python-tk-2.7.17-lp151.10.29.1<>,_wu/=„2 1]>ryO:{8snZ"Η}+۲77 m #;{IFlh Ad?Td  ! ?  oo o o Po !o !o#o%o(((o)*@*|+(,#8,,E9-@E:3EBs4FsTGsloHu(oIvoXwTYwpZw[w\wo]yto^bc*defluovwoxpoy,rzPCpython-tk2.7.17lp151.10.29.1TkInter - Python Tk InterfacePython interface to Tk. Tk is the GUI toolkit that comes with Tcl._wuobs-arm-9ZopenSUSE Leap 15.1openSUSEPython-2.0http://bugs.opensuse.orgDevelopment/Libraries/Pythonhttp://www.python.org/linuxaarch64H'<<"%% ,, h h-wZwZ,22sk  6 + +w4(>'>'77 ,,,''C>> b Pmg}g}_))g66+##m!9!9A큤A큤A큤A큤_wT_wR__wF_wF__wF_wF__wF_wF__wF_wK__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF_wQ_wB__wF_wF_wQ__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF_wQ__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF__wF_wF49ea031083dcc59a12cc840bff62cf9b5dae3823bae7016725f08043ef0d8103074e1bb0397d6689e5dbb1ae4e5ccd1c0d0c4704656729d3cdd1fa44f986d077c109d9ff5deb5944183e384808563a5578a8d9b05c5ce4e12a6f162d1e61898cc109d9ff5deb5944183e384808563a5578a8d9b05c5ce4e12a6f162d1e61898c886afde4c1589a688afc857a0fb5039f8388f225443283081d9ddf072571b064266dd905e78ff2b213d620d9bac4d3382c274fe4d111f7012a48a904bb1f1814266dd905e78ff2b213d620d9bac4d3382c274fe4d111f7012a48a904bb1f18149229d117eca73b48a41b6303bffed14184add10afd20273976715fdd4840042acd7778139ea6a1921aae116230f81bba6037b28038818aaddee97e9bf6a940e6cd7778139ea6a1921aae116230f81bba6037b28038818aaddee97e9bf6a940e6808ece582c4a8e502c062b23aa16949d85878a9f3485d2111fd19ac6bdbb02e845039884aa041ba089c9fb3aafd5db6c745250252f3d3f3c1c8653b80e4c176aec5cf9805d72b43c88c66123772f07836dab057fdf1b6569141aae97fb2ba26a54f55b9696013117aa8758f901f77cc30dce6ad6f13df8b85c26c5af843a7fa0df5c30ef4777ec4d1f68b6c55ae54650bc97a1c4946b3cc7e3faaa752eafbd17df5c30ef4777ec4d1f68b6c55ae54650bc97a1c4946b3cc7e3faaa752eafbd171dbc9f1fc85237211d52b96ee1cc1c5553c81e0a62fd7143b95e16d32f5abafdbfd1c7791e531d97c8f3dc1b0c530035bc2b053639f3a8c754a70278c1d5b6b5bfd1c7791e531d97c8f3dc1b0c530035bc2b053639f3a8c754a70278c1d5b6b50e875733af8af973cb94d088dbe5b4ed36dd3db1241970ec2bf19ea97ec5fbf8a389877f8c716e8bb5de7ed1716e9514f561dc34a95bcf1b9661b92892dfc1a7a389877f8c716e8bb5de7ed1716e9514f561dc34a95bcf1b9661b92892dfc1a7c01314dc51d1c8effeba2528720a65da133596d4143200c68595c02067bf1da2731e0314c18dc1b24e0d52a60b5b93c5c4319b73389e38708ed8fdf75d19c0de731e0314c18dc1b24e0d52a60b5b93c5c4319b73389e38708ed8fdf75d19c0dec8fb5c768f76788cb678922aed330e2b7ae3cc825fdabea1a09b18db557711dc1f055202d92671e458bef1484d102950378ef89dafb60770641379da9c8a0a241f055202d92671e458bef1484d102950378ef89dafb60770641379da9c8a0a2498b2cd8b857ff09c0e6b3a330b98415a97282d70fa80b9cd15d1e14b2d2aea885b7c00b2e9c1b4ecab0d7c98cc033d790d6fb0f1c696d4578508738e6b720d205b7c00b2e9c1b4ecab0d7c98cc033d790d6fb0f1c696d4578508738e6b720d20fe3c79d5da8616ca37f7a9d8fddaac2c9164b593c7b116580aa99690a5f59ab5e82c816f3b0fdff328dfc84a8076385feec2208ac94a7e402af9138f8b6996e789fef511da4298bc3c48261e9b1e0fd6d41ad369151e51cb9c700d1bcbdff3b489fef511da4298bc3c48261e9b1e0fd6d41ad369151e51cb9c700d1bcbdff3b4e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855b4c39ab8a28c372453779e8037753c88fce2f6fd84afd99f05135c9e72392f01b4c39ab8a28c372453779e8037753c88fce2f6fd84afd99f05135c9e72392f010e9cbeed9f1bbec6f79a2bcebee7e12f896caba3b1a167d935446d009262dca238c396207ab7f76aeda40f61dc295e9d35d313a32196b9fe11fb1086cb46b67e38c396207ab7f76aeda40f61dc295e9d35d313a32196b9fe11fb1086cb46b67efe5f12d6412050e1414dfabc16ecc2341779d627362e1d81666e8b466986c50a0e23c5a4e367c536e7b8aa6d281504403ebba1ff33ff1acde89a67cf2ab129c20e23c5a4e367c536e7b8aa6d281504403ebba1ff33ff1acde89a67cf2ab129c207078aa64be8d2d3a02fcfa10eb73eebf06583fae23134ae47b9d4b2bf66d23a351edbd0d6e96e8cefd9a9675609a7cb25606533a954e6c18a8a8571f0790ed8351edbd0d6e96e8cefd9a9675609a7cb25606533a954e6c18a8a8571f0790ed8ba8ad521638ef8148d07be0925111fb57cb1b64dadf770f1ca2bd17e1bb356d6f6e24c08b1a3c0f87fe793b26994b70ed2b62f191efa02b21bf9c4f944413635f6e24c08b1a3c0f87fe793b26994b70ed2b62f191efa02b21bf9c4f9444136359e9439bfa528e20f0e045905ea5a3eca4cd27c4c9f190c62c192f9945caaae2899c101e7f3209d1566448920af806d16283f8e779edfaae1f9fd50efefa3756199c101e7f3209d1566448920af806d16283f8e779edfaae1f9fd50efefa37561ea0ebbfcc26a428337548a5e3c6768294497b81cce8f845d23e035ea62cd1aab0e4477a2840a8a2cac73a73cbdb706db62382acd8dec56f464ce7553d0fbc48c0e4477a2840a8a2cac73a73cbdb706db62382acd8dec56f464ce7553d0fbc48c49029a61956e79a10fb9b79000283c1e83cabc0645adacf9824a99dbe2dece5fced29072556371aff14a680b24f85e853f01bb37d8f880c83b81c9bc6f3fbf69ced29072556371aff14a680b24f85e853f01bb37d8f880c83b81c9bc6f3fbf6919a6ca5753fe74ec6248d166d2a54acfcd70f823ea578cfe803baf8f87ea346dad52ef34021f50e97ca4b8c5ccd0f14b14584a2b65d00b10fa30dc60bd9773a8ad52ef34021f50e97ca4b8c5ccd0f14b14584a2b65d00b10fa30dc60bd9773a8e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b8553032ffdd0d22db43e2b9450f7fd46210c9e11e1c318cbb9e94b15177ad011c713032ffdd0d22db43e2b9450f7fd46210c9e11e1c318cbb9e94b15177ad011c7153b465fb6754d8c39458a1e1ba7f8504f40d724e7dbcc7ab8fc38ea65c08c02e26c804eaacc1595975fc16c2ab52bc717c4e312bfc99b4516b8d190c9d07588d26c804eaacc1595975fc16c2ab52bc717c4e312bfc99b4516b8d190c9d07588d9d53e31b151af887cd26829a1331843c02288a8480ca74a7fc631833ce60d0cbd9c20c9228cea827f38305545f49ca9cbcfab0e0a97bb50363650293e85d0343d9c20c9228cea827f38305545f49ca9cbcfab0e0a97bb50363650293e85d03439fc1aec0a300d4754c94d77b4ee8f029540eb88bcf0ef288551f52e9410de8d3713000af8dbe4948211e92adac8b40bcea65f3a4cc1c430328b932d14e87413e713000af8dbe4948211e92adac8b40bcea65f3a4cc1c430328b932d14e87413e9241c97e08b337b0b92ee5b4e029936fa3eb53bdc821c080e78b020699e2aed75c223b432a6918c382066ba5fc6aac4a499aa7f3d7855eeac1d699894830daaa5c223b432a6918c382066ba5fc6aac4a499aa7f3d7855eeac1d699894830daaa15df8a908a8e80163bca643c76ec6e4ceff80ee83da5d1fc4e10c364fadbbb85ad90d040b2e7b53c3b781f6f8665e5b763f858c1490bff576dbc740bc8342c4ead90d040b2e7b53c3b781f6f8665e5b763f858c1490bff576dbc740bc8342c4e2205693a5fa6a8b9e408b24e9dc938f74f6250a1212c5fe5bcf31f09be16d936d5063b62ef7f7c982b376483b8eb0235bde5c0cdac8ce33025f72f1e9b5f8b18d5063b62ef7f7c982b376483b8eb0235bde5c0cdac8ce33025f72f1e9b5f8b185b6a1486c4c1ce533b146cf455c599d5ef8eec94a8eb9821a847985c12e3ddcdc13c986aaeca4beaeb4f385b2821b3df7d605b89ecf523e773ca1784cd78e927c13c986aaeca4beaeb4f385b2821b3df7d605b89ecf523e773ca1784cd78e9279547e4f72af28ec4262f88a00b6d2eb912ff49e2f5b3aa16b5a50a3230964d83d3dcdec3375481b1dbeb5168d47ca2cad052e3fc187198f326fba60a30be3be1d3dcdec3375481b1dbeb5168d47ca2cad052e3fc187198f326fba60a30be3be1360ba16e412f9d00617baa89c0ca476d49576a34bfff026cebebc71e630505a97cb9b69888835342eaae9a81c625490a20d058b0ca76ee546ab7b7eca34144f27cb9b69888835342eaae9a81c625490a20d058b0ca76ee546ab7b7eca34144f22f28b22cc571ed211824ac750e2c1b98574748f90829a7b01efd0ddfce6cbf329e3ff739554d5dbc31e9f7abd94cbf0d750dd9cdc71120829dd0c822473ceb2a9e3ff739554d5dbc31e9f7abd94cbf0d750dd9cdc71120829dd0c822473ceb2acdb0fcb4cc54d55fe963aac128269754c09f8583afa00b445926951e5fb5118b56f40c01e08f692dd867185d2d739a50784acaafea6c13eec102488084328a5d56f40c01e08f692dd867185d2d739a50784acaafea6c13eec102488084328a5d4b09f3aaccecb4a434d94937cb737b65767f7b595cd51a3fa48fcaddbde984e3dd1277299f9d3108779d94e1685890edf464bf33110daa6f30a3e0c1180c88e3dd1277299f9d3108779d94e1685890edf464bf33110daa6f30a3e0c1180c88e3b4c15f951994f60a263b271323e31896e8f6e049135c9f5904d8a877ee8ea8acf4f870e54c3a94236b8058f05f4d212273a05898e70efcdc70325ab985c3552ff4f870e54c3a94236b8058f05f4d212273a05898e70efcdc70325ab985c3552fcdb5a419bd0bb4b98221fa23a480c7a92733824b259b8bfefaac5da7517643db10f290951a76e4ec3a1541e7ff12102bd8f57f3d832b911dd4b54ee1d535390810f290951a76e4ec3a1541e7ff12102bd8f57f3d832b911dd4b54ee1d5353908rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpython-2.7.17-lp151.10.29.1.src.rpmpyth_tkpyth_tklpython-tkpython-tk(aarch-64)python-tkinterpython2-tkpython_tkinter_lib@@@@@@@@@     ld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libpthread.so.0()(64bit)libpython2.7.so.1.0()(64bit)libtcl8.6.so()(64bit)libtk8.6.so()(64bit)python(abi)python-baserpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PartialHardlinkSets)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.72.7.173.0.4-14.6.0-14.0.4-14.0-15.2-14.14.1___@^@^>^>^;^8 @^.^g@^ @]f@]@]]]d@]d@]@]z@]V]y@]9]1]\t@\\7\7\\J@\J@\C@\2[[#@[6@[@[ @[Za@Z@ZxG@ZtRZp^@ZSteve Kowalik Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Tomáš Chvátal Matej Cepl Matej Cepl Tomáš Chvátal Dominique Leuenberger Matej Cepl Matej Cepl Matej Cepl Matej Cepl Steve Kowalik Matej Cepl Matej Cepl Bernhard Wiedemann Matej Cepl Matej Cepl Tomáš Chvátal Matej Cepl Martin Liška Matej Cepl Matej Cepl Matej Cepl Matej Cepl mcepl@suse.commcepl@suse.commcepl@suse.comTodd R Tomáš Chvátal Matěj Cepl mcepl@suse.compsimons@suse.commcepl@suse.commichael@stroeder.commliska@suse.czpsimons@suse.comnormand@linux.vnet.ibm.comnormand@linux.vnet.ibm.comtchvatal@suse.comjmatejek@suse.comjmatejek@suse.commpluskal@suse.comvcizek@suse.comjmatejek@suse.comkukuk@suse.dejmatejek@suse.comjmatejek@suse.combwiedemann@suse.comjmatejek@suse.comjmatejek@suse.comjmatejek@suse.comjmatejek@suse.comjmatejek@suse.comrguenther@suse.comjmatejek@suse.comdimstar@opensuse.orgjmatejek@suse.commeissner@suse.comdmueller@suse.commichael@stroeder.comschwab@suse.deschwab@suse.dejmatejek@suse.comdmueller@suse.com- Replace bundled wheels for pip and setuptools with the updated ones (bsc#1176262 CVE-2019-20916).- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211 (CVE-2020-26116, bpo#39603) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Such characters now raise ValueError.- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch.- Add CVE-2019-18348-CRLF_injection_via_host_part.patch to disallow control characters in hostnames in httplib, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094)- Add CVE-2019-9674-zip-bomb.patch to improve documentation warning about dangers of zip-bombs and other security problems with zipfile library. (bsc#1162825 CVE-2019-9674)- Change to Requires: libpython%{so_version} == %{version}-%{release} to python-base to keep both packages always synchronized (add %{so_version}) (bsc#1162224).- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug "Python urrlib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)" (bsc#1162367)- Provide python-testsuite from devel subkg to ease py2->py3 dependencies- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch off tests coliding with the combination of modern Python and ancient OpenSSL on SLE-12.- libnsl is required only on more recent SLEs and openSUSE, older glibc supported NIS on its own.- Add provides in gdbm subpackage to provide dbm symbols. This allows us to use %%{python_module dbm} as a dependency and have it properly resolved for both python2 and python3- Drop appstream-glib BuildRequires and no longer call appstream-util validate-relax: eliminate a build cycle between as-glib and python. The only thing would would gain by calling as-uril is catching if upstream breaks the appdata.xml file in a future release. Considering py2 is dying, chances for a new release, let alone one breaking the xml file, are slim.- Unify packages among openSUSE:Factory and SLE versions. (bsc#1159035) ; add missing records to this changelog. - Add idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830)- Add python2_split_startup Provide to make it possible to conflict older packages by shared-python-startup.- Move /etc/pythonstart script to shared-python-startup package.- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes bsc#1149792- Add adapted-from-F00251-change-user-install-location.patch fixing pip/distutils to install into /usr/local.- Update to 2.7.17: - a bug fix release in the Python 2.7.x series. It is expected to be the penultimate release for Python 2.7. - Removed patches included upstream: - CVE-2018-20852-cookie-domain-check.patch - CVE-2019-16935-xmlrpc-doc-server_title.patch - CVE-2019-9636-netloc-no-decompose-characters.patch - CVE-2019-9947-no-ctrl-char-http.patch - CVE-2019-9948-avoid_local-file.patch - python-2.7.14-CVE-2018-1000030-1.patch - python-2.7.14-CVE-2018-1000030-2.patch - Renamed remove-static-libpython.diff and python-bsddb6.diff to remove-static-libpython.patch and python-bsddb6.patch to unify filenames.- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in python/Lib/DocXMLRPCServer.py- Add bpo36302-sort-module-sources.patch (boo#1041090)- Add CVE-2019-16056-email-parse-addr.patch fixing the email module wrongly parses email addresses [bsc#1149955, CVE-2019-16056]- boo#1141853 (CVE-2018-20852) add CVE-2018-20852-cookie-domain-check.patch fixing http.cookiejar.DefaultPolicy.domain_return_ok which did not correctly validate the domain: it could be tricked into sending cookies to the wrong server.- Skip test_urllib2_localnet that randomly fails in OBS- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) Upstream gh#python/cpython#13812- Set _lto_cflags to nil as it will prevent to propage LTO for Python modules that are built in a separate package.- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised.- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch removing unnecessary (and potentially harmful) URL scheme local-file://.- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised (CVE-2019-9636). Upstream commits e37ef41 and 507bd8c.- (bsc#1111793) Update to 2.7.16: * bugfix-only release: complete list of changes on https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch which are fully included in the tarball. * Updated patches to apply cleanly: CVE-2019-5010-null-defer-x509-cert-DOS.patch bpo36160-init-sysconfig_vars.patch do-not-use-non-ascii-in-test_ssl.patch openssl-111-middlebox-compat.patch openssl-111-ssl_options.patch python-2.5.1-sqlite.patch python-2.6-gettext-plurals.patch python-2.7-dirs.patch python-2.7.2-fix_date_time_compiler.patch python-2.7.4-canonicalize2.patch python-2.7.5-multilib.patch python-2.7.9-ssl_ca_path.patch python-bsddb6.diff remove-static-libpython.patch * Update python-2.7.5-multilib.patch to pass with new platlib regime.- bsc#1109847: add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo-34623.- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance of PyWeakReference struct and does not intialize wr_prev and wr_next of new isntance. These pointers can have garbage and point to random memory locations. Python should not crash while destroying the isntance created in the same interpreter function. As per my understanding, both wr_prev and wr_next of PyWeakReference instance should be initialized to NULL to avoid segfault.- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746. An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.- Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros.- Add patch openssl-111.patch to work with openssl-1.1.1 (bsc#1113755)- Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802]- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS (CVE-2018-1061). Prior to this patch mail server's timestamp was susceptible to catastrophic backtracking on long evil response from the server. Also, it was susceptible to catastrophic backtracking, which was a potential DOS vector. [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]- Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this check, attackers could cause a denial of service (divide-by-zero error and application crash) via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207]- Apply "python-sorted_tar.patch" (bsc#1086001, boo#1081750) sort tarfile output directory listing- update to 2.7.15 * dozens of bugfixes, see NEWS for details - removed obsolete patches: * python-ncurses-6.0-accessors.patch * python-fix-shebang.patch * gcc8-miscompilation-fix.patch - add patch from upstream: * do-not-use-non-ascii-in-test_ssl.patch- Add gcc8-miscompilation-fix.patch (boo#1084650).- Apply "python-2.7.14-CVE-2017-1000158.patch" to prevent integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution. [bsc#1068664, CVE-2017-1000158]- exclude test_socket & test_subprocess for PowerPC boo#1078485 (same ref as previous change)- Add python-skip_random_failing_tests.patch bypass boo#1078485 and exclude many tests for PowerPC- Add patch python-fix-shebang.patch to fix bsc#1078326- exclude test_regrtest for s390, where it does not segfault as it should (fixes bsc#1073269) - fix segfault while creating weakref - bsc#1073748, bpo#29347 (this is actually fixed by the 2.7.14 update; mentioning this for purposes of bugfix tracking)- update to 2.7.14 * dozens of bugfixes, see NEWS for details * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664) * fixed segfaults with dict mutated during search * fixed possible free-after-use problems with buffer objects with custom indexing * fixed urllib.splithost to correctly parse fragments (bpo-30500) - drop upstreamed python-2.7.13-overflow_check.patch - drop unneeded python-2.7.12-makeopcode.patch - drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch - Apply "python-2.7.14-CVE-2018-1000030-1.patch" and "python-2.7.14-CVE-2018-1000030-2.patch" to remedy a bug that would crash the Python interpreter when multiple threads used the same I/O stream concurrently. This issue is not classified as a security vulnerability due to the fact that an attacker must be able to run code, however in some situations -- such as function as a service -- this vulnerability can potentially be used by an attacker to violate a trust boundary. [bsc#1079300, CVE-2018-1000030]- Call python2 instead of python in macros- Fix test broken with OpenSSL 1.1 (bsc#1042670) * add 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch- drop SUSE_ASNEEDED=0 as it is not needed anymore- Add libnsl-devel build requires for glibc obsoleting libnsl- obsolete/provide python-argparse and provide python2-argparse, because the argparse module is available from python 2.7 up- SLE package update (bsc#1027282) - refresh python-2.7.5-multilib.patch - dropped upstreamed patches: python-fix-short-dh.patch python-2.7.7-mhlib-linkcount.patch python-2.7-urllib2-localnet-ssl.patch CVE-2016-0772-smtplib-starttls.patch CVE-2016-5699-http-header-injection.patch CVE-2016-5636-zipimporter-overflow.patch python-2.7-httpoxy.patch - Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1. (dimstar@opensuse.org)- Add reproducible.patch to allow reproducible builds of various python packages like python-amqp Upstream: https://github.com/python/cpython/pull/296- update to 2.7.13 * dozens of bugfixes, see NEWS for details * updated cipher lists for openssl wrapper, support openssl >= 1.1.0 * properly fix HTTPoxy (CVE-2016-1000110) * profile-opt build now applies PGO to modules as well - update python-2.7.10-overflow_check.patch with python-2.7.13-overflow_check.patch, incorporating upstream changes (bnc#964182) - add "-fwrapv" to optflags explicitly because upstream code still relies on it in many places- provide python2-* symbols, for support of new packages built as python2-foo - rename macros.python to macros.python2 accordingly - require python-rpm-macros package, drop macro definitions from macros.python2- initial packaging of `python27` side-by-side variant (fate#321075, bsc#997436) - renamed `python` to `python27` in package names and requires - removed Provides and Obsoletes clauses - dropped SLE12-only patch python-2.7.9-sles-disable-verification-by-default.patch, companion sle_tls_checks_policy.py file and the python-strict-tls-checks subpackage - dropped profile files - removed /usr/bin/python and /usr/bin/python2, along with other unversioned aliases - rewrote macros file to enable stand-alone packages depending on py2.7 - re-included downloaded version of HTML documentation- update to 2.7.12 * dozens of bugfixes, see NEWS for details * fixes multiple security issues: CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) CVE-2016-5636 zipimporter heap overflow (bsc#985177) CVE-2016-5699 httplib header injection (bsc#985348) (this one is actually fixed since 2.7.10) - removed upstreamed python-2.7.7-mhlib-linkcount.patch - refreshed multilib patch - python-2.7.12-makeopcode.patch - run newly-built python interpreter to make opcodes, in order not to require pre-built python - update LD_LIBRARY_PATH to use $PWD instead of "." because the test process escapes to its own directory - modify shebang-fixing scriptlet to ignore makeopcodetargets.py- CVE-2016-0772-smtplib-starttls.patch: smtplib vulnerability opens startTLS stripping attack (CVE-2016-0772, bsc#984751) - CVE-2016-5636-zipimporter-overflow.patch: heap overflow when importing malformed zip files (CVE-2016-5636, bsc#985177) - CVE-2016-5699-http-header-injection.patch: incorrect validation of HTTP headers allow header injection (CVE-2016-5699, bsc#985348) - python-2.7-httpoxy.patch: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (CVE-2016-1000110, bsc#989523)- Add python-2.7.10-overflow_check.patch to fix broken overflow checks. [bnc#964182]- copy strict-tls-checks subpackage from SLE to retain future compatibility (not built in openSUSE) - do this properly to fix bnc#945401 - update SLE check to exclude Leap which also has version 1315, just to be sure- Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1.- add missing ssl.pyc and ssl.pyo to package - implement python-strict-tls-checks subpackage * when present, Python will perform TLS certificate checking by default. it is possible to remove the package to turn off the checks for compatibility with legacy scripts. * as discussed in fate#318300 * this is not built for openSUSE, but retained here in case we want to build the package for a SLE system- python-fix-short-dh.patch: Bump DH parameters to 2048 bit to fix logjam security issue. bsc#935856- add __python2 compatibility macro (used by Fedora) (fate#318838)- update to 2.7.10 - removed obsolete python-2.7-urllib2-localnet-ssl.patch- Reenable test_posix on aarch64- python-2.7.4-aarch64.patch: Remove obsolete patch - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64- update to 2.7.9 * contains full backport of ssl module from Python 3.4 (PEP466) * HTTPS certificate validation enabled by default (PEP476) * SSLv3 disabled by default (bnc#901715) * backported ensurepip module (PEP477) * fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 * dozens of minor bugfixes - dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch - dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it with ssl module from Python 3 - libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well - python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional "import ssl" from test_urllib2_localnet that caused it to fail without ssl- skip test_thread in qemu_linux_user modepyth_tkpyth_tklpython-tkinterobs-arm-9 1606907765 !"#$$&'((*++-..0113446779::<==?@@BCDDFGGIJJLMMOPPRSSUVVXYY[\\^__abbdeeghhjkkmnn2.7.17-lp151.10.29.12.7.17-lp151.10.29.12.7.17_tkinter.solib-tkCanvas.pyCanvas.pycCanvas.pyoDialog.pyDialog.pycDialog.pyoFileDialog.pyFileDialog.pycFileDialog.pyoFixTk.pyFixTk.pycFixTk.pyoScrolledText.pyScrolledText.pycScrolledText.pyoSimpleDialog.pySimpleDialog.pycSimpleDialog.pyoTix.pyTix.pycTix.pyoTkconstants.pyTkconstants.pycTkconstants.pyoTkdnd.pyTkdnd.pycTkdnd.pyoTkinter.pyTkinter.pycTkinter.pyotestREADMEruntktests.pyruntktests.pycruntktests.pyotest_tkinter__init__.py__init__.pyc__init__.pyotest_font.pytest_font.pyctest_font.pyotest_geometry_managers.pytest_geometry_managers.pyctest_geometry_managers.pyotest_images.pytest_images.pyctest_images.pyotest_loadtk.pytest_loadtk.pyctest_loadtk.pyotest_misc.pytest_misc.pyctest_misc.pyotest_text.pytest_text.pyctest_text.pyotest_variables.pytest_variables.pyctest_variables.pyotest_widgets.pytest_widgets.pyctest_widgets.pyotest_ttk__init__.py__init__.pyc__init__.pyosupport.pysupport.pycsupport.pyotest_extensions.pytest_extensions.pyctest_extensions.pyotest_functions.pytest_functions.pyctest_functions.pyotest_style.pytest_style.pyctest_style.pyotest_widgets.pytest_widgets.pyctest_widgets.pyowidget_tests.pywidget_tests.pycwidget_tests.pyotkColorChooser.pytkColorChooser.pyctkColorChooser.pyotkCommonDialog.pytkCommonDialog.pyctkCommonDialog.pyotkFileDialog.pytkFileDialog.pyctkFileDialog.pyotkFont.pytkFont.pyctkFont.pyotkMessageBox.pytkMessageBox.pyctkMessageBox.pyotkSimpleDialog.pytkSimpleDialog.pyctkSimpleDialog.pyottk.pyttk.pycttk.pyoturtle.pyturtle.pycturtle.pyo/usr/lib64/python2.7/lib-dynload//usr/lib64/python2.7//usr/lib64/python2.7/lib-tk//usr/lib64/python2.7/lib-tk/test//usr/lib64/python2.7/lib-tk/test/test_tkinter//usr/lib64/python2.7/lib-tk/test/test_ttk/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:15217/openSUSE_Leap_15.1_Update_ports/076eb1e5b140178bf1a2ce5eaa91f614-python.openSUSE_Leap_15.1_Updatedrpmxz5aarch64-suse-linuxELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=73585fe4a432b85a91e46b8499b00162803c0992, strippeddirectoryPython script, ASCII text executablepython 2.7 byte-compiledASCII textemptyPython script, UTF-8 Unicode text executable  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopq RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRh>qȉ utf-8c347596779b02ecab58cb8ee16b5884a37888837b8e834bb8bdd3457c2d3798c?7zXZ !t/;]"k%%) \/sɝ-\| Jx7 [1Lc9a!MXlni=D h; 8ȴEUz7^U|3{wk^^h,k{UT0 M4"Ε(2z[Wvڷ?$]ŕnVrA[2EjHcbD( mJ"q1}yjIVE)+s"]]! c\b/?p J'*( z2ZX9\QFh0br7&8\`}MiSq](  ;ܾкAڦ<-ݵd~E{5r0P祍zrfIppvؑ2_R,Qi!zNK9z3?2u67CDoy@ dFF>ʸ5-/qu Hfv-,fUN"@Aiv]g gO^8՛ dU^ hE #DXp\/2/m?.u7{u~-4XXߪ̾o_T ]$r惦K7mÿR;wl'ؖlh!Ë8nd %8m#"Eiޙ"+ϚU2&+~X kguIv[kѼg AǞvQG,p*Mjs7KOTduCvu1fb A^n[zտ TMRBFJCR/ 0@Hܟeńa{:Zcs72^uq(ԃT q45"Dx|д!GGJVV{V(,{m_ǐ <ƭ`6~ ܪ50S~*0.E zw#9&C\|ת15/l˫?*R `i %bU?.>PC\0XDx_ k[?&l'3x@iՉPA %7Z5?/H %NsmG)6j 3Tss+RxĎ4.9]W~i F,,MH9ғ'9 ohcsNl}zv=8#Quoσa9+ƶ YZ