python-tk-2.7.18-150000.60.1<>,娉ep9|@}K[Gk\us0r?ySh"U/4 #T AԄвpϜX}<̩hwlܟ"Ӧ'GmUeվ?F¶w V@%lScK%$Xë˚ Z _P-4Cq:nzqN'$(lCVU8{qX ϒ0taf \4,~^&L<󝟡EN>yeUC=mv>A?d   =  $*4oo o o ho !o "o#o%o((<o)*T*+(,8,j9-j:4jBFGoHoILoXYZ [\o]o^bcde flu$ovwoxoylqz0@DJCpython-tk2.7.18150000.60.1TkInter - Python Tk InterfacePython interface to Tk. Tk is the GUI toolkit that comes with Tcl.eh04-ch2a;SUSE Linux Enterprise 15SUSE LLC Python-2.0https://www.suse.com/Development/Libraries/Pythonhttps://www.python.org/linuxx86_64'<<"%% ,, h h-wZwZ,22sk  6 + +w4(>'>'77 ,,,''C>> b Pmg}g}_))g66+##m!9!9A큤A큤A큤A큤eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee3e939507b77cbbf2b3aaad9da3c2993ad05f628139c9b636860beb63872893be074e1bb0397d6689e5dbb1ae4e5ccd1c0d0c4704656729d3cdd1fa44f986d077cdad952fb355d3e4c8777dbbc7e26bcc08f223785901e3a00cb658ff56f422e9cdad952fb355d3e4c8777dbbc7e26bcc08f223785901e3a00cb658ff56f422e9886afde4c1589a688afc857a0fb5039f8388f225443283081d9ddf072571b0649d307a77b7ea44ead9d0811e303c362756cc2f7ce8fe0772164812fba191468d9d307a77b7ea44ead9d0811e303c362756cc2f7ce8fe0772164812fba191468d9229d117eca73b48a41b6303bffed14184add10afd20273976715fdd4840042adce399a063c2e77c4661f84cac2683587f952af6b054a69d346ccb63ac7c3969dce399a063c2e77c4661f84cac2683587f952af6b054a69d346ccb63ac7c3969808ece582c4a8e502c062b23aa16949d85878a9f3485d2111fd19ac6bdbb02e85edebc5c3438d95e3dbd0832425d3c99cbace84394766b1a4cd37430d5447f2e0edef64db456b1ecdea9b56cd9a3680d626f924db9c327855d1e1ffc5e61772154f55b9696013117aa8758f901f77cc30dce6ad6f13df8b85c26c5af843a7fa00379cc032338032a18eae8c329abf980cf43b47e7ba80affd00dff1077c5c52b0379cc032338032a18eae8c329abf980cf43b47e7ba80affd00dff1077c5c52b1dbc9f1fc85237211d52b96ee1cc1c5553c81e0a62fd7143b95e16d32f5abafd86e979fcf4fdb4acba578d36448f7274c21a1e9a2a39b1fa613abc8fd2e0b76e86e979fcf4fdb4acba578d36448f7274c21a1e9a2a39b1fa613abc8fd2e0b76e0e875733af8af973cb94d088dbe5b4ed36dd3db1241970ec2bf19ea97ec5fbf890ffa80898f30f0155bdda3821f86197eb94c303b0cff2749de0c09231c7b48890ffa80898f30f0155bdda3821f86197eb94c303b0cff2749de0c09231c7b488c01314dc51d1c8effeba2528720a65da133596d4143200c68595c02067bf1da22c07a96f1e4c7f58c5f3d78a13279deab8b0758b0b4775d4ca1ee158bb8a337a2c07a96f1e4c7f58c5f3d78a13279deab8b0758b0b4775d4ca1ee158bb8a337ac8fb5c768f76788cb678922aed330e2b7ae3cc825fdabea1a09b18db557711dc06d6cb68aa1b5a920bb098f88d08fae5ffbe68e1391d1c21175ac6b552e9140f06d6cb68aa1b5a920bb098f88d08fae5ffbe68e1391d1c21175ac6b552e9140f98b2cd8b857ff09c0e6b3a330b98415a97282d70fa80b9cd15d1e14b2d2aea884eca574f7eb55edfdd20bf66249116623311991854477c078f0e910b01014e614eca574f7eb55edfdd20bf66249116623311991854477c078f0e910b01014e61fe3c79d5da8616ca37f7a9d8fddaac2c9164b593c7b116580aa99690a5f59ab5e82c816f3b0fdff328dfc84a8076385feec2208ac94a7e402af9138f8b6996e7df781f7f2e13eb4a28488ac0f022a2f6c02092ab9e5bb856ca7c94f7b4cad2a1df781f7f2e13eb4a28488ac0f022a2f6c02092ab9e5bb856ca7c94f7b4cad2a1e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855a609a5289e6d506233c9c4d7e10a8f6189ac5feb762114e30361cdc9183e05b1a609a5289e6d506233c9c4d7e10a8f6189ac5feb762114e30361cdc9183e05b10e9cbeed9f1bbec6f79a2bcebee7e12f896caba3b1a167d935446d009262dca21cc4b2672fd803abb0f45991a8173b30da737cff5d31ab9b739c1fe3636879b31cc4b2672fd803abb0f45991a8173b30da737cff5d31ab9b739c1fe3636879b3fe5f12d6412050e1414dfabc16ecc2341779d627362e1d81666e8b466986c50a33f89be6c233068f373192898ff40c805067703a09c14b2cb11d994b2641567a33f89be6c233068f373192898ff40c805067703a09c14b2cb11d994b2641567a07078aa64be8d2d3a02fcfa10eb73eebf06583fae23134ae47b9d4b2bf66d23a5547988c90b83656513810d866b9b31899d80d35db5d39d033332de86e1f83a15547988c90b83656513810d866b9b31899d80d35db5d39d033332de86e1f83a1ba8ad521638ef8148d07be0925111fb57cb1b64dadf770f1ca2bd17e1bb356d69b874d8cf32ecb41eba27475e32f45e1a8d5ef7abe0784041c650b5173ddedd29b874d8cf32ecb41eba27475e32f45e1a8d5ef7abe0784041c650b5173ddedd29e9439bfa528e20f0e045905ea5a3eca4cd27c4c9f190c62c192f9945caaae2841d2ea7ed6b446ab3e367b17ebcc82a3227815f0755f0baeded1629eb57c950941d2ea7ed6b446ab3e367b17ebcc82a3227815f0755f0baeded1629eb57c9509ea0ebbfcc26a428337548a5e3c6768294497b81cce8f845d23e035ea62cd1aabe7f7e388fe2c53694759ef887e84081b59fd99d2e54eb444bd00059d9f794bb5e7f7e388fe2c53694759ef887e84081b59fd99d2e54eb444bd00059d9f794bb549029a61956e79a10fb9b79000283c1e83cabc0645adacf9824a99dbe2dece5f4089b0fd23663a1a1dde855714aee82f65092a21e5fc0832d26c3aef2cd83d394089b0fd23663a1a1dde855714aee82f65092a21e5fc0832d26c3aef2cd83d3919a6ca5753fe74ec6248d166d2a54acfcd70f823ea578cfe803baf8f87ea346db49d460a44eb170ed40ba357f8e4c107dcac7bf93e175bd666ffca5f6014958eb49d460a44eb170ed40ba357f8e4c107dcac7bf93e175bd666ffca5f6014958ee3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b8558811f418bff260c07c907bb346805ba559f9df1189c316ef048e0ceb7f02409f8811f418bff260c07c907bb346805ba559f9df1189c316ef048e0ceb7f02409f53b465fb6754d8c39458a1e1ba7f8504f40d724e7dbcc7ab8fc38ea65c08c02e0a845e9c04cfd5494a1ca07fc4bb62e1d383ab475ddb0c08801c4725ef7cfad50a845e9c04cfd5494a1ca07fc4bb62e1d383ab475ddb0c08801c4725ef7cfad59d53e31b151af887cd26829a1331843c02288a8480ca74a7fc631833ce60d0cbfb2a19441dfb3098b8b0897d530467572ff71880f089f14b8f7655455c49e629fb2a19441dfb3098b8b0897d530467572ff71880f089f14b8f7655455c49e6299fc1aec0a300d4754c94d77b4ee8f029540eb88bcf0ef288551f52e9410de8d3af71b1804d732308a074226cd7191cfb7d726777f3e9c158f80011935b04e068af71b1804d732308a074226cd7191cfb7d726777f3e9c158f80011935b04e0689241c97e08b337b0b92ee5b4e029936fa3eb53bdc821c080e78b020699e2aed7585efa333a31fb4fb865bbd88e23853801018e1e3233e0f88b54e45292f261f9585efa333a31fb4fb865bbd88e23853801018e1e3233e0f88b54e45292f261f915df8a908a8e80163bca643c76ec6e4ceff80ee83da5d1fc4e10c364fadbbb85ddb110fb18cc58ffea9efd2fa3398ad7bfff9df3833a132c24a05316813507cfddb110fb18cc58ffea9efd2fa3398ad7bfff9df3833a132c24a05316813507cf2205693a5fa6a8b9e408b24e9dc938f74f6250a1212c5fe5bcf31f09be16d936d0c6cd766cec0aaae6f5ecde04f9b159f51369b1c1ab07573ccfdce262b8fa25d0c6cd766cec0aaae6f5ecde04f9b159f51369b1c1ab07573ccfdce262b8fa255b6a1486c4c1ce533b146cf455c599d5ef8eec94a8eb9821a847985c12e3ddcd9161a49c21d6ebfbc90feeadbb5a30e2e873d5993f67581673e81b8000d3cf859161a49c21d6ebfbc90feeadbb5a30e2e873d5993f67581673e81b8000d3cf859547e4f72af28ec4262f88a00b6d2eb912ff49e2f5b3aa16b5a50a3230964d8356fe0f6fc561139c5037280fa4a2a465315c672d2be2d8a36cd1ac8f95c5593256fe0f6fc561139c5037280fa4a2a465315c672d2be2d8a36cd1ac8f95c55932360ba16e412f9d00617baa89c0ca476d49576a34bfff026cebebc71e630505a9439209e396ffc719653b0a7f5cc9966d63ea961ab355b1332186e829bb813b31439209e396ffc719653b0a7f5cc9966d63ea961ab355b1332186e829bb813b312f28b22cc571ed211824ac750e2c1b98574748f90829a7b01efd0ddfce6cbf322725bfe09346e82aaf435eb0b4b81ad11926c49ca2a9e92793d6237bdfeec7b02725bfe09346e82aaf435eb0b4b81ad11926c49ca2a9e92793d6237bdfeec7b0cdb0fcb4cc54d55fe963aac128269754c09f8583afa00b445926951e5fb5118bf2cb089775b27c71a042a0e67253166d4ec0410209497e92e025118863b7442df2cb089775b27c71a042a0e67253166d4ec0410209497e92e025118863b7442d4b09f3aaccecb4a434d94937cb737b65767f7b595cd51a3fa48fcaddbde984e34aa21e68968fb62d96f4df3d448e0ae7d3e2ab15eaca084d27a969305cd668a44aa21e68968fb62d96f4df3d448e0ae7d3e2ab15eaca084d27a969305cd668a4b4c15f951994f60a263b271323e31896e8f6e049135c9f5904d8a877ee8ea8acb75656424c5bf43f89dfeefbfbac35b558d6b3449f59cbd690c86243f43cc850b75656424c5bf43f89dfeefbfbac35b558d6b3449f59cbd690c86243f43cc850cdb5a419bd0bb4b98221fa23a480c7a92733824b259b8bfefaac5da7517643dbc9cf041ba8f0123f6955e691aa3703e5afba7acc3ee3cc83c0ea17e31efa82d7c9cf041ba8f0123f6955e691aa3703e5afba7acc3ee3cc83c0ea17e31efa82d7rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpython-2.7.18-150000.60.1.src.rpmpyth_tkpyth_tklpython-tkpython-tk(x86-64)python-tkinterpython2-tkpython_tkinter_lib@@@@@@@@     libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.4)(64bit)libpthread.so.0()(64bit)libpython2.7.so.1.0()(64bit)libtcl8.6.so()(64bit)libtk8.6.so()(64bit)python(abi)python-baserpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PartialHardlinkSets)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.72.7.183.0.4-14.6.0-14.0.4-14.0-15.2-14.14.1ee eeRd˖dD@dq@du@dtdm@dxdc>@cӼc0c|ck@c pcbbb@b@b@ba@a@a(@aim@aI@a'@a#aj@a`t`8`_T^J^@^@^>^>^;^8 @^.^g@^ @]f@]@]]]d@]d@]@]z@]V]y@]9]1]\t@\\7\7\\J@\J@\C@\2[[#@[6@[@[ @[Za@Z@ZxG@ZtRZp^@Z CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (boo#1189241, CVE-2021-3737)- Renamed patch for assigned CVE: * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch (boo#1189287, CVE-2021-3733) - Fix python-doc build (bpo#35293): * sphinx-update-removed-function.patch - Update documentation formatting for Sphinx 3.0 (bpo#40204).- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in request (bpo#43075, boo#1189287). - Add missing security announcement to bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch which fixes http client infinite line reading (DoS) after a http 100 (bpo#44022, boo#1189241).- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336).- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution.- (bsc#1180125) We really don't Require python-rpm-macros package. Unnecessary dependency.- Add patch configure_PYTHON_FOR_REGEN.patch which makes configure.ac to consider the correct version of PYTHON_FO_REGEN (bsc#1078326).- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).- Update to 2.7.18, final release of Python 2. Ever.: - Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben Caller. - Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators. - bsc#1155094 (CVE-2019-18348) Disallow control characters in hostnames in http.client. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host. - Fix problems identified by GCC's -Wstringop-truncation warning. - AddRefActCtx() was needlessly being checked for failure in PC/dl_nt.c. - Prevent failure of test_relative_path in test_py_compile on macOS Catalina. - Fixed possible leak in `PyArg_Parse` and similar functions for format units "es#" and "et#" when the macro `PY_SSIZE_T_CLEAN` is not defined. - Remove upstreamed patches: - CVE-2019-18348-CRLF_injection_via_host_part.patch - python-2.7.14-CVE-2017-1000158.patch - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch - CVE-2018-1061-DOS-via-regexp-difflib.patch - CVE-2019-10160-netloc-port-regression.patch - CVE-2019-16056-email-parse-addr.patch- Add CVE-2019-9674-zip-bomb.patch to improve documentation warning about dangers of zip-bombs and other security problems with zipfile library. (bsc#1162825 CVE-2019-9674)- Change to Requires: libpython%{so_version} == %{version}-%{release} to python-base to keep both packages always synchronized (add %{so_version}) (bsc#1162224).- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug "Python urrlib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)" (bsc#1162367)- Provide python-testsuite from devel subkg to ease py2->py3 dependencies- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch off tests coliding with the combination of modern Python and ancient OpenSSL on SLE-12.- libnsl is required only on more recent SLEs and openSUSE, older glibc supported NIS on its own.- Add provides in gdbm subpackage to provide dbm symbols. This allows us to use %%{python_module dbm} as a dependency and have it properly resolved for both python2 and python3- Drop appstream-glib BuildRequires and no longer call appstream-util validate-relax: eliminate a build cycle between as-glib and python. The only thing would would gain by calling as-uril is catching if upstream breaks the appdata.xml file in a future release. Considering py2 is dying, chances for a new release, let alone one breaking the xml file, are slim.- Unify packages among openSUSE:Factory and SLE versions. (bsc#1159035) ; add missing records to this changelog. - Add idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830)- Add python2_split_startup Provide to make it possible to conflict older packages by shared-python-startup.- Move /etc/pythonstart script to shared-python-startup package.- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes bsc#1149792- Add adapted-from-F00251-change-user-install-location.patch fixing pip/distutils to install into /usr/local.- Update to 2.7.17: - a bug fix release in the Python 2.7.x series. It is expected to be the penultimate release for Python 2.7. - Removed patches included upstream: - CVE-2018-20852-cookie-domain-check.patch - CVE-2019-16935-xmlrpc-doc-server_title.patch - CVE-2019-9636-netloc-no-decompose-characters.patch - CVE-2019-9947-no-ctrl-char-http.patch - CVE-2019-9948-avoid_local-file.patch - python-2.7.14-CVE-2018-1000030-1.patch - python-2.7.14-CVE-2018-1000030-2.patch - Renamed remove-static-libpython.diff and python-bsddb6.diff to remove-static-libpython.patch and python-bsddb6.patch to unify filenames.- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in python/Lib/DocXMLRPCServer.py- Add bpo36302-sort-module-sources.patch (boo#1041090)- Add CVE-2019-16056-email-parse-addr.patch fixing the email module wrongly parses email addresses [bsc#1149955, CVE-2019-16056]- boo#1141853 (CVE-2018-20852) add CVE-2018-20852-cookie-domain-check.patch fixing http.cookiejar.DefaultPolicy.domain_return_ok which did not correctly validate the domain: it could be tricked into sending cookies to the wrong server.- Skip test_urllib2_localnet that randomly fails in OBS- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) Upstream gh#python/cpython#13812- Set _lto_cflags to nil as it will prevent to propage LTO for Python modules that are built in a separate package.- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised.- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch removing unnecessary (and potentially harmful) URL scheme local-file://.- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised (CVE-2019-9636). Upstream commits e37ef41 and 507bd8c.- (bsc#1111793) Update to 2.7.16: * bugfix-only release: complete list of changes on https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch which are fully included in the tarball. * Updated patches to apply cleanly: CVE-2019-5010-null-defer-x509-cert-DOS.patch bpo36160-init-sysconfig_vars.patch do-not-use-non-ascii-in-test_ssl.patch openssl-111-middlebox-compat.patch openssl-111-ssl_options.patch python-2.5.1-sqlite.patch python-2.6-gettext-plurals.patch python-2.7-dirs.patch python-2.7.2-fix_date_time_compiler.patch python-2.7.4-canonicalize2.patch python-2.7.5-multilib.patch python-2.7.9-ssl_ca_path.patch python-bsddb6.diff remove-static-libpython.patch * Update python-2.7.5-multilib.patch to pass with new platlib regime.- bsc#1109847 (CVE-2018-14647): add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo-34623.- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance of PyWeakReference struct and does not intialize wr_prev and wr_next of new isntance. These pointers can have garbage and point to random memory locations. Python should not crash while destroying the isntance created in the same interpreter function. As per my understanding, both wr_prev and wr_next of PyWeakReference instance should be initialized to NULL to avoid segfault.- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746 (CVE-2019-5010). An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.- Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros.- Add patch openssl-111.patch to work with openssl-1.1.1 (bsc#1113755)- Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802]- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS (CVE-2018-1061). Prior to this patch mail server's timestamp was susceptible to catastrophic backtracking on long evil response from the server. Also, it was susceptible to catastrophic backtracking, which was a potential DOS vector. [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]- Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this check, attackers could cause a denial of service (divide-by-zero error and application crash) via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207]- Apply "python-sorted_tar.patch" (bsc#1086001, boo#1081750) sort tarfile output directory listing- update to 2.7.15 * dozens of bugfixes, see NEWS for details - removed obsolete patches: * python-ncurses-6.0-accessors.patch * python-fix-shebang.patch * gcc8-miscompilation-fix.patch - add patch from upstream: * do-not-use-non-ascii-in-test_ssl.patch- Add gcc8-miscompilation-fix.patch (boo#1084650).- Apply "python-2.7.14-CVE-2017-1000158.patch" to prevent integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution. [bsc#1068664, CVE-2017-1000158]- exclude test_socket & test_subprocess for PowerPC boo#1078485 (same ref as previous change)- Add python-skip_random_failing_tests.patch bypass boo#1078485 and exclude many tests for PowerPC- Add patch python-fix-shebang.patch to fix bsc#1078326- exclude test_regrtest for s390, where it does not segfault as it should (fixes bsc#1073269) - fix segfault while creating weakref - bsc#1073748, bpo#29347 (this is actually fixed by the 2.7.14 update; mentioning this for purposes of bugfix tracking)- update to 2.7.14 * dozens of bugfixes, see NEWS for details * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664) * fixed segfaults with dict mutated during search * fixed possible free-after-use problems with buffer objects with custom indexing * fixed urllib.splithost to correctly parse fragments (bpo-30500) - drop upstreamed python-2.7.13-overflow_check.patch - drop unneeded python-2.7.12-makeopcode.patch - drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch - Apply "python-2.7.14-CVE-2018-1000030-1.patch" and "python-2.7.14-CVE-2018-1000030-2.patch" to remedy a bug that would crash the Python interpreter when multiple threads used the same I/O stream concurrently. This issue is not classified as a security vulnerability due to the fact that an attacker must be able to run code, however in some situations -- such as function as a service -- this vulnerability can potentially be used by an attacker to violate a trust boundary. [bsc#1079300, CVE-2018-1000030]- Call python2 instead of python in macros- Fix test broken with OpenSSL 1.1 (bsc#1042670) * add 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch- drop SUSE_ASNEEDED=0 as it is not needed anymore- Add libnsl-devel build requires for glibc obsoleting libnsl- obsolete/provide python-argparse and provide python2-argparse, because the argparse module is available from python 2.7 up- SLE package update (bsc#1027282) - refresh python-2.7.5-multilib.patch - dropped upstreamed patches: python-fix-short-dh.patch python-2.7.7-mhlib-linkcount.patch python-2.7-urllib2-localnet-ssl.patch CVE-2016-0772-smtplib-starttls.patch CVE-2016-5699-http-header-injection.patch CVE-2016-5636-zipimporter-overflow.patch python-2.7-httpoxy.patch - Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1. (dimstar@opensuse.org)- Add reproducible.patch to allow reproducible builds of various python packages like python-amqp Upstream: https://github.com/python/cpython/pull/296- update to 2.7.13 * dozens of bugfixes, see NEWS for details * updated cipher lists for openssl wrapper, support openssl >= 1.1.0 * properly fix HTTPoxy (CVE-2016-1000110) * profile-opt build now applies PGO to modules as well - update python-2.7.10-overflow_check.patch with python-2.7.13-overflow_check.patch, incorporating upstream changes (bnc#964182) - add "-fwrapv" to optflags explicitly because upstream code still relies on it in many places- provide python2-* symbols, for support of new packages built as python2-foo - rename macros.python to macros.python2 accordingly - require python-rpm-macros package, drop macro definitions from macros.python2- initial packaging of `python27` side-by-side variant (fate#321075, bsc#997436) - renamed `python` to `python27` in package names and requires - removed Provides and Obsoletes clauses - dropped SLE12-only patch python-2.7.9-sles-disable-verification-by-default.patch, companion sle_tls_checks_policy.py file and the python-strict-tls-checks subpackage - dropped profile files - removed /usr/bin/python and /usr/bin/python2, along with other unversioned aliases - rewrote macros file to enable stand-alone packages depending on py2.7 - re-included downloaded version of HTML documentation- update to 2.7.12 * dozens of bugfixes, see NEWS for details * fixes multiple security issues: CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) CVE-2016-5636 zipimporter heap overflow (bsc#985177) CVE-2016-5699 httplib header injection (bsc#985348) (this one is actually fixed since 2.7.10) - removed upstreamed python-2.7.7-mhlib-linkcount.patch - refreshed multilib patch - python-2.7.12-makeopcode.patch - run newly-built python interpreter to make opcodes, in order not to require pre-built python - update LD_LIBRARY_PATH to use $PWD instead of "." because the test process escapes to its own directory - modify shebang-fixing scriptlet to ignore makeopcodetargets.py- CVE-2016-0772-smtplib-starttls.patch: smtplib vulnerability opens startTLS stripping attack (CVE-2016-0772, bsc#984751) - CVE-2016-5636-zipimporter-overflow.patch: heap overflow when importing malformed zip files (CVE-2016-5636, bsc#985177) - CVE-2016-5699-http-header-injection.patch: incorrect validation of HTTP headers allow header injection (CVE-2016-5699, bsc#985348) - python-2.7-httpoxy.patch: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (CVE-2016-1000110, bsc#989523)- Add python-2.7.10-overflow_check.patch to fix broken overflow checks. [bnc#964182]- copy strict-tls-checks subpackage from SLE to retain future compatibility (not built in openSUSE) - do this properly to fix bnc#945401 - update SLE check to exclude Leap which also has version 1315, just to be sure- Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1.- add missing ssl.pyc and ssl.pyo to package - implement python-strict-tls-checks subpackage * when present, Python will perform TLS certificate checking by default. it is possible to remove the package to turn off the checks for compatibility with legacy scripts. * as discussed in fate#318300 * this is not built for openSUSE, but retained here in case we want to build the package for a SLE system- python-fix-short-dh.patch: Bump DH parameters to 2048 bit to fix logjam security issue. bsc#935856- add __python2 compatibility macro (used by Fedora) (fate#318838)- update to 2.7.10 - removed obsolete python-2.7-urllib2-localnet-ssl.patch- Reenable test_posix on aarch64- python-2.7.4-aarch64.patch: Remove obsolete patch - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64- update to 2.7.9 * contains full backport of ssl module from Python 3.4 (PEP466) * HTTPS certificate validation enabled by default (PEP476) * SSLv3 disabled by default (bnc#901715) * backported ensurepip module (PEP477) * fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 * dozens of minor bugfixes - dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch - dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it with ssl module from Python 3 - libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well - python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional "import ssl" from test_urllib2_localnet that caused it to fail without ssl- skip test_thread in qemu_linux_user modepyth_tkpyth_tklpython-tkinterh04-ch2a 1706859762 !"#$$&'((*++-..0113446779::<==?@@BCDDFGGIJJLMMOPPRSSUVVXYY[\\^__abbdeeghhjkkmnn2.7.18-150000.60.12.7.18-150000.60.12.7.18_tkinter.solib-tkCanvas.pyCanvas.pycCanvas.pyoDialog.pyDialog.pycDialog.pyoFileDialog.pyFileDialog.pycFileDialog.pyoFixTk.pyFixTk.pycFixTk.pyoScrolledText.pyScrolledText.pycScrolledText.pyoSimpleDialog.pySimpleDialog.pycSimpleDialog.pyoTix.pyTix.pycTix.pyoTkconstants.pyTkconstants.pycTkconstants.pyoTkdnd.pyTkdnd.pycTkdnd.pyoTkinter.pyTkinter.pycTkinter.pyotestREADMEruntktests.pyruntktests.pycruntktests.pyotest_tkinter__init__.py__init__.pyc__init__.pyotest_font.pytest_font.pyctest_font.pyotest_geometry_managers.pytest_geometry_managers.pyctest_geometry_managers.pyotest_images.pytest_images.pyctest_images.pyotest_loadtk.pytest_loadtk.pyctest_loadtk.pyotest_misc.pytest_misc.pyctest_misc.pyotest_text.pytest_text.pyctest_text.pyotest_variables.pytest_variables.pyctest_variables.pyotest_widgets.pytest_widgets.pyctest_widgets.pyotest_ttk__init__.py__init__.pyc__init__.pyosupport.pysupport.pycsupport.pyotest_extensions.pytest_extensions.pyctest_extensions.pyotest_functions.pytest_functions.pyctest_functions.pyotest_style.pytest_style.pyctest_style.pyotest_widgets.pytest_widgets.pyctest_widgets.pyowidget_tests.pywidget_tests.pycwidget_tests.pyotkColorChooser.pytkColorChooser.pyctkColorChooser.pyotkCommonDialog.pytkCommonDialog.pyctkCommonDialog.pyotkFileDialog.pytkFileDialog.pyctkFileDialog.pyotkFont.pytkFont.pyctkFont.pyotkMessageBox.pytkMessageBox.pyctkMessageBox.pyotkSimpleDialog.pytkSimpleDialog.pyctkSimpleDialog.pyottk.pyttk.pycttk.pyoturtle.pyturtle.pycturtle.pyo/usr/lib64/python2.7/lib-dynload//usr/lib64/python2.7//usr/lib64/python2.7/lib-tk//usr/lib64/python2.7/lib-tk/test//usr/lib64/python2.7/lib-tk/test/test_tkinter//usr/lib64/python2.7/lib-tk/test/test_ttk/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:32348/SUSE_SLE-15_Update/5d2651117c609f53a24e73fac8becd14-python.SUSE_SLE-15_Updatedrpmxz5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d1bc2c2cd86af895356808989d0a486872f878f5, strippeddirectoryPython script, ASCII text executablepython 2.7 byte-compiledASCII textemptyPython script, UTF-8 Unicode text executable  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR\o'p}*utf-8471927f45c84c76e641294773b0cb5211fd6bdf836388934cfa802674e8363af?7zXZ !t/u89]"k%a) \/sɝoec56 ^hDьFu^ek8eQf$jGcY盡yMtFP`HwUŨ2f/[P5 7 :,ԝqt8"XP|2&(S%%$- Ema4 a/^M(9C*m;3P$D W?kR,W"ixGԒA/%ܗTT';u.tjMc <+.W5Ol !K_aw]K9k͘%@DT5|n(ڮU8f! w`T_B#` SəEc$\?J y՚:Z+V1h-Fݍ,GDd㋠cAqL'k\t )!Ϙ"±Y *m]¢etP #\ٻhDEU-I k]aU IکKZ \#lL' |qEI敶J {l@-1j: rhi l5raxR=}uq{cYN'O]-lo!!ҌHY"6U+=ߟØ1CЁkI@=? Nww1!1u{TN/N ) u-N5lbwnLQ.M(^rsKsJ,F9)}؏_)!^"^Gj T68":QayA8kBma1sg˿0*< :"Br*h*çI|l1뻊$uc68p**V`Zcn[= 2}`avG uq?h,,i)_J՝fZyڝV9JAo(Dh21|w%'M5g!-U)g3*ljȡ[otNJn.8BhУɷV1i)<0:YhF{N9R/o8mkeUfh,'j-YӍ$RV^9X2! `aCėsOVAYXkp+V ;Vr0;RY6VW:DrQM ;v4ӿf"c6:Zdž)ai_O>4;+fmE~v퐌(nY{q+O*1(W` J%~mX XDucC+m{/?dRO4\AFP]渽 0~Oqƀ0-@I7DQ1@_zuW +){K G^3ln¤S{pE!Ň<CV &þ^2it. $@h>~`qʳC "Qn͟=:8=.v<Xy=ުg])i)t,CfaZЃaL ˿^E ~2~r{X a_#h~Nz tN:/*t DO~8y1411*ϩ{)tgRD* Km?9V z,)>Sjv&0p =ʑb\1uwA?k0l/ ~l7> .ԏȆ䎝i۟`rLbZNqN=!ܔ[Mɺ*S3BKdH.X|`*/3U -X`훶Ѳ|XUpTgI\ABH Qe ó/^ saJmi; tPа`ǔcRjvXj{97^SP~wCQ{wm,5)~]['$[Mw1`hӳꤺiqbY[" 9k4%9=5Xa6_SM@66ڶ]&t2~\Dٰ^AEo-;:7ۮn.%Y(D-.+.m GPfZJ-*("cv2x+B8u ;ﻹ{ YThTd~cfX[81Rg/9TNʮ6qyqaȂ#sp=0~=ʑ8xJq` !B&"gEV U~%.cs$"@bx]lF Bf#ߨ lkzh|'XąU0Z8#Mveo0f[d`:!՚Ҁ|a5Xu4EWS QUvm>,WZT|5ƛX{za\3SQ`OwBQ׶2ugsU뺭^ P ѢbS&ە"wpbqr=6nPg& Hf54f$kB=˽f (Y͟uD.9Ej=I|/W@~V?drZFawmCy˩f_Y>6LOؑ?RtW@tNKV)Y~&g S\}QE.F ~!Xpn,o24°0h( CWMQ F3,_6dP'+&y+!JV:o2D`$?K^#}̫ic!\b^WQ^0oe@y sSRC&c*ws#\ǺNg/2qIAiomFۜƒh͸0q,(XXAϯ|QA)b]p'kVi]R :K(@ Ku? l]=z@ OSp%m˪2)^ELSX\uoI-  X#>)m07-FcDA˅l<~zBTmP%vqdZ:H({<΄eO/AFU8{]b}[x&lb`tqgTƁhMA!`(rTqr@*˳. @sJ)n8KϤ \zʐNyH}_t/Dܣö}Q6*gMx%jڻoW]cxNE m:eމ[5CJ"umط'oxX4ʨOdgl>B!Wf:rR^^P>$*-mYe6 ;r IQ9RK;)s]{r7o^w2@²l y|Y&ovF>CB4-8aNx9r:Pm%<Mk IvV9T,K bAޝ?;#TeL%AañH\Ca_i6\ukbs{gC|ajKon UE0ٔ}I~Z-n9~`maCgil7o*!٬ ؚӻ/Jxc^ 滴tDN~1.,Z̲ }{M&ܐr~TM3ԂzT`Aw~>e%B`zoda Oq qe y 77K"CNJc,QE f@]on}H*6h6#ZFw֪RAs]f{[bJN<{2fAI&V QBj䩻掵T{G{ޮT @ rɴ] aD*=bcV2zC"ϜG]4 5 Q-;dGbe^0}pLI2[p8lWo98k0kDw 6>SI)|.>FU}'85(`tG%MH:G![A=C +*J[?b $mBd%J05C~4 ^1CSG=!|]s7KHa%F:M[ّ*ƍ)$3 iCX0yQ j\@ )TEI5w4fFX ~J4wyˆBȤfl $q GXq!rf ק$1MbW1_^ą /^k+b V?#&|. In_=D V%z ) l|R"E}fTyz`0 ,NSj|LjP#G~ЖVf[kI3H$ުK2"A+>,pF*'*bD] !&T63 HtZ(DpZ]D+=k4K+s8lcK..HpGccٍQ_Γ.M I{ެ|`o*YX=7wU ΕS)w!BD &:6w VeV#hWʔ)!6Wk]B{]3"7Ћ_R+v{fy ]E ]eIz~/^hl"NV3SSKy"iX ,i< 8dUZ2<&3xB*шoۍ:L CJe/J`V!rZ~aVUC" ۫Y*lJ\8罸I~6jy@SghL:if{Ss |)Fz|Y[+GHK37,~:랯O\ ʷv0aXX0hĢ:?/&l/s4R5nSNNH ؃n"X- -ӫjm0 3XP#׹>;Pfǣ!`P- XXF&ҁnc!5%mJ0bfgd: v`Lfb&j-;ݧRFn|jPs?Dp^[˒ٚjt.+XV-M?>P#L7W%Ze,G,]؝6$of2&<. g[Mwې9i:ZLžLB 83 yd{mZfRNpIXVlS6nǍ?!svt /EB~B~icjs|͆Wb.~bxgz:e @F .պ}+ +KUOk,2A_WdY*;IsD&T gAIiPxl{%Y[F&ʣiϵPl%D3j;6Ho=g= "h/牤VpꫧU@H"o>Y} B)בGݘ}%2jq' BC74hKθm7Ish ԕ{|hQD{::X 3GHpkrvM?}PDGtYo_TLJ@v_^kR*=8HŶ<506b͢"湒t.37ab쌥$:Q|Bz ]ZŻh|Tc?6S򸼊Vu;6B]dtxS\i:3ns쉔Fԍu:"˲"G 3Xaj0WEB .k,``s&Ҳr̲.g!vFnHWN$Aݯ@È^3IuR {ӧNեҡn1P 1g\<@WBe#Ib8zmKS \;U旂 l6qĬ ڵEpxCrUɯ u!4={[#W9Ve]P#R@t~ǧ$^1(pXy5C̘DŽ)eKb0^7S "_p%$;y1?&W2Q8KeֿiwޫO'.?>;j.gY;@,Rqt3#?J7O\feL5O 0uP4wAߗAzaϝۢALGұ[?-2 OOLmu) T,THJN2+POq*ԐJ;QurIȠU>)^9{?2z^i[&3=#=9&OBR&Kcg4L1.M[\RT€8H*'e%7!J#3[FE^K7C޽r+i yvwF#)~ӍgSjqx;tL8 Nv+C Cl"~znIq8H4G\~,ٺ6!PTX4'Hф Yz.O G& Nztb)73=amYɏ EJ ס;ldu I~]WwATPC(4d] ,!`c'~FeuUTnnL4>I *( jF.yj!U6s%QdqD%r r6E!O'i5G<9I_&D)ﱺފdLEUZ:`90HO)u3bV.dxcj+:Lq!1Wl#P!{膤sdw.+!%$񘤖ͨV-FU CLtaLO2 dҞoEwVʾ-0J]0@Q6Tjo:T|" _:m(s[h,ֺ1$L6]Ð6dKV6<.`[(̙ _&㕱jottӬu`g?;2лe:ŕxTr T en+֭WΧI75SZ:|!t RpڮZ3r˂h5LG=giY"R')(# (JOuR9 t+0t< J V аʧ/^gaC}2a09$+Jw521V'LUHCDa}5<#h6@ƢJI)*f 9#-Rˬ@?$}~{qsnKl_L%gB:iV_haee6+^\jRy]+:1xUD8w,Wa8+ u\LZāJ >PS5HG x`20I!x0~S]SX%_{@7e\%mt)I22QiP״%~>ffFtYB${K 'TC: JG#< Uˆ#X=CQudZj^!O04НR ڎsjUuUjDkVBk hf7%i>90ijdiK b`U>&/LVݮyGL4>5mH/tlo!2Mtk}`DXzA*ԔP /#V#YdV(Q@ * Mw]raғGXsyqtN&I> ŭ#vؘ`ARӮ>waZ6]~N; R?ڗ*hM+'  셦;10eP.KY+$S;(Wk5I'2FJa NJ@R)r`lt)8/:IL3 d!(MZ}6-aCd6RyŰA:XYxbvE1&D@aN=26)5]zQ"EԖ}&UⓇS #? nºPHw!#:OD Τtk۶3Pe Y$q`Q6ψ/ɒ3ϨڪK٘@>EIn%cR Syx}b, _;oG.g]V9ܺʒ 7m3ިyG7kiTN"eI1}Ѕ3yxhFa>뵢}F 誈d+"2}i>R24Ha+~"W쉯 õ%\J|u%IሰaȷZ2T䧕dZgsZZy HʫoxO"bgLRP9^E!73X[ 3\1 5C~^_Ws& dņNkz%7HؓJd˗{Eԓ/)JDZE 5Z~zuah*ǐ=׆77nG9nFz5!;aH~H?Fe#HY`CёWe'IKIn{_"iH~s~y8Fz}A&v@b;mYH0PMn+GҀ+ɋu$!9Tsq_P(Nl֟Ͽ4ń*`ÿ +Ɂ1 e!4; .+Q | F`Xa{4ayɶ q\y)'ϰH |Um#Y ">_=Jͻzֱ&5%p.jAv"o Z d?@1󋺁Ks6fQs9#dnG{Rw Q陰 2jdǨX@z>62!$OǼE΁Qigez(eB 5=$>tXpٖ(#-dn_X|m7H=fV5!*QHk xG\N)5({.APЭyE|_p\܈ioU Nz3rav5F,k^[̎%뙙X H|KZo#қ" =-aۃn7 Ԟfùzտ59ax?LW%!<]ͤbLR-Vr6H(l SMO(e @w?`P1xV e$hW?0viG^g6֢~ӞސTn셩X$[j{h(t3t@FYCpG3zL9ˣb<4`v)@^s i.efOupwjlHOz'\hfG79_$?v$ /A[ź't6 ELTF׺<,|X:Ypk{VHYOTi6z|{D!W 8+,v.5@VO~Z u>d:Ӫm8^Ճŋԫ,[1:t} 2@*l]?aeϏ-=p5[t66д(ݧ+0:Fփo(jGXdeY]o=UŪ݃"UɧyGr=*&֌IU`2ZJtWt_[z/.։~ƃҪ¡\Ju8