python-base-32bit-2.7.18-lp152.3.21.1<>,papQ/=„1ܱk`Ta"rX2i1oF q;2 >?d ( H  )@FM\=P= = D= 8= 5= t=h===$${$(8M9M:%mM>p}Gp=Hq|=Irp=XrYr\r=]s=^vbvcwdx"ex'fx*lx,ux@=vy4<w=x=yCpython-base-32bit2.7.18lp152.3.21.1Python Interpreter base packagePython is an interpreted, object-oriented programming language, and is often compared to Tcl, Perl, Scheme, or Java. You can find an overview of Python in the documentation and tutorials included in the python-doc (HTML) or python-doc-pdf (PDF) packages. This package contains all of stand-alone Python files, minus binary modules that would pull in extra dependencies.apQlamb060AlopenSUSE Leap 15.2openSUSEPython-2.0http://bugs.opensuse.orgDevelopment/Languages/Pythonhttp://www.python.org/linuxx86_64/sbin/ldconfig- 6F vvtnp8HV$:8R0bT]|KD>>0<k79PJTT74|g\ P<BT  I'D\8)TT8\)0j @'gt+<gL&`F@Y LTAA큤apPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapPapP36b49ceb90178dbea49c7b24877b6d489302c88baa4f8a52a68c4603aa05a2e3abbcb0390c07ed85549c0799a0d61d4fd61db86e205f8dcc0b2603b4d82124b124a5bcedf7db77238c76fe58d9fb0e0e90377f1cdefb4af55f073bef6cb3a1050f847c4dc4469fc56eb56f7490e810b0865c9812feb509eaaffaf9df560eb8a2a673428f31ef0438165f72f29be5e120a4d977036eb75dfdc88a5f607c93fd5d392fb5b54091187863fd8771929feb51c365853dc0db0e6721782494757b2d5242a937e96eaa7457517389cc51d88766b7c3913696a7b45c4746f0fb14b5e15c7443ba3a7b7242b970ca7bf608963ae1766b20b117312737b260a0da497e10d14feeabf2eb3d52ac3c3db861e90ed5191162e642b198517cdc566737614dde37bcf7177dd1fabca41199f5b6588b1071adaf269840aef9d3a960ccfde70588abc8478ad0c51096a6fcca9656f87eded51a629f517c5efc5c600359882de2e8f7d2887e3fd50e842de1ee930769508d0832b8b9fe52a2cd72f123a479b01fb0d3d82258e0c8bc49b81e47de7c80c5ae7c7886b0b2786350b7acb6f7006bd430cce12683178b1a57a18b6b87c560a1d0cb454b06f36ba1a9faee95c2139c9bc3b9d432a48cf6e20f9d74dc69b24617a3e361474583fbfb14a3ef569fc53f554efa1c155ddc6102a34557db122f259d7d932fdb159ed44f44105ad1d53a1d77fa4acfe289afde2fe0d4812d45078bbbf91e060a9f024f7febc047be58ca02dae47974817ae2ed62c82fa7a49a4ae70ad5a6111f02b473378a0730a5e9d9f060e24d3416991e24b9cda31618a5a1fa4e746139289d7c63d2870688e38093fddf9871a5456a851e074a7110abe39e7585ce3db5cefee5856cf247b3395b26627d20f61f8703fa2c543129b9f607fcbdac88545e4293adc665356ca312bafc7a4a71a92c9c36ba0fd2b98aae3850fea26031c698770f889b90eceb5369e12d97ff4413091f32b84a8b8f53fdc403e60a084e7de0d17b957e66d19edd62d1063d03791603051911b3bf3a50590146bc0ec8db746f92ea75c2ff36f968fb0eeaffb7622ebd704ec846233bebd1728c7fb02e9b5bf3bd92be62baa8aea2b4e9a6c41fcd6027666d429e6569b3879823d67ca78a582e22a020d4bf09ebdfa163db890ebdba67be19f80de85ad94fdc0ae6f391a160f80d66a68b0b5871aee8e91eb80c3996fcf29f1b76662ce23d4b910d8479612cf38f3be8b7cb7b923e997010a7403a26abbe67d42dde354b9bbae7d29c1c90128437c9126b6855475a511992bbddccb26fdf843717403ce7c60439f615ed951ad30cebbe732f2880a6b4a37ef440aacb781ad950ee61261c334cf31917b862e62231cede58e5ab3c765e7b1ac2694aebe22398f38433bf656a3f7d64d38848f167e861cc029faee5fb2c468707f739414478b2f404c9c5c2e7040e5bd038790cf344ef4b4bab9f9c29e908d3f1bbdd95c0d3d1bea394546677cfef5047e6d350d8edb1513b07d04324aa99c298445897f3c542123616805b2c5b4ab8ea84b1b5e3b023fc0f321b7788b33c282a9277e940a38bcf48938a5b738fda37c798e35e006a9c4d3778c9a278d368a73f96c2fc7579018d737c5c864b363386bce78e1763fec71cfb35d9118078f35f3005e8527696d287d191f187d9e79d0d0c0f42c96b5514913aace7467a1450eda32d5df64251c7e7c66e8d2212589654f7f801e5953b8675095fee11cc770772042320dd1b1f429e6b01452fe125808cf6ab9d9bf268cd1a2b1dc3153fe39e61a23619a0656c1cd5ad658b21c178476cb317cb759b26d142ff89c4dfa9473e73516f2589114fcbf5d5de8d48bc6e457fd5336b4a683db10556ee80fbb615dc7be0e85d2bc4cc28178f6fe5a962ce8d88278f05388f717cc0bcec73d4fd1523308cacefd919b7cd6d0ff88a136d316264d2001e1a29bb327099718cbf481a7af0a497fc05e0126d157aff8ea685928da0b77b3f2bea08d9a73bcae77e1f9160ffd4861477cab0ccbd5c6881ffab17c0135c1b9ec9fa11611747de9aa0cafe959591bf72f895964a4fe5d23060f2e60bb5e755fa5182c65c15753650b8f60dc14159371d7937a91e5e05f59d02887035f4e67ab495069c6eadf974f0d40b35240cd860c9fd575694fb1f681dffa91cb75b6b9f0d5437ee2f2cea29a2a36bbadf4bfd3f83ad7e32cd083cb55d14b9addff39d83ccf7c08a15063a83fcf1789faafccf554ccc38530e0865c6b8fd17023db5043ee6b5b2bf6bad3b31c8d6e9a45faf8a30ce91e51ffecd7b0ade31820bbff1f5ebbb142eb6f64cdead272a10b3bd147844197c26339e9b574126e0e7268f5e81560818e49a75991be780e5fd190a67f22735fdcf4082a7d050c7f62b4074aa0f8c38f2cd54847f200b87766d2de0c175b4e5317c313d4f640adeda34c3e57fca48127ee7f85c2ba1905d8199278feaf232cb11d8e775f55bc9381edac6cc46f7a200adf3ef788d18d1a095b40e4bf4d5839c78c2f7675a6158e3764aa4f1e2b2eb59cb56949fecfa79d262e6a5b06d1546e388371a1db0d6cca37904c096f7ddc67e1baad47f15cda74c6994387a6780315ca27a3e390f2db1d1aa36df82e49af371250d28a29409c38f6ff051ce5112cbc1bfrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpython-base-2.7.18-lp152.3.21.1.src.rpmpython-base-32bitpython-base-32bit(x86-32)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    /bin/shlibbz2.so.1libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.2)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.15)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.2)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.7)libcrypt.so.1libcrypt.so.1(GLIBC_2.0)libm.so.6libm.so.6(GLIBC_2.0)libm.so.6(GLIBC_2.1)libnsl.so.2libnsl.so.2(LIBNSL_1.0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.1)libpthread.so.0(GLIBC_2.1.1)libpthread.so.0(GLIBC_2.2)libpython2.7.so.1.0libtirpc.so.3libtirpc.so.3(TIRPC_0.3.0)libz.so.1libz.so.1(ZLIB_1.2.0)python(abi)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.73.0.4-14.6.0-14.0-15.2-14.14.1aI@a'@a#aj@a`t`8`_T^J^@^@^>^>^;^8 @^.^g@^ @]f@]@]]]d@]d@]@]z@]V]y@]9]1]\t@\\7\7\\J@\J@\C@\2[[#@[6@[@[ @[Za@Z@ZxG@ZtRZp^@ZFusion Future Fusion Future Fusion Future Fusion Future Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Tomáš Chvátal Matej Cepl Matej Cepl Tomáš Chvátal Dominique Leuenberger Matej Cepl Matej Cepl Matej Cepl Matej Cepl Steve Kowalik Matej Cepl Matej Cepl Bernhard Wiedemann Matej Cepl Matej Cepl Tomáš Chvátal Matej Cepl Martin Liška Matej Cepl Matej Cepl Matej Cepl Matej Cepl mcepl@suse.commcepl@suse.commcepl@suse.comTodd R Tomáš Chvátal Matěj Cepl mcepl@suse.compsimons@suse.commcepl@suse.commichael@stroeder.commliska@suse.czpsimons@suse.comnormand@linux.vnet.ibm.comnormand@linux.vnet.ibm.comtchvatal@suse.comjmatejek@suse.comjmatejek@suse.commpluskal@suse.comvcizek@suse.comjmatejek@suse.comkukuk@suse.dejmatejek@suse.comjmatejek@suse.combwiedemann@suse.comjmatejek@suse.comjmatejek@suse.comjmatejek@suse.comjmatejek@suse.comjmatejek@suse.comrguenther@suse.comjmatejek@suse.comdimstar@opensuse.orgjmatejek@suse.commeissner@suse.comdmueller@suse.commichael@stroeder.comschwab@suse.deschwab@suse.dejmatejek@suse.comdmueller@suse.com- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch. - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). - Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211 (CVE-2020-26116, bpo#39603) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Such characters now raise ValueError.- Renamed patch for assigned CVE: * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch -> CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (boo#1189241, CVE-2021-3737)- Renamed patch for assigned CVE: * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch (boo#1189287, CVE-2021-3733) - Fix python-doc build (bpo#35293): * sphinx-update-removed-function.patch - Update documentation formatting for Sphinx 3.0 (bpo#40204).- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in request (bpo#43075, boo#1189287). - Add missing security announcement to bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch which fixes http client infinite line reading (DoS) after a http 100 (bpo#44022, boo#1189241).- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336).- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution.- (bsc#1180125) We really don't Require python-rpm-macros package. Unnecessary dependency.- Add patch configure_PYTHON_FOR_REGEN.patch which makes configure.ac to consider the correct version of PYTHON_FO_REGEN (bsc#1078326).- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).- Update to 2.7.18, final release of Python 2. Ever.: - Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben Caller. - Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators. - bsc#1155094 (CVE-2019-18348) Disallow control characters in hostnames in http.client. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host. - Fix problems identified by GCC's -Wstringop-truncation warning. - AddRefActCtx() was needlessly being checked for failure in PC/dl_nt.c. - Prevent failure of test_relative_path in test_py_compile on macOS Catalina. - Fixed possible leak in `PyArg_Parse` and similar functions for format units "es#" and "et#" when the macro `PY_SSIZE_T_CLEAN` is not defined. - Remove upstreamed patches: - CVE-2019-18348-CRLF_injection_via_host_part.patch - python-2.7.14-CVE-2017-1000158.patch - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch - CVE-2018-1061-DOS-via-regexp-difflib.patch - CVE-2019-10160-netloc-port-regression.patch - CVE-2019-16056-email-parse-addr.patch- Add CVE-2019-9674-zip-bomb.patch to improve documentation warning about dangers of zip-bombs and other security problems with zipfile library. (bsc#1162825 CVE-2019-9674)- Change to Requires: libpython%{so_version} == %{version}-%{release} to python-base to keep both packages always synchronized (add %{so_version}) (bsc#1162224).- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug "Python urrlib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)" (bsc#1162367)- Provide python-testsuite from devel subkg to ease py2->py3 dependencies- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch off tests coliding with the combination of modern Python and ancient OpenSSL on SLE-12.- libnsl is required only on more recent SLEs and openSUSE, older glibc supported NIS on its own.- Add provides in gdbm subpackage to provide dbm symbols. This allows us to use %%{python_module dbm} as a dependency and have it properly resolved for both python2 and python3- Drop appstream-glib BuildRequires and no longer call appstream-util validate-relax: eliminate a build cycle between as-glib and python. The only thing would would gain by calling as-uril is catching if upstream breaks the appdata.xml file in a future release. Considering py2 is dying, chances for a new release, let alone one breaking the xml file, are slim.- Unify packages among openSUSE:Factory and SLE versions. (bsc#1159035) ; add missing records to this changelog. - Add idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830)- Add python2_split_startup Provide to make it possible to conflict older packages by shared-python-startup.- Move /etc/pythonstart script to shared-python-startup package.- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes bsc#1149792- Add adapted-from-F00251-change-user-install-location.patch fixing pip/distutils to install into /usr/local.- Update to 2.7.17: - a bug fix release in the Python 2.7.x series. It is expected to be the penultimate release for Python 2.7. - Removed patches included upstream: - CVE-2018-20852-cookie-domain-check.patch - CVE-2019-16935-xmlrpc-doc-server_title.patch - CVE-2019-9636-netloc-no-decompose-characters.patch - CVE-2019-9947-no-ctrl-char-http.patch - CVE-2019-9948-avoid_local-file.patch - python-2.7.14-CVE-2018-1000030-1.patch - python-2.7.14-CVE-2018-1000030-2.patch - Renamed remove-static-libpython.diff and python-bsddb6.diff to remove-static-libpython.patch and python-bsddb6.patch to unify filenames.- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in python/Lib/DocXMLRPCServer.py- Add bpo36302-sort-module-sources.patch (boo#1041090)- Add CVE-2019-16056-email-parse-addr.patch fixing the email module wrongly parses email addresses [bsc#1149955, CVE-2019-16056]- boo#1141853 (CVE-2018-20852) add CVE-2018-20852-cookie-domain-check.patch fixing http.cookiejar.DefaultPolicy.domain_return_ok which did not correctly validate the domain: it could be tricked into sending cookies to the wrong server.- Skip test_urllib2_localnet that randomly fails in OBS- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) Upstream gh#python/cpython#13812- Set _lto_cflags to nil as it will prevent to propage LTO for Python modules that are built in a separate package.- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised.- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch removing unnecessary (and potentially harmful) URL scheme local-file://.- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised (CVE-2019-9636). Upstream commits e37ef41 and 507bd8c.- (bsc#1111793) Update to 2.7.16: * bugfix-only release: complete list of changes on https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch which are fully included in the tarball. * Updated patches to apply cleanly: CVE-2019-5010-null-defer-x509-cert-DOS.patch bpo36160-init-sysconfig_vars.patch do-not-use-non-ascii-in-test_ssl.patch openssl-111-middlebox-compat.patch openssl-111-ssl_options.patch python-2.5.1-sqlite.patch python-2.6-gettext-plurals.patch python-2.7-dirs.patch python-2.7.2-fix_date_time_compiler.patch python-2.7.4-canonicalize2.patch python-2.7.5-multilib.patch python-2.7.9-ssl_ca_path.patch python-bsddb6.diff remove-static-libpython.patch * Update python-2.7.5-multilib.patch to pass with new platlib regime.- bsc#1109847 (CVE-2018-14647): add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo-34623.- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance of PyWeakReference struct and does not intialize wr_prev and wr_next of new isntance. These pointers can have garbage and point to random memory locations. Python should not crash while destroying the isntance created in the same interpreter function. As per my understanding, both wr_prev and wr_next of PyWeakReference instance should be initialized to NULL to avoid segfault.- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746 (CVE-2019-5010). An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.- Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros.- Add patch openssl-111.patch to work with openssl-1.1.1 (bsc#1113755)- Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802]- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS (CVE-2018-1061). Prior to this patch mail server's timestamp was susceptible to catastrophic backtracking on long evil response from the server. Also, it was susceptible to catastrophic backtracking, which was a potential DOS vector. [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]- Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this check, attackers could cause a denial of service (divide-by-zero error and application crash) via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207]- Apply "python-sorted_tar.patch" (bsc#1086001, boo#1081750) sort tarfile output directory listing- update to 2.7.15 * dozens of bugfixes, see NEWS for details - removed obsolete patches: * python-ncurses-6.0-accessors.patch * python-fix-shebang.patch * gcc8-miscompilation-fix.patch - add patch from upstream: * do-not-use-non-ascii-in-test_ssl.patch- Add gcc8-miscompilation-fix.patch (boo#1084650).- Apply "python-2.7.14-CVE-2017-1000158.patch" to prevent integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution. [bsc#1068664, CVE-2017-1000158]- exclude test_socket & test_subprocess for PowerPC boo#1078485 (same ref as previous change)- Add python-skip_random_failing_tests.patch bypass boo#1078485 and exclude many tests for PowerPC- Add patch python-fix-shebang.patch to fix bsc#1078326- exclude test_regrtest for s390, where it does not segfault as it should (fixes bsc#1073269) - fix segfault while creating weakref - bsc#1073748, bpo#29347 (this is actually fixed by the 2.7.14 update; mentioning this for purposes of bugfix tracking)- update to 2.7.14 * dozens of bugfixes, see NEWS for details * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664) * fixed segfaults with dict mutated during search * fixed possible free-after-use problems with buffer objects with custom indexing * fixed urllib.splithost to correctly parse fragments (bpo-30500) - drop upstreamed python-2.7.13-overflow_check.patch - drop unneeded python-2.7.12-makeopcode.patch - drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch - Apply "python-2.7.14-CVE-2018-1000030-1.patch" and "python-2.7.14-CVE-2018-1000030-2.patch" to remedy a bug that would crash the Python interpreter when multiple threads used the same I/O stream concurrently. This issue is not classified as a security vulnerability due to the fact that an attacker must be able to run code, however in some situations -- such as function as a service -- this vulnerability can potentially be used by an attacker to violate a trust boundary. [bsc#1079300, CVE-2018-1000030]- Call python2 instead of python in macros- Fix test broken with OpenSSL 1.1 (bsc#1042670) * add 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch- drop SUSE_ASNEEDED=0 as it is not needed anymore- Add libnsl-devel build requires for glibc obsoleting libnsl- obsolete/provide python-argparse and provide python2-argparse, because the argparse module is available from python 2.7 up- SLE package update (bsc#1027282) - refresh python-2.7.5-multilib.patch - dropped upstreamed patches: python-fix-short-dh.patch python-2.7.7-mhlib-linkcount.patch python-2.7-urllib2-localnet-ssl.patch CVE-2016-0772-smtplib-starttls.patch CVE-2016-5699-http-header-injection.patch CVE-2016-5636-zipimporter-overflow.patch python-2.7-httpoxy.patch - Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1. (dimstar@opensuse.org)- Add reproducible.patch to allow reproducible builds of various python packages like python-amqp Upstream: https://github.com/python/cpython/pull/296- update to 2.7.13 * dozens of bugfixes, see NEWS for details * updated cipher lists for openssl wrapper, support openssl >= 1.1.0 * properly fix HTTPoxy (CVE-2016-1000110) * profile-opt build now applies PGO to modules as well - update python-2.7.10-overflow_check.patch with python-2.7.13-overflow_check.patch, incorporating upstream changes (bnc#964182) - add "-fwrapv" to optflags explicitly because upstream code still relies on it in many places- provide python2-* symbols, for support of new packages built as python2-foo - rename macros.python to macros.python2 accordingly - require python-rpm-macros package, drop macro definitions from macros.python2- initial packaging of `python27` side-by-side variant (fate#321075, bsc#997436) - renamed `python` to `python27` in package names and requires - removed Provides and Obsoletes clauses - dropped SLE12-only patch python-2.7.9-sles-disable-verification-by-default.patch, companion sle_tls_checks_policy.py file and the python-strict-tls-checks subpackage - dropped profile files - removed /usr/bin/python and /usr/bin/python2, along with other unversioned aliases - rewrote macros file to enable stand-alone packages depending on py2.7 - re-included downloaded version of HTML documentation- update to 2.7.12 * dozens of bugfixes, see NEWS for details * fixes multiple security issues: CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) CVE-2016-5636 zipimporter heap overflow (bsc#985177) CVE-2016-5699 httplib header injection (bsc#985348) (this one is actually fixed since 2.7.10) - removed upstreamed python-2.7.7-mhlib-linkcount.patch - refreshed multilib patch - python-2.7.12-makeopcode.patch - run newly-built python interpreter to make opcodes, in order not to require pre-built python - update LD_LIBRARY_PATH to use $PWD instead of "." because the test process escapes to its own directory - modify shebang-fixing scriptlet to ignore makeopcodetargets.py- CVE-2016-0772-smtplib-starttls.patch: smtplib vulnerability opens startTLS stripping attack (CVE-2016-0772, bsc#984751) - CVE-2016-5636-zipimporter-overflow.patch: heap overflow when importing malformed zip files (CVE-2016-5636, bsc#985177) - CVE-2016-5699-http-header-injection.patch: incorrect validation of HTTP headers allow header injection (CVE-2016-5699, bsc#985348) - python-2.7-httpoxy.patch: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (CVE-2016-1000110, bsc#989523)- Add python-2.7.10-overflow_check.patch to fix broken overflow checks. [bnc#964182]- copy strict-tls-checks subpackage from SLE to retain future compatibility (not built in openSUSE) - do this properly to fix bnc#945401 - update SLE check to exclude Leap which also has version 1315, just to be sure- Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1.- add missing ssl.pyc and ssl.pyo to package - implement python-strict-tls-checks subpackage * when present, Python will perform TLS certificate checking by default. it is possible to remove the package to turn off the checks for compatibility with legacy scripts. * as discussed in fate#318300 * this is not built for openSUSE, but retained here in case we want to build the package for a SLE system- python-fix-short-dh.patch: Bump DH parameters to 2048 bit to fix logjam security issue. bsc#935856- add __python2 compatibility macro (used by Fedora) (fate#318838)- update to 2.7.10 - removed obsolete python-2.7-urllib2-localnet-ssl.patch- Reenable test_posix on aarch64- python-2.7.4-aarch64.patch: Remove obsolete patch - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64- update to 2.7.9 * contains full backport of ssl module from Python 3.4 (PEP466) * HTTPS certificate validation enabled by default (PEP476) * SSLv3 disabled by default (bnc#901715) * backported ensurepip module (PEP477) * fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 * dozens of minor bugfixes - dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch - dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it with ssl module from Python 3 - libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well - python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional "import ssl" from test_urllib2_localnet that caused it to fail without ssl- skip test_thread in qemu_linux_user mode/bin/sh  !"#$%&'()*+,-./0123456789:;<=2.7.18-lp152.3.21.12.7.18-lp152.3.21.1python2.7lib-dynload_bisect.so_codecs_cn.so_codecs_hk.so_codecs_iso2022.so_codecs_jp.so_codecs_kr.so_codecs_tw.so_collections.so_csv.so_ctypes.so_ctypes_test.so_elementtree.so_functools.so_heapq.so_hotshot.so_io.so_json.so_locale.so_lsprof.so_md5.so_multibytecodec.so_multiprocessing.so_random.so_sha.so_sha256.so_sha512.so_socket.so_struct.so_testcapi.soarray.soaudioop.sobinascii.sobz2.socPickle.socStringIO.socmath.socrypt.sodatetime.sodl.sofcntl.sofuture_builtins.sogrp.soitertools.solinuxaudiodev.somath.sommap.sonis.sooperator.soossaudiodev.soparser.soresource.soselect.sospwd.sostrop.sosyslog.sotermios.sotime.sounicodedata.sozlib.so/usr/lib//usr/lib/python2.7//usr/lib/python2.7/lib-dynload/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:17077/openSUSE_Leap_15.2_Update/101b06c9c9aec0555f3476fdda47349d-python-base.openSUSE_Leap_15.2_Updatedrpmxz5x86_64-suse-linux  !"#$%&'()*+,-./0123456789:;directoryELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=4c5b1a09470f5fa4d4640e95f390b3632f8faa12, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=3d35c1c13de875462ee48045021fccbb5d9c7ec3, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=eb342ed9822c81e913f759c42b9c0fc3aa86139f, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=f4e4c5166f1d137eaf5b32c53d47b167645ba726, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=4773c8522c6190726361a3b5f8bbbfc0259e25c3, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=b580553c54fde758ba5501574729f53681251f67, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=45680de81926364d3527231653a291736763bb44, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=08c85cdb7010d959843f6a69bd3875a8bfe8a730, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=b80b74eac40b7808aab94768592f108d3fe5c59e, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=d231d3111a323478bd1859fbcd87d4ac2aa5f8d3, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=61744334525708da69cf26d29f82dc52ad43a1aa, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=9e74b20833ada86c9c651430b53a052fb4ed666e, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=b959b810a3dc21298509538e86c076d4a2376150, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=f91618f665220d3d1efe1b075088a6f3603066d6, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=064eb2ebd3279f0db371e6b7a5d230231bdd7a71, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=5dc5b8082828a96570444b6512f2622084b62f9b, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=fad24362f1cc3fc7b65176e5a4b7c84be2577661, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=559874cd8fa66da49dbc782d65a3172fc7c25fc4, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=afffbe3241383b47da4433aa2aa8f782ce2fbad2, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=fb44242684ba73dd6665ce0ffe6d2baa43bccdba, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=fc2821feec8f0e06b9cd87be604590e23d4935c3, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=f6a354868dbf62f467d55a5dec06b95609a0c4a5, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=1060b17e7e1997bc213308419f2bd387fa1ff1c3, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=04d82ce66e6031df20fd3a6c248c1086b218a137, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=34c61846aec394c0fd361d22d19f11377790c729, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=9d51ab3ca3ffaa25fcfd7e64c2028f5b9e68de08, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=4081aba398338c2d0fc59db1007e3c708626d126, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=3bc64fde51f5895a161b3272f40b5b06666f7470, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=65030c1815c267144f297d091ad040518a358eb8, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=6688ef7eee8d9b2aa3d17dc4089e70948eab0d17, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=1f1cc3ece5b44e2885416076bd903e03ac1e3ee4, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=9db2f27152866cea444a0c1621ee19ccf97f7aaa, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=63646db8d726efaa8f91d631d9987407acf82058, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=affdf280b91f7e3692d09c117fb45ded6e19c170, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=c51eb3bab1257812b537ee4836dc6d27cb8a3838, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=5b3ae3a26714d06927775c6d296907c952b7577c, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=0334b437d83e8763117f634e9948f1f3102dacb7, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=52a94761420a894175e85c75b06bfa4d5326bd9b, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=f8bcf000ba20621e3d128e9fcbf24551bd244ea1, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=9d3d6b2b6b179df2dc29378de8aa91c42ed72ba3, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=10716feca5de43f83f96e6c6fc91fad96dbc564b, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=36fa73daa159dbf0c0c2ee55d74ac285df77454f, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=30bcda95a8d20c12596f49585cb8503cfac764fb, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=5b7825a3f02e5d09bbcad6dfd1d027c4e9bbe457, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=2f6bdbcf7b39fcb882f26bec22a4889f16eecd2d, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=b5cc69d719aec9a959f53c48499204598e088352, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=a8bf431260b804fb5957fafd57d375f350c88a2a, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=80744a496730262a2594c4059c3be8dd3ee11192, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=1eab16822e87a2fbba84c0dbb4087263a04b7b54, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=c9c7431712af118d1968c96500c2d79e8080df36, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=5d42725eef81f28010fcee49d6ec3e39f2ae96bf, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=8d8358bd6cab763c0330b70d33186d0a942d88d3, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=c609f4082590c130693db273441e47d7b3db4671, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=de416e8b3ee310e5559435b1737689fc2dc64a0b, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=2a76948201d0f4ce72a7002366fc965648095843, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=7ec911ae286cbb5eea961e785992abc64eee4048, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=87f9b50aeae08f3a67e328be44614e209d83c18e, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=cfa8b5e982ad65c18516024b3acee219ab7d1ae3, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=17cb91984e6c7982047745298b1f801baf584625, stripped%-5=DNV^ekt %-8>GMT[epz                RRR RRRRR RR RRRRRR RR RRRRRRR RRRRRR RR RRRRRR RR RRRRRR RR RRRRRR RR RRRRRRR RRRRRR RR RRRRRRRRR RR RRRRR RR RRRRRRRR RRRRRR RRRRR RR RRRRRRRRRRRR RRRRRRR RRRRRR RRR RRRRRRR RRRRRRR RRRRRRR RRRRRRR RRRRRRRRRRR RRRRRRR RRRRRRR RRRRRRR RRRRRRRR RRR RRRRRRRR RR RRRRRR RRR RRRRRRR RR RRRRRRR RRRRRR RRR RRRRRRR RRRRRRRRR RRRRRRRR RRRRRRRR RRRRRRRRRRR RRRRRRRR RR RRRRRRRR RRRRRR RRR RRRRRR RRRRRR RRRRRRRR RRRRR RRR RRRRRRRRR RRRRRRRRRRRRR RRRRRRRR RRRRRRRRRRR RRRRR R RRR RRRRRRRRR RRRRRRRRRR RRRRRRR RRR RRRRRRR RRRRRRRR RR RRRRRR RRRRRRRR RRRRRRRRR RRRRRRR RRR RRRRRRR RRRRRutf-8c23a49bb418778c0268b90d79a930355ab357b9809920a2b51551e3811859f15? 7zXZ !t/ F]"k%a C4ntf" 4Asޟ NNCS-n5=JW_q#8ȎIh!iM@/n0Vs;u"کJdbxp@3u+ P!_83 Ɛ,Q2w?m/Y3ydҗ]= e5Fx:" W!-LHACJ'h۷f|c0*:B .5TFAeFUo t_N&oֳo\?)|F^7TCGcH~A<]&M}W>#Uݍr# Ph$8 BINغpoMyPmudP89veŶgd&ɂ*H8n:4EbLɴCl;Q` XFjIEKl[kj, YrRkw)wsOn燅ȞcqYK9ԑ׿hewLFERb PN`(Wx}"`nMJpZء9:O_R]!s^+rmmӏ#ECup/JEi+H87ao[ٯ]7y{]hr%dn< AŕSAcF}*&_'ꣵ$Pi4^˒i-VO]cdϵgU.p=2O#+OAZJ7O~3׍'Lk>fIuQ= LoJuOX'EC$Ү;v-YQ#Z>?Q!NTݺ9|> ZYSI@ȕrp6 A8v@QU!ysł^6{fʸ U ]:nh,z8[chR fBX!lhQı_aĩ[2FԶ86v[艙sY հɌε0pP>ؗgeFY9𞝐(Ttڸf=ێ\ho-pug]xB^b0}!&WQp&x"ʧj;EV5% iLNn_3n؂: Of C֥gC~7R2u]lb/tn$7FkrJKfxL m# K^FsaJ@hңwFw4-㜅"Q-)ϴȃ?vPSp2Ʀy4XcFRz oـar'5i.Y Z5vJaV3hlrAi J^hgSp| `bAv&Nk "O>_.ߧӛ8-02mr|eZ9lkbVu&T>l_҆*.b2@R.ƿR}I^CLLc%2\ZvP:!S\49Fg!@o3