python-2.7.17-lp151.10.29.1<>,|_wu/=„Ơ]uutܙݽ=Wior<l R/.xHۺT%]EXU>]1'Bs);1:MRY ޞLԑ{xnc_ eD]WdGǃ,xxύVgO[mx*UBOփ.esZ$$:VA-vQfEX] I+kguAqfrXCD?4d   1   &0    \ .u /1t4q7n79:8:<(=8=(E9><E:DE>0@?BNFGHIhXYZP[`\d]^ b cdLeQfTlVulv w,xyz0Cpython2.7.17lp151.10.29.1Python InterpreterPython is an interpreted, object-oriented programming language, and is often compared to Tcl, Perl, Scheme, or Java. You can find an overview of Python in the documentation and tutorials included in the python-doc (HTML) or python-doc-pdf (PDF) packages. If you want to install third party modules using distutils, you need to install python-devel package._wuobs-arm-9openSUSE Leap 15.1openSUSEPython-2.0http://bugs.opensuse.orgDevelopment/Languages/Pythonhttp://www.python.org/linuxaarch64>t00 PP,CII-&22x__K [[L ``=IPPFF;&M"M"66U c c"R"RK#WW g g g-77;-- ""& w w D D `**@@  "/mmOD==BB>$;;>h%> v n -8<<7&& <JAJA:OO;`X`X~7~71*AA큤A큤A큤A큤A큤A큤_wP_wP__wD_wD__wD_wD__wD_wD__wD_wD__wD_wD__wD_wJ__wD_wD_wP__wD_wD__wD_wD__wD_wD__wD_wD__wD_wD__wD_wD__wD_wD__wD_wD__wD_wD__wD_wD__wD_wD__wD_wD__wD_wD__wE_wE__wE_wE__wE_wE__wE_wE__wE_wE__wE_wE__wE_wE__wE_wE__wE_wE__wE_wE__wE_wE__wE_wE_wT_wT_wT_wT_wT_wT_wP__wG_wG__wG_wG__wG_wG_wP__wG_wG__wG_wL__wG_wG__wG_wG__wG_wG__wG_wG__wG_wG__wG_wG__wG_wG__wG_wG__wG_wG_wS_wR_wR_wRfd6c6e5b098ade0aa1b123b2963e56728eb3619754881baff7fb10fb165becdbe19cc5a2915f33bc71b5e258dae1e2f97312a0123b63f5742f54535425c08d33e19cc5a2915f33bc71b5e258dae1e2f97312a0123b63f5742f54535425c08d33abd3f646419f3a33f64814342bb894047bfda3ec695286aa2b07e340700f733fe55fd718878aac44efae82c22b6394e16ad724b8d35eec82551606996a02dd7fe55fd718878aac44efae82c22b6394e16ad724b8d35eec82551606996a02dd7ffa3f60506840cc9f608d660fcd6265dbb22b53362a4bfdd98cd9c988769273089d97c32bfde6add08753fa5794d432f864bbfc58c524ef19e53aabe410e00af29d97c32bfde6add08753fa5794d432f864bbfc58c524ef19e53aabe410e00af2046a34799e33a47832a21f34ded777c64616710f52cc75e7116796442c05cd437692cc2d44e08a8ae39d46782908eef1794eba831d2e164f04eb16a5c591de917692cc2d44e08a8ae39d46782908eef1794eba831d2e164f04eb16a5c591de91228a008dd77f0bfe90718c9577fab61ef96b7adb4e608c5492385cea0c206e2d47fb6c0d6c3c5cf14dedec5d879f415bf8d17ab11c8ae91bcea250dc9a074c3b47fb6c0d6c3c5cf14dedec5d879f415bf8d17ab11c8ae91bcea250dc9a074c3bb708a282a1e9d211cccbdcc194ec3c6f8894a7e9ae003806b933f2c0cbde5f23a1a91b8de9c3758cbfca62359ba3791e85f4c8e05bbbef5a6d278177757b8b74befc5f8dc95a1b363aefd59731663155b8b8a966570b295563095850d4503b07af71194b97feb43ce6583f4f2fe8f894d8df89b2565bff32daecc7c42f7b0eefb91bc40c99d5ae45dd87c990508237da8945e72924f573e181b84d94a5cf8b9db91bc40c99d5ae45dd87c990508237da8945e72924f573e181b84d94a5cf8b9de3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b8552b0a1c28c707ac39840ea21c088dbf6e856d9218d3a97d745ab66c78f8824b122b0a1c28c707ac39840ea21c088dbf6e856d9218d3a97d745ab66c78f8824b12df8c414bcf1679eec7aa0bff235cdf98829730da9b75ad50baa432b7ee87d2e46321d67c15953e95f97aae71c9937cde2792438856df84b4438b1ba4bbfa5c266321d67c15953e95f97aae71c9937cde2792438856df84b4438b1ba4bbfa5c26b379c1e0ea1bc3db50745e3700fbd617b58424ce07f96dae45ab79ddc56d7b3078eb367efc29bc7f224f730a3698242c5b396f9ba2812a298b960acafa3967c078eb367efc29bc7f224f730a3698242c5b396f9ba2812a298b960acafa3967c07b22ab3d374af60bb0eb9693c736e502b0e530263916c416611fe5ee8790e3cc73146cfc90121174598ca8e9a10e5e49e3e624a5c6136fa904f59edd12e3519d73146cfc90121174598ca8e9a10e5e49e3e624a5c6136fa904f59edd12e3519d2b29f5758fb7a2b3e876794c563b53aaebb88529ea40c6374975be54f83237b825fce7062b781e8e30090c43ea1fca620bcd895b4a4e380daf1edeb52ac12d2625fce7062b781e8e30090c43ea1fca620bcd895b4a4e380daf1edeb52ac12d26cc530147bfd552b8ea9c2613f7956de578196a3129b01d73ff50925094af826b301e2418ad641d954941a5572e2ce54140137a38b46e2d8c824df901a3fdbc30301e2418ad641d954941a5572e2ce54140137a38b46e2d8c824df901a3fdbc3089bbcb75081406a2dd0d728e09138a21f469634cf7aef1e5c55f2779a9a6b76396fac98f39e4412ba7123e33d798a38b2d9ccc3e96686931d1a2ee838c5d1e9896fac98f39e4412ba7123e33d798a38b2d9ccc3e96686931d1a2ee838c5d1e9808cca8469491cfead102a6bef69be1afab7529e129001a4ffb31433766a4335d81ed41b1c0ce714f24959ea964bccaf6cc62fc59a6db8fd227e51840199c00a081ed41b1c0ce714f24959ea964bccaf6cc62fc59a6db8fd227e51840199c00a03f207cd262365b5c64246a76caf4fe319255eb83493a0985976607440c2c19e58551723ad9863eb5bc3bc5c232465b79f8652196c54f88a6a0f6439bddb09a178551723ad9863eb5bc3bc5c232465b79f8652196c54f88a6a0f6439bddb09a17ef974db90bc549f14427a792ccfd7c6bdade19f281a679e2197cb18f3b13a8115a20c25bc8d9f300491cdad6a2018d5b21c0a8f22f17bfcc726e7302937099b95a20c25bc8d9f300491cdad6a2018d5b21c0a8f22f17bfcc726e7302937099b9c6ddc76661905a142bb489e72a19bb3c4ec045b4193656518acd4430f8ecbbdc04245e5fed6c41cc6b888bb0ea849e412bed48245c56297cd853d6851812e4d104245e5fed6c41cc6b888bb0ea849e412bed48245c56297cd853d6851812e4d14e721a412fd4561c75485a1c4cf11262aa5d82bc68bd5d984629b62b398221d40f108396b0ee810737ad883c9113465f51964b364afeab43d3819e5ef2d7f3120f108396b0ee810737ad883c9113465f51964b364afeab43d3819e5ef2d7f312c622e4e53e332adaeb9a9ecd06f109c319be5146eb7de4b95c8bedc72cd819facb36a1c1d26a3d7af043e9779c7f572f2f88b057138111e6cb21c568cbe5f429cb36a1c1d26a3d7af043e9779c7f572f2f88b057138111e6cb21c568cbe5f42983f7d09faa6a85a2cfe48f30e75252019da7356c97f5ff8a50a3db246c55dcff6cd2fce9d77572dabfa4e0733298729ce46816bba084f27b8713b75d1973297f6cd2fce9d77572dabfa4e0733298729ce46816bba084f27b8713b75d1973297f832dd1a240df8ab4bb34d8f2597591f614a5312faa4a867e287ad4c7bf299808b8eb318353904dfa5d930894f7e1f16793cde0061167aa203d5a0425c8cab504b8eb318353904dfa5d930894f7e1f16793cde0061167aa203d5a0425c8cab5046ff2b127c2698dc1384dedb8b99c70d305bf7511cd9a51be1a98c8c97fd23d69d2df9c613a413d11626a76b6b59c8e302d2febea9afe4042efbf673b67399a8dd2df9c613a413d11626a76b6b59c8e302d2febea9afe4042efbf673b67399a8d1c57c2ca2176e7d7b88e983a86cc904d22f480ccf5f124a213728b51a961e9432d2e191152e278978cddba8d6ba557fedce103139c19eeaf90923078e749a5e42d2e191152e278978cddba8d6ba557fedce103139c19eeaf90923078e749a5e420a74746b7619ff8dc09a2538bef118bfcf001908524d77d9dc8d831a19f03c99ef9b75da4c1dc07f8f0e84e25dff8a7561396afb99d8f72d80e25401d63c01b9ef9b75da4c1dc07f8f0e84e25dff8a7561396afb99d8f72d80e25401d63c01b99be4f02902c038f1558b7cb9524bc4b42a6564fa6616f070b718b905ddfe62d7a042bc99e85608430b352e77443ff8d5c018aa154b6ff7db986ec62205d0c0d7a042bc99e85608430b352e77443ff8d5c018aa154b6ff7db986ec62205d0c0d65f3f64e35c9db4f85672bf2193f645ab2ea2d3649bb28eba5d83e6a3f804d4f608351f2e4d3554fba46cb2d81468fd7271ab2e49cc372c0140b4a49ed905512608351f2e4d3554fba46cb2d81468fd7271ab2e49cc372c0140b4a49ed9055125915ab9ffdfa1e5299c7512175011a7ced2bc924970de1eee645bc3943c482a07472a7a01af964d59ae89dd279ec919749dcff33f782c3a0e4d4aebe1fc8b4ce7472a7a01af964d59ae89dd279ec919749dcff33f782c3a0e4d4aebe1fc8b4cecb65b79ad7a67f67fc49cd170648d9e2a4dd7cd72cf4a013a032f680bc2cb738bb20214468c3efb4ac5f29bc930cbb7a21bf7687079ea089a698493ce17e9736bb20214468c3efb4ac5f29bc930cbb7a21bf7687079ea089a698493ce17e9736f97b0df5f745f51f764634e3c0965295f2d1643d12ad8a94ba0e1a32301d390f9e98294497efc006125e40aa19f803a78ae0d1da0481b8e3a798dc1a63a3db729e98294497efc006125e40aa19f803a78ae0d1da0481b8e3a798dc1a63a3db724f05568dd9fa927ef7f6e7b0189567e3d46b8a70a6f9eedee80d2eeab7fda7cefe56cbe47eca6a6fe03611323784980f738b0edf342c99abfc97df8273ce50f6fe56cbe47eca6a6fe03611323784980f738b0edf342c99abfc97df8273ce50f6e3850d1a493b6b958e2bd9f66ec8b62a0d72ebb7c3eafcb83cfddf4faf920dd24a72fdfbddaedd36ef97193bcb661d4cb663d3491611ed89bd58102b19ba4d774a72fdfbddaedd36ef97193bcb661d4cb663d3491611ed89bd58102b19ba4d770d9775882c273a7572e741a7d4bda86dbde6df45a734af3e00144924640d1a3640ba238548fd1de5707804f37dfe54aef9ffa7d532e580db1a6f0872bdb29f82461193c08e9b5f9bee2195590869336a38dee800ca01e6600ee55a71432d025b51359c3c33dcfdcf6e249654c8f7983624878d4873b5806a6b1b17f49022cc654bf0c08bd089446c4beea6487c1c3e49e600540aba0e73a9ac9d69b1204e26aaa57e80b8a0d16549b7a466ef3585bc8f13c1983dcf13845b22be1a748be3a0e61ef9259c978a492715d1345938b07aa16727af40293eace64c86e78f5471b7e31ef9259c978a492715d1345938b07aa16727af40293eace64c86e78f5471b7e35186810c169e033eae41c2010a89c982276999b94f1d4cebc5b9267f8e97ab7038a20b24e3ce95580743218405b5d2827e90dfa117441686a47b9ebfaaa00b0c38a20b24e3ce95580743218405b5d2827e90dfa117441686a47b9ebfaaa00b0c4268c68294b00b82adc2dba7e600310cb45c468e5780aff2455eb8103d21d282301697000866b3e37ca57715636676d5c81c701e8d152ca167d4d0f0fd3e3b7a301697000866b3e37ca57715636676d5c81c701e8d152ca167d4d0f0fd3e3b7ae3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855423e4265686888050e0e61c84efd4cd0370a54d228b3e2ebbdf925dc56a6ba6e423e4265686888050e0e61c84efd4cd0370a54d228b3e2ebbdf925dc56a6ba6e47532d524864d6ad2aa109f05f7bf77b68d48772fe421efb29605e23bad8ddc06f7e8969c41a8d372152f47c6d04961df278334f2502d0e70b7a742eae5716d6fc96ff1eb8737fb368002f8fdcfbd9d41d95923e2dfbbee19a408f21b42f089eb86371d3fc23f7b32d2c4fd4728e91ad1dc0fa95f253ee27fad4ba9025cd8a9f56712ba745c54b33231213df00e7e50734f9cb75b7cc424790b213eaf6a222c156712ba745c54b33231213df00e7e50734f9cb75b7cc424790b213eaf6a222c137b4cb47babf65937b399f9dbc7fca98c3bf0528f3f0de63e3774c4326bf78750a02e17192ebf4d68eb64626dfadb663e625a1bd6a28eff5353d130767f2c80e0a02e17192ebf4d68eb64626dfadb663e625a1bd6a28eff5353d130767f2c80e7d9827fec848c29932e32465e761271475a0edca1ea0b4f2961e6d4521c632f3eeea0931a92e29f1432d23208f5b8c6524d6690cbf092999f50b72ed59414778eeea0931a92e29f1432d23208f5b8c6524d6690cbf092999f50b72ed59414778e10c9954f20298e5ba4d7a6628b9df60f8ae907e9a7336293330f2fbdc81e1376c089ede8e0b4ff63914e92bf8539e50ca7239ebe876debf63cd6f5de89f88196c089ede8e0b4ff63914e92bf8539e50ca7239ebe876debf63cd6f5de89f881900b137ea0cd5d5bced4ad9b4c0665a83efc3b3039756eb11dce285a65fd23b0f61c3adb336b027bdd5958c63be3f91d05600fea2e438200b762796e09cee923f61c3adb336b027bdd5958c63be3f91d05600fea2e438200b762796e09cee923f7e90a937b6d21b59029d2b66b1276eed2451d5f5bdd115aa9b16175b581be43a64bfdc97f86de7e9c11e7877a7e127a2f7634bdc0f0ebf257c7fc74ee740fcf964bfdc97f86de7e9c11e7877a7e127a2f7634bdc0f0ebf257c7fc74ee740fcf916da7063b627f6ba101642ee6a3e8814fa88b3ab1912bad182e72caf48e85d8732f7c14086a992d3de6bf0013bb5878ab9770999c30c384e39a293b7673a362d32f7c14086a992d3de6bf0013bb5878ab9770999c30c384e39a293b7673a362d1ae0959ef8161b6a63e22dd21b776af8a6c040135d4c7d3bc721dacb5c99d6c43d3ae53418d248504e5abb3345ee4a25991bda36fa3f2c5faeb734f9a51e01753d3ae53418d248504e5abb3345ee4a25991bda36fa3f2c5faeb734f9a51e01751b5ea00f59beda20d18f7c4b11155adfcd15e52454ecf0e2f1ae2b4222b4943d013949bec27599651686b3149f8a629aac90ae7dad7eaf87c8caf1e59bcb96bb013949bec27599651686b3149f8a629aac90ae7dad7eaf87c8caf1e59bcb96bba77d71d6be6f9032e6b6e5d2cf6da68f9eeab9036edfbc043633c8979cd5e82c0fd1efe7c35f58f51ba92201a4938e3dc88407b3f91f7b835c288bcfb5154abbc1649ee90f8535de061b77e5db7a60bdd33daa50c5fbd48f54123fd1c2127854rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpython-2.7.17-lp151.10.29.1.src.rpmpythonpythonpython(aarch-64)python2python2_split_startup@@@@@@@@@@@@@@@     /sbin/ldconfig/sbin/ldconfigld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libdb-4.8.so()(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.17)(64bit)libpython2.7.so.1.0()(64bit)libreadline.so.7()(64bit)libsqlite3.so.0()(64bit)libssl.so.1.1()(64bit)libssl.so.1.1(OPENSSL_1_1_0)(64bit)python(abi)python-baserpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PartialHardlinkSets)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.72.7.173.0.4-14.6.0-14.0.4-14.0-15.2-14.14.1___@^@^>^>^;^8 @^.^g@^ @]f@]@]]]d@]d@]@]z@]V]y@]9]1]\t@\\7\7\\J@\J@\C@\2[[#@[6@[@[ @[Za@Z@ZxG@ZtRZp^@ZSteve Kowalik Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Tomáš Chvátal Matej Cepl Matej Cepl Tomáš Chvátal Dominique Leuenberger Matej Cepl Matej Cepl Matej Cepl Matej Cepl Steve Kowalik Matej Cepl Matej Cepl Bernhard Wiedemann Matej Cepl Matej Cepl Tomáš Chvátal Matej Cepl Martin Liška Matej Cepl Matej Cepl Matej Cepl Matej Cepl mcepl@suse.commcepl@suse.commcepl@suse.comTodd R Tomáš Chvátal Matěj Cepl mcepl@suse.compsimons@suse.commcepl@suse.commichael@stroeder.commliska@suse.czpsimons@suse.comnormand@linux.vnet.ibm.comnormand@linux.vnet.ibm.comtchvatal@suse.comjmatejek@suse.comjmatejek@suse.commpluskal@suse.comvcizek@suse.comjmatejek@suse.comkukuk@suse.dejmatejek@suse.comjmatejek@suse.combwiedemann@suse.comjmatejek@suse.comjmatejek@suse.comjmatejek@suse.comjmatejek@suse.comjmatejek@suse.comrguenther@suse.comjmatejek@suse.comdimstar@opensuse.orgjmatejek@suse.commeissner@suse.comdmueller@suse.commichael@stroeder.comschwab@suse.deschwab@suse.dejmatejek@suse.comdmueller@suse.com- Replace bundled wheels for pip and setuptools with the updated ones (bsc#1176262 CVE-2019-20916).- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211 (CVE-2020-26116, bpo#39603) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Such characters now raise ValueError.- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch.- Add CVE-2019-18348-CRLF_injection_via_host_part.patch to disallow control characters in hostnames in httplib, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094)- Add CVE-2019-9674-zip-bomb.patch to improve documentation warning about dangers of zip-bombs and other security problems with zipfile library. (bsc#1162825 CVE-2019-9674)- Change to Requires: libpython%{so_version} == %{version}-%{release} to python-base to keep both packages always synchronized (add %{so_version}) (bsc#1162224).- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug "Python urrlib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)" (bsc#1162367)- Provide python-testsuite from devel subkg to ease py2->py3 dependencies- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch off tests coliding with the combination of modern Python and ancient OpenSSL on SLE-12.- libnsl is required only on more recent SLEs and openSUSE, older glibc supported NIS on its own.- Add provides in gdbm subpackage to provide dbm symbols. This allows us to use %%{python_module dbm} as a dependency and have it properly resolved for both python2 and python3- Drop appstream-glib BuildRequires and no longer call appstream-util validate-relax: eliminate a build cycle between as-glib and python. The only thing would would gain by calling as-uril is catching if upstream breaks the appdata.xml file in a future release. Considering py2 is dying, chances for a new release, let alone one breaking the xml file, are slim.- Unify packages among openSUSE:Factory and SLE versions. (bsc#1159035) ; add missing records to this changelog. - Add idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830)- Add python2_split_startup Provide to make it possible to conflict older packages by shared-python-startup.- Move /etc/pythonstart script to shared-python-startup package.- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes bsc#1149792- Add adapted-from-F00251-change-user-install-location.patch fixing pip/distutils to install into /usr/local.- Update to 2.7.17: - a bug fix release in the Python 2.7.x series. It is expected to be the penultimate release for Python 2.7. - Removed patches included upstream: - CVE-2018-20852-cookie-domain-check.patch - CVE-2019-16935-xmlrpc-doc-server_title.patch - CVE-2019-9636-netloc-no-decompose-characters.patch - CVE-2019-9947-no-ctrl-char-http.patch - CVE-2019-9948-avoid_local-file.patch - python-2.7.14-CVE-2018-1000030-1.patch - python-2.7.14-CVE-2018-1000030-2.patch - Renamed remove-static-libpython.diff and python-bsddb6.diff to remove-static-libpython.patch and python-bsddb6.patch to unify filenames.- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in python/Lib/DocXMLRPCServer.py- Add bpo36302-sort-module-sources.patch (boo#1041090)- Add CVE-2019-16056-email-parse-addr.patch fixing the email module wrongly parses email addresses [bsc#1149955, CVE-2019-16056]- boo#1141853 (CVE-2018-20852) add CVE-2018-20852-cookie-domain-check.patch fixing http.cookiejar.DefaultPolicy.domain_return_ok which did not correctly validate the domain: it could be tricked into sending cookies to the wrong server.- Skip test_urllib2_localnet that randomly fails in OBS- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) Upstream gh#python/cpython#13812- Set _lto_cflags to nil as it will prevent to propage LTO for Python modules that are built in a separate package.- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised.- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch removing unnecessary (and potentially harmful) URL scheme local-file://.- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised (CVE-2019-9636). Upstream commits e37ef41 and 507bd8c.- (bsc#1111793) Update to 2.7.16: * bugfix-only release: complete list of changes on https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch which are fully included in the tarball. * Updated patches to apply cleanly: CVE-2019-5010-null-defer-x509-cert-DOS.patch bpo36160-init-sysconfig_vars.patch do-not-use-non-ascii-in-test_ssl.patch openssl-111-middlebox-compat.patch openssl-111-ssl_options.patch python-2.5.1-sqlite.patch python-2.6-gettext-plurals.patch python-2.7-dirs.patch python-2.7.2-fix_date_time_compiler.patch python-2.7.4-canonicalize2.patch python-2.7.5-multilib.patch python-2.7.9-ssl_ca_path.patch python-bsddb6.diff remove-static-libpython.patch * Update python-2.7.5-multilib.patch to pass with new platlib regime.- bsc#1109847: add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo-34623.- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance of PyWeakReference struct and does not intialize wr_prev and wr_next of new isntance. These pointers can have garbage and point to random memory locations. Python should not crash while destroying the isntance created in the same interpreter function. As per my understanding, both wr_prev and wr_next of PyWeakReference instance should be initialized to NULL to avoid segfault.- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746. An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.- Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros.- Add patch openssl-111.patch to work with openssl-1.1.1 (bsc#1113755)- Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802]- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS (CVE-2018-1061). Prior to this patch mail server's timestamp was susceptible to catastrophic backtracking on long evil response from the server. Also, it was susceptible to catastrophic backtracking, which was a potential DOS vector. [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]- Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this check, attackers could cause a denial of service (divide-by-zero error and application crash) via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207]- Apply "python-sorted_tar.patch" (bsc#1086001, boo#1081750) sort tarfile output directory listing- update to 2.7.15 * dozens of bugfixes, see NEWS for details - removed obsolete patches: * python-ncurses-6.0-accessors.patch * python-fix-shebang.patch * gcc8-miscompilation-fix.patch - add patch from upstream: * do-not-use-non-ascii-in-test_ssl.patch- Add gcc8-miscompilation-fix.patch (boo#1084650).- Apply "python-2.7.14-CVE-2017-1000158.patch" to prevent integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution. [bsc#1068664, CVE-2017-1000158]- exclude test_socket & test_subprocess for PowerPC boo#1078485 (same ref as previous change)- Add python-skip_random_failing_tests.patch bypass boo#1078485 and exclude many tests for PowerPC- Add patch python-fix-shebang.patch to fix bsc#1078326- exclude test_regrtest for s390, where it does not segfault as it should (fixes bsc#1073269) - fix segfault while creating weakref - bsc#1073748, bpo#29347 (this is actually fixed by the 2.7.14 update; mentioning this for purposes of bugfix tracking)- update to 2.7.14 * dozens of bugfixes, see NEWS for details * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664) * fixed segfaults with dict mutated during search * fixed possible free-after-use problems with buffer objects with custom indexing * fixed urllib.splithost to correctly parse fragments (bpo-30500) - drop upstreamed python-2.7.13-overflow_check.patch - drop unneeded python-2.7.12-makeopcode.patch - drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch - Apply "python-2.7.14-CVE-2018-1000030-1.patch" and "python-2.7.14-CVE-2018-1000030-2.patch" to remedy a bug that would crash the Python interpreter when multiple threads used the same I/O stream concurrently. This issue is not classified as a security vulnerability due to the fact that an attacker must be able to run code, however in some situations -- such as function as a service -- this vulnerability can potentially be used by an attacker to violate a trust boundary. [bsc#1079300, CVE-2018-1000030]- Call python2 instead of python in macros- Fix test broken with OpenSSL 1.1 (bsc#1042670) * add 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch- drop SUSE_ASNEEDED=0 as it is not needed anymore- Add libnsl-devel build requires for glibc obsoleting libnsl- obsolete/provide python-argparse and provide python2-argparse, because the argparse module is available from python 2.7 up- SLE package update (bsc#1027282) - refresh python-2.7.5-multilib.patch - dropped upstreamed patches: python-fix-short-dh.patch python-2.7.7-mhlib-linkcount.patch python-2.7-urllib2-localnet-ssl.patch CVE-2016-0772-smtplib-starttls.patch CVE-2016-5699-http-header-injection.patch CVE-2016-5636-zipimporter-overflow.patch python-2.7-httpoxy.patch - Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1. (dimstar@opensuse.org)- Add reproducible.patch to allow reproducible builds of various python packages like python-amqp Upstream: https://github.com/python/cpython/pull/296- update to 2.7.13 * dozens of bugfixes, see NEWS for details * updated cipher lists for openssl wrapper, support openssl >= 1.1.0 * properly fix HTTPoxy (CVE-2016-1000110) * profile-opt build now applies PGO to modules as well - update python-2.7.10-overflow_check.patch with python-2.7.13-overflow_check.patch, incorporating upstream changes (bnc#964182) - add "-fwrapv" to optflags explicitly because upstream code still relies on it in many places- provide python2-* symbols, for support of new packages built as python2-foo - rename macros.python to macros.python2 accordingly - require python-rpm-macros package, drop macro definitions from macros.python2- initial packaging of `python27` side-by-side variant (fate#321075, bsc#997436) - renamed `python` to `python27` in package names and requires - removed Provides and Obsoletes clauses - dropped SLE12-only patch python-2.7.9-sles-disable-verification-by-default.patch, companion sle_tls_checks_policy.py file and the python-strict-tls-checks subpackage - dropped profile files - removed /usr/bin/python and /usr/bin/python2, along with other unversioned aliases - rewrote macros file to enable stand-alone packages depending on py2.7 - re-included downloaded version of HTML documentation- update to 2.7.12 * dozens of bugfixes, see NEWS for details * fixes multiple security issues: CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) CVE-2016-5636 zipimporter heap overflow (bsc#985177) CVE-2016-5699 httplib header injection (bsc#985348) (this one is actually fixed since 2.7.10) - removed upstreamed python-2.7.7-mhlib-linkcount.patch - refreshed multilib patch - python-2.7.12-makeopcode.patch - run newly-built python interpreter to make opcodes, in order not to require pre-built python - update LD_LIBRARY_PATH to use $PWD instead of "." because the test process escapes to its own directory - modify shebang-fixing scriptlet to ignore makeopcodetargets.py- CVE-2016-0772-smtplib-starttls.patch: smtplib vulnerability opens startTLS stripping attack (CVE-2016-0772, bsc#984751) - CVE-2016-5636-zipimporter-overflow.patch: heap overflow when importing malformed zip files (CVE-2016-5636, bsc#985177) - CVE-2016-5699-http-header-injection.patch: incorrect validation of HTTP headers allow header injection (CVE-2016-5699, bsc#985348) - python-2.7-httpoxy.patch: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (CVE-2016-1000110, bsc#989523)- Add python-2.7.10-overflow_check.patch to fix broken overflow checks. [bnc#964182]- copy strict-tls-checks subpackage from SLE to retain future compatibility (not built in openSUSE) - do this properly to fix bnc#945401 - update SLE check to exclude Leap which also has version 1315, just to be sure- Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1.- add missing ssl.pyc and ssl.pyo to package - implement python-strict-tls-checks subpackage * when present, Python will perform TLS certificate checking by default. it is possible to remove the package to turn off the checks for compatibility with legacy scripts. * as discussed in fate#318300 * this is not built for openSUSE, but retained here in case we want to build the package for a SLE system- python-fix-short-dh.patch: Bump DH parameters to 2048 bit to fix logjam security issue. bsc#935856- add __python2 compatibility macro (used by Fedora) (fate#318838)- update to 2.7.10 - removed obsolete python-2.7-urllib2-localnet-ssl.patch- Reenable test_posix on aarch64- python-2.7.4-aarch64.patch: Remove obsolete patch - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64- update to 2.7.9 * contains full backport of ssl module from Python 3.4 (PEP466) * HTTPS certificate validation enabled by default (PEP476) * SSLv3 disabled by default (bnc#901715) * backported ensurepip module (PEP477) * fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 * dozens of minor bugfixes - dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch - dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it with ssl module from Python 3 - libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well - python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional "import ssl" from test_urllib2_localnet that caused it to fail without ssl- skip test_thread in qemu_linux_user mode/sbin/ldconfig/sbin/ldconfigpython-elementtreepython-nothreadspython-sqlitepython21obs-arm-9 1606907765  "##%&&())+,,.//122455788:;;=>>@AACDDFGGIJJLMMOPPRSSUVVXYY[\\^__abbdefghijkllnooqrrtuvvxyz{||~2.72.7.17-lp151.10.29.12.7.17-lp151.10.29.12.7.17python2.7bsddb__init__.py__init__.pyc__init__.pyodb.pydb.pycdb.pyodbobj.pydbobj.pycdbobj.pyodbrecio.pydbrecio.pycdbrecio.pyodbshelve.pydbshelve.pycdbshelve.pyodbtables.pydbtables.pycdbtables.pyodbutils.pydbutils.pycdbutils.pyotest__init__.py__init__.pyc__init__.pyotest_all.pytest_all.pyctest_all.pyotest_associate.pytest_associate.pyctest_associate.pyotest_basics.pytest_basics.pyctest_basics.pyotest_compare.pytest_compare.pyctest_compare.pyotest_compat.pytest_compat.pyctest_compat.pyotest_cursor_pget_bug.pytest_cursor_pget_bug.pyctest_cursor_pget_bug.pyotest_db.pytest_db.pyctest_db.pyotest_dbenv.pytest_dbenv.pyctest_dbenv.pyotest_dbobj.pytest_dbobj.pyctest_dbobj.pyotest_dbshelve.pytest_dbshelve.pyctest_dbshelve.pyotest_dbtables.pytest_dbtables.pyctest_dbtables.pyotest_distributed_transactions.pytest_distributed_transactions.pyctest_distributed_transactions.pyotest_early_close.pytest_early_close.pyctest_early_close.pyotest_fileid.pytest_fileid.pyctest_fileid.pyotest_get_none.pytest_get_none.pyctest_get_none.pyotest_join.pytest_join.pyctest_join.pyotest_lock.pytest_lock.pyctest_lock.pyotest_misc.pytest_misc.pyctest_misc.pyotest_pickle.pytest_pickle.pyctest_pickle.pyotest_queue.pytest_queue.pyctest_queue.pyotest_recno.pytest_recno.pyctest_recno.pyotest_replication.pytest_replication.pyctest_replication.pyotest_sequence.pytest_sequence.pyctest_sequence.pyotest_thread.pytest_thread.pyctest_thread.pyolib-dynload_bsddb.so_hashlib.so_sqlite3.so_ssl.soreadline.sosqlite3__init__.py__init__.pyc__init__.pyodbapi2.pydbapi2.pycdbapi2.pyodump.pydump.pycdump.pyotest__init__.py__init__.pyc__init__.pyodbapi.pydbapi.pycdbapi.pyodump.pydump.pycdump.pyofactory.pyfactory.pycfactory.pyohooks.pyhooks.pychooks.pyopy25tests.pypy25tests.pycpy25tests.pyoregression.pyregression.pycregression.pyotransactions.pytransactions.pyctransactions.pyotypes.pytypes.pyctypes.pyouserfunctions.pyuserfunctions.pycuserfunctions.pyossl.pyssl.pycssl.pyopythonLICENSEREADMEREADME.SUSE/usr/lib64//usr/lib64/python2.7//usr/lib64/python2.7/bsddb//usr/lib64/python2.7/bsddb/test//usr/lib64/python2.7/lib-dynload//usr/lib64/python2.7/sqlite3//usr/lib64/python2.7/sqlite3/test//usr/share/doc/packages//usr/share/doc/packages/python/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:15217/openSUSE_Leap_15.1_Update_ports/076eb1e5b140178bf1a2ce5eaa91f614-python.openSUSE_Leap_15.1_Updatedrpmxz5aarch64-suse-linux          directoryPython script, ASCII text executablepython 2.7 byte-compiledASCII textemptyELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7d970c60f347aea0716bef6d028a7c558765c1f0, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=71654fae6ba44c20dec6739b8454f5c3fdf76ff8, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=11a3d90d9fb5593161171c162d46d6fdbcfe0288, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8ceaca5c86b91af5ab259cc68125d6ead531d66a, strippedELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=56f60279afd1e068d0583b75f7832d49749abedf, strippedPython script, ISO-8859 text executable  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`hqy  RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR R RRRRRRRR R RRRRRR R R RRRR RRRRRRR R RRRR RRR R R RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRh>qȉ utf-864b7ab47862fe9f57b89df0fd4b8caa54ac348bb999cc91ff82db0dba115d714?7zXZ !t/!p ]"k%{^E) Ӛ+nxdr;rp4%5ol׫؅OxQE|\K͒Wy&-]Y'e'H WҟJV\U|>Y3h0)Ѭݴ{w[м$xb:diژA4WBci[ 3J2qƽ%+dU[AGP a޹''75 Iz8z˻RA 3&ZsnŐK4XCy-I0t}&-rjmd~$]j>XC19 V _ z4YdN~zrS\4/wAL;QT>#~0Cv㉧5@;!2vӥzXhc(Gc ec<ÐݝThƢQSܫ qɂHQ2KV}##TԳIl^ Ys%i+HMX;4Ԅw7QSyY|)W'Z(VĄS^`No9-hKg.,# ۙߛjiqv`偩/LFc׿&7f59vkYLT,:tߥ{Kpe١Uulj^/H+0?RBnz#ܴ?X4mP(W|݃dٜRA\/>f j߷Prƭxi+"F yWU6=@&g#6 +ف fyspxp"#9?. (_>zyk#p^Wt^6JJ3H6oDc=fWHY]۠'Ļ?VL$YQ#Me\N }u0ep;Ʊ@,LuC|`e{fWU-xE!1a4FJj*e>6D4=*}©{-áy ~ܟ?Ejٸ_6ʂ,PM0V{9ו8*c~=c2LN_4) yyrh&{?qdbIJ"Nc<;⦵zdS2K~Im=}N?G|KDf,kSEZT]s' s÷SPM30V 4 ϶atAZͮR09F+ۖTہlχ^PjiPE_ꏦB(X0 Û^uΚǑ0!C=a"w:wSJKU%7B ٨$(0 aFXq،=^fA# z޴u~Fa΀ fߞC5bZ19hl+Ϋ:^MimEe O½.ɐz86(QH tC^<9MN&R,.-< oW͢}eB;`s28qRi^]M\^KpufBBď=5K; 4ENc416+>-p5YfO/K*%g+F70LFmSؿ[&ېAIA)+RZum󻥁5"`~_^$fF@n% 'Nx Y@UIxp7si~$D 7SGtzG,K9JI tzL KBQj,T{'ʉzL6Tė'7@S$҈TJ-A-i D˥BYW'7̀+N*sL-LZs, ީ']#i^`$)BoQv0iSӑ/'7X*3V0-2 ."8!N81ީEakZMg7ju2W(ъ,WCA /[bkxt m͐`wO٢=) 4KtE@Θp(5 C~Xn#'7Tb4K*i"Ơv)<ʄHV;BgYgy YZ