python3-devel-3.6.12-lp151.6.36.1<>,_︋/=„¸\Od3@rJɩo9KS޿QNBh|)́c0ǁfCy3ɟ"k"pU>?d $ f'0; T`x~~~ |~ x~ p~ %n~ &T~(L~*~-8-d~/\/0 1 (1<81Da92a:cdeflu~v w,~x$~yzdtx~Cpython3-devel3.6.12lp151.6.36.1Include Files and Libraries Mandatory for Building Python ModulesThe Python programming language's interpreter can be extended with dynamically loaded extensions and can be embedded in other programs. This package contains header files, a static library, and development tools for building Python modules, extending the Python interpreter or embedding Python in applications. This also includes the Python distutils, which were in the Python package up to version 2.2.2._armbuild13 'yopenSUSE Leap 15.1openSUSEPython-2.0http://bugs.opensuse.orgUnspecifiedhttps://www.python.org/linuxarmv7hl rW [vB w !L9t$  WUs   7 T!# ]7# Ej &(CC !+ x!mk+~ u  IK<  ?s 2  O:G) UaMA큤A큤AAAA_낢_낢_낡_낡_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_낡_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_날_G__낡_낢_낢_낣_낡_낡_낡_낡_낡_낡_낡_낣_낡_낡_낡_____94aa06f0ca0dc0eea446869b63e0825e6e99660fb5fd21bb9652e981ce78402e6d88b06b822b72876dcbc89b529809e937b83d0cb6a681f14de7fb5f36907a20ee74dbf61abc57f7620fc6eaf31517b92f737b5ba64d78a281c5e42a28a15edb5bb332ce29b211d78f49df318ad1225a22b325bacf5feb2513109c9484fa32496c606145ccfc8a7794680d93bc87cdfc89eb1d36bcb50478e441feb138b66ee8f228e11c63ea63b2db1076de50c9521364aafac87f8a7ce2ac12cc3b0b2c63dfa69a187d5b752b23d616e4608a600fbcd46db65ef1cb85ad7e4acc19d532c664afbbf716c0d6d777ae4c4e30121b1cdb00c5f09f478bd815d45d87654ed232e81b5101b4b85409fd910032713906800bbb83580503036469c2a60ac8e80b8f72d6db52644f2c3aacdfcc393c9999590c12dfae291fa343ee0e089ffc28400e34c2fae54e6f08d924d2ddf0cb3b58ca6544de18b4fd301303b6807cb4843362b20a8af85683ede589beba4b8fab2fcf03c651ec93adc651e65dcf561efb8ddcb1f8211dcf2d2a8b0fe155e8c879c1af2d0c0a9934a57bac1340ad210b0af7125db5d866a90e3bd7de6a861b30ed534308108f8e18b6c48a74e3cedc6676f0812727e638e478bf620e9b2d9a274aec26020e3f6992e0507273152a434d64d2d5e1a7736fd5f486412c23dbbe39dc80098736e208bb0889991d051ae91effaf0792a5a058193d88861991c91ec626ecee4f1dd756d7f618f0efbf6b976eba2e6a6dd84f5b3738836973013339dc320c296355246169ebe5ebe2251516b4bb4357f1fd63389430974ea9b099ccfe8a0f8b5e4a0f502427ae6540c0e0534cd2ec027773ea409a055eeb2b5d02a25adba73149c7c99903c9c7fdd942ddeb19e088393df74adfc023024aecb15ba770c2f68ee82663afcc5b8aa58a2d51f3f74a8a78913cc59abfac2a7c082d28c10c1cc0f18d1a4df9c4f2a6682bd06dd7bb62a6559a120a597401964c2235d7fe14b3cb006dbb88a383de4a1965256713ccc74cafe264d80ff78299f6e3b1ed91e1e6d3d2e5a430d6af1bbf23f36a0faeae9707706e73fe170efc01e7f2fcb4beb6060614619235be070494a106479987348515b6a72244fe250db9995068fe74dce0e23fd70c12b03fd94751d98b773be8f64896b65a1a57a1fc93ca954d0027217a3917c7ca8e359919843dad36cd044fbfe0c54ad0d89dff4ab88a71ca1a26ce5bc989a3b8586d12a364a859135a6cf61bc8db7100310c0c97da7072380e0e8cfff7b9052ab440a9d5b84e7dc6808c82d2dcee078b377a9dde743af7824037e0f30486b80088bb4987f363cd5b3c50bd32b4b599da532654c9b30d080400a573e3c1d089c2781652767f743746b6a1a807ae083c52d61cfa0ca8834e9cd04cc460c73ace0edb965abe821ef31e257908d062a18f9d89f6d57f4649c8323a3223e3fd4ad722e8f28537b1191824416f3b7927cac39493619036535b8346abbc03228b58fff3bc7542fdf0ad2e5224c4fd0ac805b47262f9d560c4e15df552d52186188141260d12f18afb5baaab41b8fbdd86e369774bb352958f95af4cbd83ba07583d8da1d49ef8ffa6ea2e4dad25f503d562885cc47fae1324b451495e8e5ef49e2afb699b9ea60cd88bb922f6951082ccea637302d5e451af094ec43d995bbd44cf34c45903893470f6233b0339045471cafb170d0ee46a31c6fed1b62c63381fdb0388aa8d7df432cfcf567c65c666aeba255d836f77801da70dc40fa164a0d004287b2629c0e9facf203a26c462f5391d9870bd46d6341525fcc78a90f26786d632a84fd0bd591149e9850c46c5e0e624f16e3d90316f5a617a903cf1eacb382acd34fe7993d090e9fec242204e3c19b56406ba6a68154f85951794529465a07e07444fb852440059a398c98344004a27f5d88a9777e274e49fbe6f2d0d00dc5794ec44fdebd18589ef0092b4d080d9dd6232ecdf966c2744d6ce8ac2b891662b88339a99324e8dd105f7b3076830dfe7c8618c4db70ad5f55b1632691b73873b765afcd0c3235898b14a6f51731b65861ccff0f43c74ffa425235af0b32966d450e302621ab5315b58fd2067d66be56aef135b8f6c84e6ddb60c17a170588da9925535c8aeeb90b5b164859b97bd9fa1a7d282d6d0c6493f56921c039bfa23fd38bc4a643ebb9ace07108d9b170900fbc8cdd0649b1fdd05cd330102d919c91bda82ae1b0f5fa1fbdf8a519376740361f1066a97cfa57d3683aafa767e5aff7bdd467c315ed5a22499aa52066252cd854b09213a63c5093afd3a65241242cc3a3ced72325640aa05374e600749b9efd6042bb0e3a3dbd90a00328494dc28c3187cbd9913e0bc914b3892a3dc86ad4e426308fe6e961abaf588f31870df5524620ec1c7fe5c487dbe2d324fce3eaeb13307f406ebc4064e654e91974b836376347a5dbfabfca3c2bd2099a8228ce66c6940c013935b48f48ca8ce249a4d482c55e3fb6f1cfe786c5a32a57969bb74a779d96e922c139363bc2b22d77dc59277c002ae1d2dcc3ff1786f2a629d2a15874ddc6f3aaeee42ac09896ef858b98bebdffc58c2f07fe4cf087653a1f2a423746b7d8f555eb83d0419232cbcb738a3f856433040833a798174007cf5e3a81b46901a3c9281d3654043f84937eb974a5c9c520c7af403cb2147e663ce1ae545568321922b0bf2456c23a859e872e35f329c491ad1179c6b5a1fa467a361d57c0dcc17766e5ed190f352fa3d59b57c40a824a6815b6846ece8eb382c100d5eca46bef0be875709f12f5461fae93ba1f06e61a6e7187321a36099573fb1dd6cf8ec38b89989ab01fc3759bb4393bccd1a3d836cd8c5cf9e616343ca5117ed72770c4a7ba94e142d60d1c8df6b8cc6736f18de1624d2daade060f4daf4015f0e60a19b81a406eb5730a6c8981e7b6fb0299cfac60773e977a7867872a910fbe75bd2a8ef9d6e1327f9153c7c0fba73966b7fda85b79dbd65f2939520c18a777c91b6d5fe496bcd846b31123f77f85261ba30db4c96f81c4d9cabcacbf232d30713a94047d5af24285bbbe793f088c9236416ed2596c1c156c863044db5d9575f315a03314bde05b3b7d6dbff5b7565b71ef59a4ce1e796a549d28edb4c75a5cabd00fe969b52ad06966c916e8d2a777e3da039dc88c7af462106f3b4645fd848c93c4b57c9ff15aabb661930914793b53298f762a30b22ddbdd0ee77bcc8e0d6be0598730e687edad4ad455962f6e2b0b49651bc20702e685fde63c09deb906be5f47972171174ba772e44672e300e438f106cc946bfc1aa548200d61d9efaba3df0a87906a284cd2ccccbac21c5aa2ce5ea1d05d04a4b5e5038e5d55c7fab260ab30e2c9fce977024cf8e739c4e58727fa1510bc6f223aa5fd344c7d823a6d6dc847c500c926a046663faade4d35daebbc4f50614c2f628fb0097aad4cc1ed856a1c0c16c8063ac35eda62df3ab70bd116f3989b9d7be1a34d1670bc3ec0a6ccc18e09de2eecb212c40a9b50fcc959b67fba9a5bcfb23476115e1f8a2f0d7279286973d1a1d34f61eeb64372df05f54a96e88f734ceb77c99278e453ecf75ead54c1414f401d8338fb6ecf5f12768ee95cd09c262f880b2ee522ca344b890dbdcde4c88814ef927caaa29a5a4b97c48c38a78485f15b3e1ec5d5ab35aca934377a917b9df98a492044f55cf016c008fef3181d77d13f1828b84625b5cb1f460e5f5ed2fd0dfe8f81b81c05cb2e25ac2b9800a5b73a0626b58ed3c944562f00ab40bf4875feaf4eb453936cfc98157a14aba4f04e715cb5189a8ebd1bda1aec10876eaec2ddd0a6701efa7987b1330f1336e96cde36459ecf5d911af8a9a36b53c42ab1080b0f9db9a4b14efed3cef52066866519f564d281e1dbf84fe8c24c660d31257bcf506cb23d86b81bcc6efa51b4ad9dfab67fda947753afcad33af2caf9b9b4ea7379a38902d5e9e40a69cb10f25e60e3bb2fdddec17b526824f5215fe68640b1e2839479e122db707ae8fdd8f29d861add05d902a1df191c88143850b355d98ccf286e9acfa1ef40a74917686f53797477196c1aa67d767fedaebca4dd23bd9f5837719f206f04c4569ac51be15ac4f3cefc956fa594847750db438421ce862a8539f48bdfe81695b3363981b0a25aecab8640f82c62668b4dd58c6dfd59795a6a5cadbf9165c37750df2374e117d0b38031f5d8b08b1bf9fc5593515002ef9d3104998a854161a4ddb2126aced3f8e8951ce0d1e20dbc2ad70cc6e4abf49205f56e201b471e84a7ab305b441dddd9694b32bf52bb595602e4724ea008863be9d95b982c2eda1116d30daa07ed26fd8e81cf1c58cc93b458ee5f8c431aec9f4a288021d7c33d0d3884e1933cae04d37488d58efe4a399f9348bc2ef17dd010a390c76b24d72ccbc90811b0e41627eff0f1bfed2ae4dfebbd22ac3dd80ecb098a0ec7454cfd73c853166e9950f87150f24a594a73cac388eb59bfe1f51315ada7b19aba768a6d1524c1d7d9f9673bf3bb61e809ea47f032e0d3341a572fd745e9cd8e3bed804c8d0285685998c47258fe93430a435bc4316a48c6c308ee794192fb182169d645ed3428a94df779747300b58046657165832ecba4deb111fe7221342440ff5e6cf0eefb96448db21089782444b42bf9d062dc59dcfe1603af5060a71d54d69575f9b0530a23d48352e7cdd61f87ae33f04c04b4144af60753237cfa71d37fe9b982de66be4c13e2cd7977b2fbaff115fb80357d6270c4982b2c0d29e734b34f3f8cb4a8c2b9305b6e7f378214ecd13928f2671db2c7ee0f7b37821fad4551b410aefe3ec1a5dab7970d83a81e7987827d973b5a19b8875abd0afb9f02112e3e3925517d294fbe26403a4df135618dbfc911cd911e073bef8baac92adf3cf516747616fbe142306be804c8a7a6da49b85e0e1763d0aa4465f9fb69cb12cbbe508c0a9e6834923ecfe37632b26257b716b4a98282e714f6ad7ce43264fcca727fb50dda4013f2dcaebeead76ee161a78f3ae4976eb6218cf5edf3aa20401f797d0f8945a5640d1656100aca3a6cc9e059476d924d24ce5e9b5d98d2ba5fa698b62b36bdc9326da6d8681c7733d9ac03a874b40e9fe11a83cbf8a77python3.6-configpython3.6m-configlibpython3.6m.so.1.0python-3.6.pcpython-3.6.pc../../libpython3.6m.sorootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpython3-core-3.6.12-lp151.6.36.1.src.rpmlibpython3.sopkgconfig(python-3.6)pkgconfig(python-3.6m)pkgconfig(python3)python3-develpython3-devel(armv7hl-32)@@@@@@@@@    /bin/sh/usr/bin/pkg-config/usr/bin/python3/usr/bin/python3.6mlibc.so.6libc.so.6(GLIBC_2.4)libpthread.so.0libpython3.6m.so.1.0python(abi)python3-baserpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.63.6.123.0.4-14.6.0-14.0-15.2-14.14.1__@_v@_0@_0@_@_G@___P_P_m_O@_N7_L@_?@_>e_>e_=@_@_______^^g@^>^>^8 @^0"@]f@]+]@]m]y@]v>]8H@]8H@]1]]@\\8\@\E@\C@["@[6@ZZԐ@Zx@Z@Z@Z Z Zz@Zhu@Z`@ZLZ"Z }YYX@Yo@Y@YY@Y@YI@XӸXƉXXqX@Xv@W@Wx@W_W@Vm@VhV*!@VCV }@U@U@U@UU[%UT@UCjU@TeT;Marcus Meissner Matej Cepl Matej Cepl Matej Cepl Steve Kowalik Markéta Machová Matej Cepl Matej Cepl Marketa Calabkova Dominique Leuenberger Matej Cepl Dominique Leuenberger Matej Cepl Matej Cepl Tomáš Chvátal Andreas Schwab Marketa Calabkova Marketa Calabkova Marketa Calabkova Matej Cepl Marketa Calabkova Tomáš Chvátal Tomáš Chvátal Tomáš Chvátal Tomáš Chvátal Tomáš Chvátal Tomáš Chvátal Matej Cepl Matej Cepl Matej Cepl Matej Cepl Tomáš Chvátal Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matej Cepl Matěj Cepl mcepl@suse.comMatěj Cepl mcepl@suse.comtchvatal@suse.comtchvatal@suse.commimi.vx@gmail.compsimons@suse.comadam@mizerski.plschwab@suse.debwiedemann@suse.comtchvatal@suse.comjmatejek@suse.comnormand@linux.vnet.ibm.comjmatejek@suse.comdimstar@opensuse.orgmimi.vx@gmail.comjmatejek@suse.comdmueller@suse.comvcizek@suse.comschwab@suse.dejmatejek@suse.comkukuk@suse.dejmatejek@suse.comasn@cryptomilk.orgjmatejek@suse.comjmatejek@suse.comjmatejek@suse.combwiedemann@suse.comjmatejek@suse.comjmatejek@suse.comhpj@urpla.nethpj@urpla.nethpj@urpla.netjmatejek@suse.comtoddrme2178@gmail.comtoddrme2178@gmail.comjmatejek@suse.comtoddrme2178@gmail.comjmatejek@suse.comdimstar@opensuse.orgjmatejek@suse.comfisiu@opensuse.orgmeissner@suse.comschwab@suse.dejmatejek@suse.commailaender@opensuse.orgrguenther@suse.comp.drouand@gmail.comjmatejek@suse.com- readd --with-fpectl (bsc#1180377)- Adjust sphinx-update-removed-function.patch- (bsc#1179630) Update sphinx-update-removed-function.patch to work with all versions of Sphinx (not binding the Python documentation build to the latest verison of Sphinx). Updated version mentioned on gh#python/cpython#13236.- Add CVE-2020-27619-no-eval-http-content.patch fixing CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP.- Add patch sphinx-update-removed-function.patch to no longer call a now removed function (gh#python/cpython#13236). As a consequence, no longer pin Sphinx version.- Pin Sphinx version to fix doc subpackage- Change setuptools and pip version numbers according to new wheels - Add ignore_pip_deprec_warn.patch to switch of persistently failing test.- Replace bundled wheels for pip and setuptools with the updated ones (bsc#1176262 CVE-2019-20916).- Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - Rebase bpo23395-PyErr_SetInterrupt-signal.patch- Fix build with RPM 4.16: error: bare words are no longer supported, please use "...": x86 == ppc.- Fix installing .desktop file- Buildrequire timezone only for general flavor. It's used in this flavor for the test suite.- Add faulthandler_stack_overflow_on_GCC10.patch to make build working even with GCC10 (bpo#38965).- Just cleanup and reordering items to synchronize with python38- Format with spec-cleaner- riscv64-support.patch: bpo-33377: add triplets for mips-r6 and riscv (#6655) - riscv64-ctypes.patch: bpo-35847: RISC-V needs CTYPES_PASS_BY_REF_HACK (GH-11694) - Update list of tests to exclude under qemu linux-user- Update the python keyring - Correct libpython name- Drop patches which are not mentioned in spec: * CVE-2019-5010-null-defer-x509-cert-DOS.patch * F00102-lib64.patch * F00251-change-user-install-location.patch * OBS_dev-shm.patch * SUSE-FEDORA-multilib.patch * bpo-31046_ensurepip_honours_prefix.patch * bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch * bpo36302-sort-module-sources.patch * bpo40784-Fix-sqlite3-deterministic-test.patch * bsc1167501-invalid-alignment.patch * python3-imp-returntype.patch - Working around missing python-packaging dependency in python-Sphinx (bsc#1174571) is not necessary anymore.- Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(…). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - Drop merged fixtures: * CVE-2020-14422-ipaddress-hash-collision.patch * CVE-2019-20907_tarfile-inf-loop.patch * recursion.tar - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091).- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch.- Make library names internally consistent- Disable profile optimalizations as they deadlock in test_faulthandler- Disable lto as it causes mess and works with 3.7 onwards only- Sync the test disablements from the python3 in sle15- Update to 3.6.11: - bpo-39073: Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - bpo-38576 (bsc#1155094): Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. - bpo-39401: Avoid unsafe load of api-ms-win-core-path-l1-1-0.dll at startup on Windows 7. - Remove merged patch CVE-2020-8492-urllib-ReDoS.patch- Fix minor issues found in the staging.- Do not set ourselves as a primary interpreter- Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS.- Change name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894).- Add CVE-2019-9674-zip-bomb.patch to improve documentation warning about dangers of zip-bombs and other security problems with zipfile library. (bsc#1162825 CVE-2019-9674) - Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug "Python urrlib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)" (bsc#1162367)- Add Requires: libpython%{so_version} == %{version}-%{release} to python3-base to keep both packages always synchronized (bsc#1162224).- Reame idle icons to idle3 in order to not conflict with python2 variant of the package bsc#1165894 * renamed the icons * renamed icon load in desktop file- Add pep538_coerce_legacy_c_locale.patch to coerce locale to C.UTF-8 always (bsc#1162423).- Update to 3.6.10 (still in line with jsc#SLE-9426, jsc#SLE-9427, bsc#1159035): - Security: - bpo-38945: Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. - bpo-37228: Due to significant security concerns, the reuse_address parameter of asyncio.loop.create_datagram_endpoint() is no longer supported. This is because of the behavior of SO_REUSEADDR in UDP. For more details, see the documentation for loop.create_datagram_endpoint(). (Contributed by Kyle Stanley, Antoine Pitrou, and Yury Selivanov in bpo-37228.) - bpo-38804: Fixes a ReDoS vulnerability in http.cookiejar. Patch by Ben Caller. - bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. (Contributed by Dong-hee Na in bpo-38243.) - bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903. - bpo-37461: Fix an infinite loop when parsing specially crafted email headers. Patch by Abhilash Raj. - bpo-34155: Fix parsing of invalid email addresses with more than one @ (e.g. a@b@c.com.) to not return the part before 2nd @ as valid email address. Patch by maxking & jpic. - Library: - bpo-38216: Allow the rare code that wants to send invalid http requests from the http.client library a way to do so. The fixes for bpo-30458 led to breakage for some projects that were relying on this ability to test their own behavior in the face of bad requests. - bpo-36564: Fix infinite loop in email header folding logic that would be triggered when an email policy’s max_line_length is not long enough to include the required markup and any values in the message. Patch by Paul Ganssle - Remove patches included in the upstream tarball: - CVE-2019-16935-xmlrpc-doc-server_title.patch (and also bpo37614-race_test_docxmlrpc_srv_setup.patch, which was resolving bsc#1174701). - CVE-2019-16056-email-parse-addr.patch - Move idle subpackage build from python3-base to python3 (bsc#1159622). appstream-glib required for packaging introduces considerable extra dependencies and a build loop via rust/librsvg. - Correct installation of idle IDE icons: + idle.png is not the target directory + non-GNOME-specific icons belong into icons/hicolor - Add required Name key to idle3 desktop file- Unify all Python 3.6* SLE packages into one (jsc#SLE-9426, jsc#SLE-9427, bsc#1159035) - Patches which were already included upstream: - CVE-2018-1061-DOS-via-regexp-difflib.patch - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in python/Lib/DocXMLRPCServer.py- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes bsc#1149792 - Add bpo36263-Fix_hashlib_scrypt.patch which works around bsc#1151490- Add CVE-2019-16056-email-parse-addr.patch fixing the email module wrongly parses email addresses [bsc#1149955, bnc#1149955, CVE-2019-16056]- jsc#PM-1350 bsc#1149121 Update python3 to the last version of the 3.6 line. This is just a bugfix release with no changes in functionality. - The following patches were included in the upstream release as so they can be removed in the package: - CVE-2018-20852-cookie-domain-check.patch - CVE-2019-5010-null-defer-x509-cert-DOS.patch - CVE-2019-10160-netloc-port-regression.patch - CVE-2019-9636-urlsplit-NFKC-norm.patch - CVE-2019-9947-no-ctrl-char-http.patch - Patch bpo23395-PyErr_SetInterrupt-signal.patch has been reapplied on the upstream base without changing any functionality. - Add patch aarch64-prolong-timeout.patch to fix failing test_utime_current_old test.- FAKE RECORD FROM SLE-12 CHANNEL Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802]- FAKE RECORD FROM SLE-12 CHANNEL bsc#1109847: add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo#34623.- boo#1141853 (CVE-2018-20852) add CVE-2018-20852-cookie-domain-check.patch fixing http.cookiejar.DefaultPolicy.domain_return_ok which did not correctly validate the domain: it could be tricked into sending cookies to the wrong server.- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) Upstream gh#python/cpython#13812- FAKE RECORD FROM SLE-12 CHANNEL bsc#1137942: Avoid duplicate files with python3* packages (https://fate.suse.com/327309)- bsc#1094814: Add bpo23395-PyErr_SetInterrupt-signal.patch to handle situation when the SIGINT signal is ignored or not handled- Update to 3.6.8: - bugfixes only - removed patches (subsumed in the upstream tarball): - CVE-2018-20406-pickle_LONG_BINPUT.patch - refreshed patches: - CVE-2019-5010-null-defer-x509-cert-DOS.patch - CVE-2019-9636-urlsplit-NFKC-norm.patch - Python-3.0b1-record-rpm.patch - python-3.3.0b1-fix_date_time_compiler.patch - python-3.3.0b1-test-posix_fadvise.patch - python-3.3.3-skip-distutils-test_sysconfig_module.patch - python-3.6.0-multilib-new.patch - python3-sorted_tar.patch - subprocess-raise-timeout.patch - switch off LTO and PGO optimization (bsc#1133452) - bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised.- bsc#1129346: add CVE-2019-9636-urlsplit-NFKC-norm.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised. (CVE-2019-9636) Upstream gh#python/cpython#12224- bsc#1120644 add CVE-2018-20406-pickle_LONG_BINPUT.patch fixing bpo#34656 Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data.- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746. An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.- Add -fwrapv to OPTS, which is default for python3 anyway See for example https://github.com/zopefoundation/persistent/issues/86 for bugs which are caused by avoiding it. (bsc#1107030)- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS (CVE-2018-1061). Prior to this patch mail server's timestamp was susceptible to catastrophic backtracking on long evil response from the server. Also, it was susceptible to catastrophic backtracking, which was a potential DOS vector. [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]- As we run in main python package do not generate the pre_checkin from both now- Move the tests from base to generic package wrt bsc#1088573 * We still fail the whole distro if python3 is not build * The other archs than x86_64 took couple of hours to unblock build of other software, this way we work around the issue - Some tests are still run in -base for the LTO tweaking, but at least it is not run twice- update to 3.6.5 * bugfix release * see Misc/NEWS for details - drop ctypes-pass-by-value.patch - drop fix-localeconv-encoding-for-LC_NUMERIC.patch - refresh python-3.6.0-multilib-new.patch- Apply "python-3.6-CVE-2017-18207.patch" to add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this check, attackers could cause a denial of service (divide-by-zero error and application crash) via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207]- Created %so_major and %so_minor macros - Put Tools/gdb/libpython.py script into proper place and ship it with devel subpackage.- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64- Add python3-sorted_tar.patch (boo#1081750, bsc#1086001)- Add patch to fix glibc 2.27 fail bsc#1079761: * fix-localeconv-encoding-for-LC_NUMERIC.patch- move XML modules and python3-xml provide to python3-base (fixes bsc#1077230) - move ensurepip to base- Add skip_random_failing_tests.patch only for PowerPC- update to 3.6.4 * bugfix release, over a hundred bugs fixed * see Misc/NEWS for details - drop upstreamed python3-ncurses-6.0-accessors.patch - drop PYTHONSTARTUP hooks that cause spurious startup errors * fixes bsc#1070738 * the relevant feature (REPL history) is now built into Python itself- Install 2to3-%{python_version} executable (override defattr of the -tools package). 2to3 (unversioned) is a symlink and does not carry permissions (bsc#1070853).- move 2to3 to python3-tools package- update to 3.6.3 * bugfix release, over a hundred bugs fixed * see Misc/NEWS for details - drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch- drop python-2.7-libffi-aarch64.patch: this patches the intree copy of libffi which is unused/deleted in the line afterwards - fix build against system libffi: include flags weren't set so it actually used the in-tree libffi headers.- Fix test broken with OpenSSL 1.1 (bsc#1042670) * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch- fix missing %{?armsuffix}- distutils-reproducible-compile.patch: ensure distutils order files before compiling, which works around bsc#1049186- Add libnsl-devel build requires for glibc obsoleting libnsl- update to 3.6.2 * bugfix release, over a hundred bugs fixed * see Misc/NEWS for details - drop upstreamed test-socket-aead-kernel49.patch - add Provides: python3-typing (fixes bsc#1050653) - drop duplicate Provides: python3- Add missing link to python library in config dir (bsc#1040164)- update to 3.6.1 * bugfix release, over a hundred bugs fixed * never add import location's parent directory to sys.path * switch to git for version control, build changes related to that * fix "failed to get random numbers" on old kernels (bsc#1029902) * several crashes and memory leaks corrected * f-string are no longer accepted as docstrings- prevent regenerating AST at build-time more robustly - add "--without profileopt" and "--without testsuite" options to python3-base to allow short circuiting when working on the package- FAKE RECORD FROM SLE-12 CHANNEL update to 3.4.6 (bsc#1027282): * fixed potential crash in PyUnicode_AsDecodedObject() in debug build * fixed possible DoS and arbitrary execution in gettext plurals * fix possible use of uninitialized memory in operator.methodcaller * fix possible Py_DECREF on unowned object in _sre * fix possible integer overflow in _csv module * prevent HTTPoxy attack (CVE-2016-1000110) * fix selectors incorrectly retaining invalid fds - drop upstreamed python-3.4-CVE-2016-1000110-fix.patch - move _elementtree to python3.rpm to match its pyexpat dependency (bsc#1029377)- Add 0001-allow-for-reproducible-builds-of-python-packages.patch upstream https://github.com/python/cpython/pull/296- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) - reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent)- update to 3.6.0 * PEP 498 Formated string literals * PEP 515 Underscores in numeric literals * PEP 526 Syntax for variable annotations * PEP 525 Asynchronous generators * PEP 530 Asynchronous comprehensions * PEP 506 New "secrets" module for safe key generation * less memory consumed by dicts * dtrace and systemtap support * improved asyncio module * better defaults for ssl * new hashing algorithms in hashlib * bytecode format changed to allow more optimizations * "async" and "await" are on track to be reserved words * StopIteration from generators is deprecated * support for openssl < 1.0.2 is deprecated * os.urandom now blocks when getrandom() blocks * huge number of new features, bugfixes and optimizations * see https://docs.python.org/3.6/whatsnew/3.6.html for details - rework multilib patch: drop Python-3.5.0-multilib.patch, implement upstreamable python-3.6.0-multilib-new.patch - refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch - drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch - finally drop python-2.6b1-canonicalize2.patch that was not applied in source and only kept around in case we needed it in the future. (which we don't, as it seems) - update import_failed map and baselibs - build ctypes against system libffi (buildrequire libffi-devel in python3-base) - add new key to keyring (signed by keys already in keyring) - introduced common configure section between python3 and python3-base - moved pyconfig.h and Makefile to devel subpackage as distutils no longer need it at runtime - added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py because it is not used now - improve summaries and descriptions (fixes bsc#917607) - enabled Link-Time Optimization, see what happens - including skipped_tests.py in pre_checkin.sh run - run specs through spec-cleaner, rearrange sections- FAKE RECORD FROM SLE-12 CHANNEL apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user supplied Proxy request header: python-3.4-CVE-2016-1000110-fix.patch (fixes bsc#989523, CVE-2016-1000110) - refresh python3-urllib-prefer-lowercase-proxies.patch- FAKE RECORD FROM SLE-12 CHANNEL update to 3.4.5 check: https://docs.python.org/3.4/whatsnew/changelog.html (fixes bsc#984751, CVE-2016-0772) (fixes bsc#985177, CVE-2016-5636) (fixes bsc#985348, CVE-2016-5699) - drop upstreamed werror-declaration-after-statement.patch- FAKE RECORD FROM SLE-12 CHANNEL Due to being fixed upstream (differently), removed outdated patch CVE-2014-4650-CGIHTTPServer-traversal.patch (bsc#983582)- move _hashlib and _ssl modules and tests to python3-base - recommend python3- Add Python-3.5.1-fix_lru_cache_copying.patch Fix copying the lru_cache() wrapper object. Fixes deep-copying lru_cache regression, which worked on previous versions of python but fails on python 3.5. This fixes a bunch of packages in devel:languages:python3. See: https://bugs.python.org/issue25447- update to 3.5.1 * bugfix-only release, dozens of bugs fixed - Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch - "Python3" to "Python 3" in summary * This seems cleaner and fixes and rpmlint warning- FAKE RECORD FROM SLE-12 CHANNEL Issue #21121: Don't force 3rd party C extensions to be built with -Werror=declaration-after-statement. (werror-declaration-after-statement.patch, bsc#951166)- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch This fixes a build error for many packages that use the Python, C-API. This patch is already accepted upstream and is slated to appear in python 3.5.1.- update to 3.5.0 * coroutines with async/await syntax * matrix multiplication operator `@` * unpacking generalizations * new modules `typing` and `zipapp` * type annotations * .pyo files replaced by custom suffixes for optimization levels in __pycache__ * support for memory BIO in ssl module * performance improvements in several modules * and many more - removals and behavior changes * deprecated `__version__` is removed * support for .pyo files was removed * system calls are auto-retried on EINTR * bare generator expressions in function calls now cause SyntaxError (change "f(x for x in i)" to "f((x for x in i))" to fix) * removed undocumented `format` member of private `PyMemoryViewObject` struct * renamed `PyMemAllocator` to `PyMemAllocatorEx` - redefine %dynlib macro to reflect that modules now have arch+os as part of name - module `time` is now built-in - dropped upstreamed patches: python-3.4.1-fix-faulthandler.patch python-3.4.3-test-conditional-ssl.patch python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) - updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch - python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure with new gcc + ncurses- Add python3-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1.- improve import_failed hook to do the right thing when invoking missing modules with "python3 -m modulename" (boo#942751)- Build with --enable-loadable-sqlite-extensions to make it works as geospatial database.- dh2048.pem: added generated 2048 dh parameter set to fix ssl test (bsc#935856) - python-fix-short-dh.patch: replace the 512 bits dh parameter set by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856)- ctypes-libffi-aarch64.patch: remove upstreamed patch - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64- python-3.4.3-test-conditional-ssl.patch - restore tests failing because test_urllib was unconditionally importing ssl (without really needing it) - restore functionality of multilib patch - drop libffi-ppc64le.diff because upstream completely changed everything yet again (sorry ppc64 folks :| )- Update to version 3.4.3 - Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch (bpo#21766)- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus faulthandler which fails with GCC 5.- asyncio has been merged in python3 main package; provide and obsolete it - Remove obsolete AUTHORS section - Remove redundant %clean section- add %python3_version rpm macro for Fedora compatibility - add missing argument in import_failed, rename Novell Bugzilla to SUSE Bugzillaarmbuild13 1609270255  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~3.63.63.63.6.12-lp151.6.36.13.6.12-lp151.6.36.1 python3-configpython3.6-configpython3.6m-configpython3.6mPython-ast.hPython.habstract.haccu.hasdl.hast.hbitset.hbltinmodule.hboolobject.hbytearrayobject.hbytes_methods.hbytesobject.hcellobject.hceval.hclassobject.hcode.hcodecs.hcompile.hcomplexobject.hdatetime.hdescrobject.hdictobject.hdtoa.hdynamic_annotations.henumobject.herrcode.heval.hfileobject.hfileutils.hfloatobject.hframeobject.hfuncobject.hgenobject.hgraminit.hgrammar.himport.hintrcheck.hiterobject.hlistobject.hlongintrepr.hlongobject.hmarshal.hmemoryobject.hmetagrammar.hmethodobject.hmodsupport.hmoduleobject.hnamespaceobject.hnode.hobject.hobjimpl.hodictobject.hopcode.hosdefs.hosmodule.hparsetok.hpatchlevel.hpgen.hpgenheaders.hpy_curses.hpyarena.hpyatomic.hpycapsule.hpyconfig.hpyctype.hpydebug.hpydtrace.hpyerrors.hpyexpat.hpyfpe.hpygetopt.hpyhash.hpylifecycle.hpymacconfig.hpymacro.hpymath.hpymem.hpyport.hpystate.hpystrcmp.hpystrhex.hpystrtod.hpythonrun.hpythread.hpytime.hrangeobject.hsetobject.hsliceobject.hstructmember.hstructseq.hsymtable.hsysmodule.htoken.htraceback.htupleobject.htypeslots.hucnhash.hunicodeobject.hwarnings.hweakrefobject.hlibpython3.6m.solibpython3.sopython-3.6.pcpython-3.6m.pcpython3.pcconfig-3.6m-arm-linux-gnueabihfMakefileSetupSetup.configSetup.localconfig.cconfig.c.ininstall-shlibpython3.6m.somakesetuppython-config.pypython.ogdbauto-loadusrliblibpython3.6m.so.1.0-gdb.py/usr/bin//usr/include//usr/include/python3.6m//usr/lib//usr/lib/pkgconfig//usr/lib/python3.6//usr/lib/python3.6/config-3.6m-arm-linux-gnueabihf//usr/share//usr/share/gdb//usr/share/gdb/auto-load//usr/share/gdb/auto-load/usr//usr/share/gdb/auto-load/usr/lib/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:15440/openSUSE_Leap_15.1_Update_ports/f2062f5aeadc2f86544b9fd5601ae64c-python3.openSUSE_Leap_15.1_Update:basedrpmxz5armv7hl-suse-linux POSIX shell script, ASCII text executabledirectoryC source, ASCII textASCII textELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=0f7feac2f7b183806c44afcc4ffb820bdf37cebf, strippedpkgconfig fileASCII text, with very long linesPython script, ASCII text executableELF 32-bit LSB relocatable, ARM, EABI5 version 1 (SYSV), with debug_info, not stripped RPRRRRPRPRPRRRRRRR;Xi&baе utf-8d70ed7cad0e0aae741746a969caf8f0935d414c871ce873d78942523de6867b6? 7zXZ !t/{]"k%a Z2 (KPPxt<1>(^fqH/tL10lqQ C8K\59<"54گw,ٝH`)Ct&@(^ +G%Mcdqy8_FwxOgp]gqr]A||ZK&>[g?%P3 |}~Z>S4·jR -!&YkJS,2-5h-`:d&m-w );7} lA). Ǿ39;&bo v>@쇚YmH$NL 3NE9^KDVtC ,)ywwrC_ƌF}!ou=]%9d؃^Zjfyh4 U=v$pYIJ=xҿfo$iYceR*..^&Zz9QNR!RPqoH+.[<^;|[:+m+:bK2Eqsm@ʉgіrfeȑ/[ _"ۢ/ͷ-Y8+A;n Bc ch!+YtV;F"9p^sZ~M(͓h{v~k=%,҃~{ц@Z3l7OW]rBn($*i* _ՠ8zH1!ȣR۪U^Z鹫;$tM 55sT$\X,߷h z_@MX>4&Ik$um۳r.uqI_8k%?*%U0e kwiM?QĽ1U=F4vc|voH` j쯨ڹtBt)թ˷oqU{v/[ ˿2^aB^+vqwoh/@Br 4, 3R YZ