking, which was a potential DOS vector. [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]- Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this check, attackers could cause a denial of service (divide-by-zero error and application crash) via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207]- Apply "python-sorted_tar.patch" (bsc#1086001, boo#1081750) sort tarfile output directory listing- update to 2.7.15 * dozens of bugfixes, see NEWS for details - removed obsolete patches: * python-ncurses-6.0-accessors.patch * python-fix-shebang.patch * gcc8-miscompilation-fix.patch - add patch from upstream: * do-not-use-non-ascii-in-test_ssl.patch- Add gcc8-miscompilation-fix.patch (boo#1084650).- Apply "python-2.7.14-CVE-2017-1000158.patch" to prevent integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution. [bsc#1068664, CVE-2017-1000158]- exclude test_socket & test_subprocess for PowerPC boo#1078485 (same ref as previous change)- Add python-skip_random_failing_tests.patch bypass boo#1078485 and exclude many tests for PowerPC- Add patch python-fix-shebang.patch to fix bsc#1078326- exclude test_regrtest for s390, where it does not segfault as it should (fixes bsc#1073269) - fix segfault while creating weakref - bsc#1073748, bpo#29347 (this is actually fixed by the 2.7.14 update; mentioning this for purposes of bugfix tracking)- update to 2.7.14 * dozens of bugfixes, see NEWS for details * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664) * fixed segfaults with dict mutated during search * fixed possible free-after-use problems with buffer objects with custom indexing * fixed urllib.splithost to correctly parse fragments (bpo-30500) - drop upstreamed python-2.7.13-overflow_check.patch - drop unneeded python-2.7.12-makeopcode.patch - drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch - Apply "python-2.7.14-CVE-2018-1000030-1.patch" and "python-2.7.14-CVE-2018-1000030-2.patch" to remedy a bug that would crash the Python interpreter when multiple threads used the same I/O stream concurrently. This issue is not classified as a security vulnerability due to the fact that an attacker must be able to run code, however in some situations -- such as function as a service -- this vulnerability can potentially be used by an attacker to violate a trust boundary. [bsc#1079300, CVE-2018-1000030]- Call python2 instead of python in macros- Fix test broken with OpenSSL 1.1 (bsc#1042670) * add 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch- drop SUSE_ASNEEDED=0 as it is not needed anymore- Add libnsl-devel build requires for glibc obsoleting libnsl- obsolete/provide python-argparse and provide python2-argparse, because the argparse module is available from python 2.7 up- SLE package update (bsc#1027282) - refresh python-2.7.5-multilib.patch - dropped upstreamed patches: python-fix-short-dh.patch python-2.7.7-mhlib-linkcount.patch python-2.7-urllib2-localnet-ssl.patch CVE-2016-0772-smtplib-starttls.patch CVE-2016-5699-http-header-injection.patch CVE-2016-5636-zipimporter-overflow.patch python-2.7-httpoxy.patch - Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1. (dimstar@opensuse.org)- Add reproducible.patch to allow reproducible builds of various python packages like python-amqp Upstream: https://github.com/python/cpython/pull/296- update to 2.7.13 * dozens of bugfixes, see NEWS for details * updated cipher lists for openssl wrapper, support openssl >= 1.1.0 * properly fix HTTPoxy (CVE-2016-1000110) * profile-opt build now applies PGO to modules as well - update python-2.7.10-overflow_check.patch with python-2.7.13-overflow_check.patch, incorporating upstream changes (bnc#964182) - add "-fwrapv" to optflags explicitly because upstream code still relies on it in many places- provide python2-* symbols, for support of new packages built as python2-foo - rename macros.python to macros.python2 accordingly - require python-rpm-macros package, drop macro definitions from macros.python2- initial packaging of `python27` side-by-side variant (fate#321075, bsc#997436) - renamed `python` to `python27` in package names and requires - removed Provides and Obsoletes clauses - dropped SLE12-only patch python-2.7.9-sles-disable-verification-by-default.patch, companion sle_tls_checks_policy.py file and the python-strict-tls-checks subpackage - dropped profile files - removed /usr/bin/python and /usr/bin/python2, along with other unversioned aliases - rewrote macros file to enable stand-alone packages depending on py2.7 - re-included downloaded version of HTML documentation- update to 2.7.12 * dozens of bugfixes, see NEWS for details * fixes multiple security issues: CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) CVE-2016-5636 zipimporter heap overflow (bsc#985177) CVE-2016-5699 httplib header injection (bsc#985348) (this one is actually fixed since 2.7.10) - removed upstreamed python-2.7.7-mhlib-linkcount.patch - refreshed multilib patch - python-2.7.12-makeopcode.patch - run newly-built python interpreter to make opcodes, in order not to require pre-built python - update LD_LIBRARY_PATH to use $PWD instead of "." because the test process escapes to its own directory - modify shebang-fixing scriptlet to ignore makeopcodetargets.py- CVE-2016-0772-smtplib-starttls.patch: smtplib vulnerability opens startTLS stripping attack (CVE-2016-0772, bsc#984751) - CVE-2016-5636-zipimporter-overflow.patch: heap overflow when importing malformed zip files (CVE-2016-5636, bsc#985177) - CVE-2016-5699-http-header-injection.patch: incorrect validation of HTTP headers allow header injection (CVE-2016-5699, bsc#985348) - python-2.7-httpoxy.patch: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (CVE-2016-1000110, bsc#989523)- Add python-2.7.10-overflow_check.patch to fix broken overflow checks. [bnc#964182]- copy strict-tls-checks subpackage from SLE to retain future compatibility (not built in openSUSE) - do this properly to fix bnc#945401 - update SLE check to exclude Leap which also has version 1315, just to be sure- Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1.- add missing ssl.pyc and ssl.pyo to package - implement python-strict-tls-checks subpackage * when present, Python will perform TLS certificate checking by default. it is possible to remove the package to turn off the checks for compatibility with legacy scripts. * as discussed in fate#318300 * this is not built for openSUSE, but retained here in case we want to build the package for a SLE system- python-fix-short-dh.patch: Bump DH parameters to 2048 bit to fix logjam security issue. bsc#935856- add __python2 compatibility macro (used by Fedora) (fate#318838)- update to 2.7.10 - removed obsolete python-2.7-urllib2-localnet-ssl.patch- Reenable test_posix on aarch64- python-2.7.4-aarch64.patch: Remove obsolete patch - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64- update to 2.7.9 * contains full backport of ssl module from Python 3.4 (PEP466) * HTTPS certificate validation enabled by default (PEP476) * SSLv3 disabled by default (bnc#901715) * backported ensurepip module (PEP477) * fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 * dozens of minor bugfixes - dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch - dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it with ssl module from Python 3 - libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well - python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional "import ssl" from test_urllib2_localnet that caused it to fail without ssl- skip test_thread in qemu_linux_user modepyth_pdfh04-ch1b 1765288984  !"#$%&'()*+,-./012342.7.182.7.18-150000.89.12.7.182.7.18paper-a4c-api.pdfdistributing.pdfextending.pdffaq.pdfhowto-argparse.pdfhowto-cporting.pdfhowto-curses.pdfhowto-descriptor.pdfhowto-doanddont.pdfhowto-functional.pdfhowto-logging-cookbook.pdfhowto-logging.pdfhowto-pyporting.pdfhowto-regex.pdfhowto-sockets.pdfhowto-sorting.pdfhowto-unicode.pdfhowto-urllib2.pdfhowto-webservers.pdfinstalling.pdflibrary.pdfreference.pdftutorial.pdfusing.pdfwhatsnew.pdfpaper-letterc-api.pdfdistributing.pdfextending.pdffaq.pdfhowto-argparse.pdfhowto-cporting.pdfhowto-curses.pdfhowto-descriptor.pdfhowto-doanddont.pdfhowto-functional.pdfhowto-logging-cookbook.pdfhowto-logging.pdfhowto-pyporting.pdfhowto-regex.pdfhowto-sockets.pdfhowto-sorting.pdfhowto-unicode.pdfhowto-urllib2.pdfhowto-webservers.pdfinstalling.pdflibrary.pdfreference.pdftutorial.pdfusing.pdfwhatsnew.pdf/usr/share/doc/packages/python//usr/share/doc/packages/python/paper-a4//usr/share/doc/packages/python/paper-letter/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:41898/SUSE_SLE-15_Update/f9a9b005b4af8d864ff6b78ecf7dc849-python-doc.SUSE_SLE-15_Updatedrpmxz5noarch-suse-linuxdirectory^>_Lutf-88ae6ddf20ab05771e208a71b53cfc95a0b0d638db7572ebcd08b4760877c66ed? 7zXZ !t/]"k%w#) Ք=mX}{2wp" ޚld'_ Jk%dǿˊ!=k׼1G!^Bm(3lRdٸsr6 +~c~k-/?W՝SbK mư RUt rN8>ש\A G_ћn>߾8mr*SYu5F҇U{\&imXVztB-A(?зoePJGn?/Zo3>ȍ ْ[Y %G8Φ60z iLO 5M".|yd78}2.4$El00-N>ر fa~G5|h-Q;bcAt4W'BkW'|WFtB!X<}մʍCH{@wZ*Ⴔk; UCPDOYǺ[?=,{Cް.3lEAKw& 25e =ql^/(5l98T8v`*BXk4Y5it,I@wܑoZS6b%ŢiE! τu(NEIШO]eĩ; eע0V4(p!=pA ,8Za' cVJ 3G^&6sB ]mSl?)d*c\!XƼ ]w%9Pҵ$,P+̱% ZNf א++>PKśrMA],8deiy^bd<ѣΤ iA&#hBE"t R\e@61}N3bbtu3]5QpMXV2Ğp~() LhtZ2GH7 e2Ipg!ڣlK `SNFwhߔpxwFiz*?# 8Z՘եn3%e*+UPAhZ 9@ilBg3qQ )=Q;/xq+ ZãL[f7*evf* ~uWxeJHUH3!RR+}&'%}^Gmߢ5 72}`DF*XX&vL\~Q_-P:,=y5Y^m%8Y@x27Lўb{