python3-devel-3.6.15-150300.10.72.1<>,/xf6p9|gQ^Yp$۲gH֘F9gg:{ t+ED>>}u$OIq{(F;X7q7hKj6|Utۏd3oL"1(8g7wpC4'\.u[Ғ^`AD?4d & h-NY o{~~ ~ ~ ~ %~ &l~(d~*~-P-|~/t0081](18193:=BFG ~H~I~X|Y֘Z[\~]~^޸ bcudeflu~v w~x~yz0Cpython3-devel3.6.15150300.10.72.1Include Files and Libraries Mandatory for Building Python ModulesThe Python programming language's interpreter can be extended with dynamically loaded extensions and can be embedded in other programs. This package contains header files, a static library, and development tools for building Python modules, extending the Python interpreter or embedding Python in applications. This also includes the Python distutils, which were in the Python package up to version 2.2.2.f6h04-ch1b jSUSE Linux Enterprise 15SUSE LLC Python-2.0https://www.suse.com/Unspecifiedhttps://www.python.org/linuxx86_64 pW [vB w !L9t$  WUs   7 T&f# ]7# Ej $(CC !+ x!mk+~ u  IK<  ?s 2 :G) UaPA큤mA큤큤AAAAf6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f6f67817a7ef1096dcf1d438467a6f330363b09ab113e37485584a675e979d20597f6d88b06b822b72876dcbc89b529809e937b83d0cb6a681f14de7fb5f36907a20ee74dbf61abc57f7620fc6eaf31517b92f737b5ba64d78a281c5e42a28a15edb5bb332ce29b211d78f49df318ad1225a22b325bacf5feb2513109c9484fa32496c606145ccfc8a7794680d93bc87cdfc89eb1d36bcb50478e441feb138b66ee8f228e11c63ea63b2db1076de50c9521364aafac87f8a7ce2ac12cc3b0b2c63dfa69a187d5b752b23d616e4608a600fbcd46db65ef1cb85ad7e4acc19d532c664afbbf716c0d6d777ae4c4e30121b1cdb00c5f09f478bd815d45d87654ed232e81b5101b4b85409fd910032713906800bbb83580503036469c2a60ac8e80b8f72d6db52644f2c3aacdfcc393c9999590c12dfae291fa343ee0e089ffc28400e34c2fae54e6f08d924d2ddf0cb3b58ca6544de18b4fd301303b6807cb4843362b20a8af85683ede589beba4b8fab2fcf03c651ec93adc651e65dcf561efb8ddcb1f8211dcf2d2a8b0fe155e8c879c1af2d0c0a9934a57bac1340ad210b0af7125db5d866a90e3bd7de6a861b30ed534308108f8e18b6c48a74e3cedc6676f0812727e638e478bf620e9b2d9a274aec26020e3f6992e0507273152a434d64d2d5e1a7736fd5f486412c23dbbe39dc80098736e208bb0889991d051ae91effaf0792a5a058193d88861991c91ec626ecee4f1dd756d7f618f0efbf6b976eba2e6a6dd84f5b3738836973013339dc320c296355246169ebe5ebe2251516b4bb4357f1fd63389430974ea9b099ccfe8a0f8b5e4a0f502427ae6540c0e0534cd2ec027773ea409a055eeb2b5d02a25adba73149c7c99903c9c7fdd942ddeb19e088393df74adfc023024aecb15ba770c2f68ee82663afcc5b8aa58a2d51f3f74a8a78913cc59abfac2a7c082d28c10c1cc0f18d1a4df9c4f2a6682bd06dd7bb62a6559a120a597401964c2235d7fe14b3cb006dbb88a383de4a1965256713ccc74cafe264d80ff78299f6e3b1ed91e1e6d3d2e5a430d6af1bbf23f36a0faeae9707706e73fe170efc01e7f2fcb4beb6060614619235be070494a106479987348515b6a72244fe250db9995068fe74dce0e23fd70c12b03fd94751d98b773be8f64896b65a1a57a1fc93ca954d0027217a3917c7ca8e359919843dad36cd044fbfe0c54ad0d89dff4ab88a71ca1a26ce5bc989a3b8586d12a364a859135a6cf61bc8db7100310c0c97da7072380e0e8cfff7b9052ab440a9d5b84e7dc6808c82d2dcee078b377a9dde743af7824037e0f30486b80088bb4987f363cd5b3c50bd32b4b599da532654c9b30d080400a573e3c1d089c2781652767f743746b6a1a807ae083c52d61cfa0ca8834e9cd04cc460c73ace0edb965abe821ef31e257908d062a18f9d89f6d57f4649c8323a3223e3fd4ad722e8f28537b1191824416f3b7927cac39493619036535b8346abbc03228b58fff3bc7542fdf0ad2e5224c4fd0ac805b47262f9d560c4e15df552d52186188141260d12f18afb5baaab41b8fbdd86e369774bb352958f95af4cbd83ba07583d8da1d49ef8ffa6ea2e4dad25f503d562885cc47fae1324b451495e8e5ef49e2afb699b9ea60cd88bb922f6951082ccea637302d5e451af094ec43d995bbd44cf34c45903893470f6233b0339045471cafb170d0ee46a31c6fed1b62c63381fdb0388aa8d7df432cfcf567c65c666aeba255d836f77801da70dc40fa164a0d004287b2629c0e9facf203a26c462f5391d9870bd46d6341525fcc78a90f26786d632a84fd0bd591149e9850c46c5e0e624f13fe79d35ab3ca11b70212d3538d74e74084aaf86e2210754723255d98f07cb1606ba6a68154f85951794529465a07e07444fb852440059a398c98344004a27f5d88a9777e274e49fbe6f2d0d00dc5794ec44fdebd18589ef0092b4d080d9dd6232ecdf966c2744d6ce8ac2b891662b88339a99324e8dd105f7b3076830dfe7c8618c4db70ad5f55b1632691b73873b765afcd0c3235898b14a6f51731b65861ccff0f43c74ffa425235af0b32966d450e302621ab5315b58fd2067d66be56aef135b8f6c84e6ddb60c17a170588da9925535c8aeeb90b5b164859b97bd9fa1a7d282d6d0c6493f56921c039bfa23fd38bc4a643ebb9ace07108d9b170900fbc8cdd0649b1fdd05cd330102d919c91bda82ae1b0f5fa1fbdf8a519376740361f1066a97cfa57d3683aafa767e5aff7bdd467c315ed5a22499aa52066252cd854b09213a63c5093afd3a65241242cc3a3ced72325640aa05374e600749b9efd6042bb0e3a3dbd90a00328494dc28c3187cbd9913e0bc914b3892a3dc86ad4e426308fe6e961abaf588f31870df5524620ec1c7fe5c487dbe2d324fce3eaeb13307f406ebc4064e654e91974b836376347a5dbfabfca3c2bd2099a8228ce66c6940c013935b48f48ca8ce249a4d482c55e3fb6f1cfe786c5a32a57969bb74a779d96e922c139363bc2b22d77dc59277c002ae1d2dcc3ff1786f2a629d2a15874ddc95039dbfd6391f28e66fbff5855ef464165489200f66df511db7b2f49a45e43b8f555eb83d0419232cbcb738a3f856433040833a798174007cf5e3a81b46901a3c9281d3654043f84937eb974a5c9c520c7af403cb2147e663ce1ae545568321922b0bf2456c23a859e872e35f329c491ad1179c6b5a1fa467a361d57c0dcc17766e5ed190f352fa3d59b57c40a824a6815b6846ece8eb382c100d5eca46bef0be875709f12f5461fae93ba1f06e61a6e7187321a36099573fb1dd6cf8ec38b89989ab01fc3759bb4393bccd1a3d836cd8c5cf9e616343ca5117ed72770c4a7bce3da369c479f665bbd5ff1389455fee515cbb1658547709261f8552eb6c0f5aa406eb5730a6c8981e7b6fb0299cfac60773e977a7867872a910fbe75bd2a8ef5207b2d001477268dd96ff32a83c2f7b0e58385c11ef447f081c5b884c24d2a1496bcd846b31123f77f85261ba30db4c96f81c4d9cabcacbf232d30713a94047d5af24285bbbe793f088c9236416ed2596c1c156c863044db5d9575f315a03314bde05b3b7d6dbff5b7565b71ef59a4ce1e796a549d28edb4c75a5cabd00fe969b52ad06966c916e8d2a777e3da039dc88c7af462106f3b4645fd848c93c4b57c9ff15aabb661930914793b53298f762a30b22ddbdd0ee77bcc8e0d6be0598730e687edad4ad455962f6e2b0b49651bc20702e685fde63c09deb906be5f47972171174ba772e44672e300e438f106cc946bfc1aa548200d61d9efaba3df0a87906a284cd2ccccbac21c5aa2ce5ea1d05d04a4b5e5038e5d55c7fab260ab30e2c9fce977024cf8e739c4e58727fa1510bc6f223aa5fd344c7d823a6d6dc847c500c926a046663faade4d35daebbc4f50614c2f628fb0097aad4cc1ed856a1c0c16c8063ac35eda62df3ab70bd116f3989b9d7be1a34d1670bc3ec0a6ccc18e09de2eecb212c40a9b50fcc959b67fba9a5bcfb23476115e1f8a2f0d7279286973d167afffd89a4fe40f4f5d9c4d5fe188093a5925c8a163ad5ec7dc3378439c4b7f401d8338fb6ecf5f12768ee95cd09c262f880b2ee522ca344b890dbdcde4c88814ef927caaa29a5a4b97c48c38a78485f15b3e1ec5d5ab35aca934377a917b9df98a492044f55cf016c008fef3181d77d13f1828b84625b5cb1f460e5f5ed2fd0dfe8f81b81c05cb2e25ac2b9800a5b73a0626b58ed3c944562f00ab40bf4875feaf4eb453936cfc98157a14aba4f04e715cb5189a8ebd1bda1aec10876eaec2ddd0a6701efa7987b1330f1336e96cde36459ecf5d911af8a9a36b53c42ab1080b0f9db9a4b14efed3cef52066866519f564d281e1dbf84fe8c24c660d31257bcf506cb23d86b81bcc6efa51b4ad9dfab67fda947753afcad33af2caf9b9b4ea7379a38902d5e9e40a69cb10f25e60e3bb2fdddec17b526824f5215fe68640b1e2839479e122db707ae8fdd8f29d861add05d902a1df191c88143850b355d98ccf286e9acfa1ef40a74917686f53797477196c1aa67d767fedaebca4dd23bd9f5837719f206f04c4569ac51be15ac4f3cefc956fa594847750db438421ce862a8539f48bdfe81695b3363981b0a25aecab8640f82c62668b4dd58c6dfd59795a6a5cadbf9165c37750df2374e117d0b38031f5d8b08b1bf9fc5593515002ef9d3104998a854161a4ddb2126aced3f8e8951ce0d1e20dbc2ad70cc6e4abf49205f56e201b471e84a7ab305b441dddd9694b32bf52bb595602e4724ea008863be9d95b982c2eda1116d30daa07ed26fd8e81cf1c58cc93b458ee5f8c431aec9f4a288021d7c33d0d3884e1933cae04d37488d58efe4a399f9348bc2ef17dd010a390c76b24d72ccbc90811b0e41627eff0f1bfed2ae4dfebbd22ac3dd80ecb098a0ec7454cfd73c853166e9950f87150f24a594a73cac388eb59bfe1f51315ada7b19aba768a6d1524c1d7d9f9673bf3bb61e809ea47f032e0d3341a572fd745ef6fd5f633ec303b2892549c43e42560ae5d9ec8017e18c18d6ef5f23c2f5d07d2c0f5854d2e5d361c4898605b63d7c7bb1953ec937ecf5f6b115d13c7fe7eae99461ea150edf1130f1e9b1f9b1067b3d60672fa1bf80e758e25f32abd7e8d7ff0a71d54d69575f9b0530a23d48352e7cdd61f87ae33f04c04b4144af60753237cfa71d37fe9b982de66be4c13e2cd7977b2fbaff115fb80357d6270c4982b2c0d29e734b34f3f8cb4a8c2b9305b6e7f378214ecd13928f2671db2c7ee0f7b37821fad4551b410aefe3ec1a5dab7970d83a81e7987827d973b5a19b8875abd0afb9f02112e3e3925517d294fbe26403a4df135618dbfc911cd911e073bef8baac92adf3cf516747616fbe142306be804c8a7a6da49b85e0e1763d0aa4465f9fb69cb12cbbe508c0a9e6834923ecfe37632b26257b716b4a98282e714f6ad7ce43264fcca727fb50dda4013f2dcaebeead76ee161a78f3ae4976eb6218cf5edf3a65a34b0b82e96f1835190afb86721307901765bb6b3a9e3933b20183f978372a2ba5fa698b62b36bdc9326da6d8681c7733d9ac03a874b40e9fe11a83cbf8a77python3.6-configpython3.6m-configlibpython3.6m.so.1.0python-3.6.pcpython-3.6.pc../../libpython3.6m.sorootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpython3-core-3.6.15-150300.10.72.1.src.rpmlibpython3.so()(64bit)pkgconfig(python-3.6)pkgconfig(python-3.6m)pkgconfig(python3)python3-develpython3-develpython3-devel(x86-64)@@@@@@@@@    /bin/sh/usr/bin/pkg-config/usr/bin/python3/usr/bin/python3.6mlibc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libpthread.so.0()(64bit)libpython3.6m.so.1.0()(64bit)python(abi)python3-baserpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.63.6.153.0.4-14.6.0-14.0-15.2-14.14.3fff@fIf@fz@fuk@f:f*Ee؈e4@d@dVA@dRLd>@d@c>@ccv"@ck@c[@c$e@cbb@b@a@a*@a*@aaaayay?@af@a]aLl@aLl@aA@a'@aj@```t`[``@``/@``U_T__@_v@_0@_0@_@_G@___P_P_m_O@_N7_L@_?@_>e_>e_=@_@_______^^g@^>^>^8 @^0"@]f@]+]@]m]y@]v>]8H@]8H@]1]]@\\8\@\E@\C@["@[6@ZZԐ@Zx@Z@Z@Z Z Zz@Zhu@Z`@ZLZ"Z }YYX@Yo@Y@YY@Y@YI@XӸXƉXXqX@Xv@W@Wx@W_W@Vm@VhV*!@VCV }@U@U@U@UU[%UT@UCjU@TeT;mcepl@cepl.eumcepl@cepl.eumcepl@cepl.eumcepl@cepl.eumcepl@cepl.eumcepl@cepl.eumcepl@cepl.eumcepl@cepl.eumcepl@cepl.eumcepl@suse.commcepl@cepl.eudaniel.garcia@suse.commcepl@suse.commcepl@suse.comsteven.kowalik@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.comsteven.kowalik@suse.commcepl@suse.commcepl@suse.comsteven.kowalik@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.comdmueller@suse.comschwab@suse.demcepl@suse.comdimstar@opensuse.orgmcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.comschwab@suse.deqydwhotmail@gmail.commcepl@suse.commcepl@suse.commcepl@suse.comdmueller@suse.commcepl@suse.comcode@bnavigator.demcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commeissner@suse.commcepl@suse.commcepl@suse.commcepl@suse.comsteven.kowalik@suse.commmachova@suse.commcepl@suse.commcepl@suse.commcalabkova@suse.comdimstar@opensuse.orgmcepl@suse.comdimstar@opensuse.orgmcepl@suse.commcepl@suse.comtchvatal@suse.comschwab@suse.demcalabkova@suse.commcalabkova@suse.commcalabkova@suse.commcepl@suse.commcalabkova@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.comtchvatal@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.commcepl@suse.comtchvatal@suse.comtchvatal@suse.commimi.vx@gmail.compsimons@suse.comadam@mizerski.plschwab@suse.debwiedemann@suse.comtchvatal@suse.comjmatejek@suse.comnormand@linux.vnet.ibm.comjmatejek@suse.comdimstar@opensuse.orgmimi.vx@gmail.comjmatejek@suse.comdmueller@suse.comvcizek@suse.comschwab@suse.dejmatejek@suse.comkukuk@suse.dejmatejek@suse.comasn@cryptomilk.orgjmatejek@suse.comjmatejek@suse.comjmatejek@suse.combwiedemann@suse.comjmatejek@suse.comjmatejek@suse.comhpj@urpla.nethpj@urpla.nethpj@urpla.netjmatejek@suse.comtoddrme2178@gmail.comtoddrme2178@gmail.comjmatejek@suse.comtoddrme2178@gmail.comjmatejek@suse.comdimstar@opensuse.orgjmatejek@suse.comfisiu@opensuse.orgmeissner@suse.comschwab@suse.dejmatejek@suse.commailaender@opensuse.orgrguenther@suse.comp.drouand@gmail.comjmatejek@suse.com- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent ReDos via excessive backtracking while parsing header values (bsc#1230227, CVE-2024-6232).- Add CVE-2024-5642-switch-off-NPN.patch switching off the NPN support eliminating bsc#1227233 (CVE-2024-5642).- Add CVE-2024-6923-email-hdr-inject.patch to prevent email header injection due to unquoted newlines (bsc#1228780, CVE-2024-6923). - Add CVE-2024-7592-quad-complex-cookies.patch fixing quadratic complexity in parsing cookies with backslashes (bsc#1229596, CVE-2024-7592) - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999)- Remove %suse_update_desktop_file macro as it is not useful any more.- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 (CVE-2024-4032) rearranging definition of private v global IP addresses.- Add CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch fixing bsc#1226447 (CVE-2024-0397) by removing memory race condition in ssl.SSLContext certificate store methods.- Add bpo38361-syslog-no-slash-ident.patch (bsc#1222109, gh#python/cpython!16557) fixes syslog making default "ident" from sys.argv[0]. - Update CVE-2023-52425-libexpat-2.6.0-backport.patch so that it uses features sniffing, not just comparing version number (bsc#1220664, bsc#1219559, bsc#1221563, bsc#1222075). - Remove support-expat-CVE-2022-25236-patched.patch, which was the previous name of this patch. - Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping failing tests. - Refresh patches: - CVE-2023-27043-email-parsing-errors.patch - fix_configure_rst.patch - skip_if_buildbot-extend.patch- bsc#1221854 (CVE-2024-0450) Add CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch detecting the vulnerability of the "quoted-overlap" zipbomb (from gh#python/cpython!110016). - Add bh42369-thread-safety-zipfile-SharedFile.patch (from gh#python/cpython!26974) required by the previous patch. - Add expat-260-test_xml_etree-reparse-deferral.patch to make the interpreter work with patched libexpat in our distros. - Move all patches from locally sourced to the branch opensuse-3.6 branch at GitHub repo, and move all metadata to commits themselves (readable in the headers of each patch). - Add bpo-41675-modernize-siginterrupt.patch to make Python build cleanly even on more recent SPs of SLE-15 (gh#python/cpython#85841). - Remove patches: - bpo36263-Fix_hashlib_scrypt.patch - fix against bug in OpenSSL fixed in 1.1.1c (gh#openssl/openssl!8483), so this patch is redundant on all SUSE-supported distros - python-3.3.0b1-test-posix_fadvise.patch - protection against the kernel issues which has been fixed in gh#torvalds/linux@3d3727cdb07f, which has been included in all our kernels more recent than SLE-11. - python-3.3.3-skip-distutils-test_sysconfig_module.patch - skips a test, which should be relevant only for testing on Mac OS X systems with universal builds. I have no valid record, that this test would be ever problematic on Linux. - bpo-36576-skip_tests_for_OpenSSL-111.patch, which was included already in Python 3.5.- (bsc#1219666, CVE-2023-6597) Add CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from gh#python/cpython!99930) fixing symlink bug in cleanup of tempfile.TemporaryDirectory. - Merge together bpo-36576-skip_tests_for_OpenSSL-111.patch into skip_SSL_tests.patch, and make them include all conditionals.- Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).- Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing gh#python/cpython#108310, backport from upstream patch gh#python/cpython#108315 (bsc#1214692, CVE-2023-40217)- Add 99366-patch.dict-can-decorate-async.patch fixing gh#python/cpython#98086 (backport from Python 3.10 patch in gh#python/cpython!99366), fixing bsc#1211158.- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix CVE-2007-4559 (bsc#1203750) by adding the filter for tarfile.extractall (PEP 706).- Use python3 modules to build the documentation.- Add bpo-44434-libgcc_s-for-pthread_cancel.patch which eliminates unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355).- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters- Add bpo27321-email-no-replace-header.patch to stop email.generator.py from replacing a non-existent header (bsc#1208443, gh#python/cpython#71508).- Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in the garbage collection (bsc#1188607).- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names.- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer overflow in hashlib.sha3_* implementations (originally from the XKCP library).- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix CVE-2020-10735 (bsc#1203125) to limit amount of digits converting text to int and vice vera (potential for DoS). Originally by Victor Stinner of Red Hat.- Add patch CVE-2021-28861-double-slash-path.patch: * http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. (bsc#1202624, CVE-2021-28861)- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. - Rename support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch to unify the patch with other packages. - Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests on s390x.- Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572).- Add patch support-expat-245.patch: * Support Expat >= 2.4.5- Rename 22198.patch into more descriptive remove-sphinx40-warning.patch.- Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425).- Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425).- Don't use OpenSSL 1.1 on platforms which don't have it.- Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). - Readjust patches: - bpo-31046_ensurepip_honours_prefix.patch - decimal.patch - python-3.3.0b1-fix_date_time_compiler.patch- build against openssl 1.1 as it is incompatible with openssl 3.0+ (bsc#1190566)- 0001-allow-for-reproducible-builds-of-python-packages.patch: ignore permission error when changing the mtime of the source file in presence of SOURCE_DATE_EPOCH- The previous construct works only on the current Factory, not in SLE.- BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation.- Due to conflicting demands of bsc#1183858 and platforms where Python 3.6 is only in interpreter+pip set we have to make complicated ugly construct about Sphinx BR.- Make python36 primary interpreter on SLE-15- Make build working even on older SLEs.- Update to 3.6.15: - bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. Library - bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee. Tests - bpo-38965: Fix test_faulthandler on GCC 10. Use the “volatile” keyword in faulthandler._stack_overflow() to prevent tail call optimization on any compiler, rather than relying on compiler specific pragma. - bpo-40791: Make compare_digest more constant-time (bsc#1214691, CVE-2022-48566). - Remove upstreamed patches: - faulthandler_stack_overflow_on_GCC10.patch- test_faulthandler is still problematic under qemu linux-user emulation, disable it there- Update to 3.6.14: * Security - bpo-44022 (bsc#1189241, CVE-2021-3737): mod:http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server. - bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks. Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks. - bpo-42988 (CVE-2021-3426, bsc#1183374): Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer. - bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network. Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it. - bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. - Upstreamed patches were removed: - CVE-2021-3426-inf-disclosure-pydoc-getfile.patch - CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch - Refreshed patches: - python3-sorted_tar.patch - riscv64-ctypes.patch- Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338).- Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858).- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).- add 22198.patch to build with Sphinx 4- Stop providing "python" symbol (bsc#1185588), which means python2 currently.- Make sure to close the import_failed.map file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block.- Add CVE-2021-3426-inf-disclosure-pydoc-getfile.patch to remove getfile feature from pydoc, which is a security nightmare (among other things, CVE-2021-3426, allows disclosure of any file on the system; bsc#1183374, bpo#42988).Update to 3.6.13, final release of 3.6 branch: * Security - bpo#42967 (bsc#1182379, CVE-2021-23336): Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator. - bpo#42938 (bsc#1181126, CVE-2021-3177): Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values. - bpo#42103: Prevented potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. - bpo#42051: The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. This should not affect users as entity declarations are not used in regular plist files. - bpo#40791: Add volatile to the accumulator variable in hmac.compare_digest, making constant-time-defeating optimizations less likely. * Core and Builtins - bpo#35560: Fix an assertion error in format() in debug build for floating point formatting with “n” format, zero padding and small width. Release build is not impacted. Patch by Karthikeyan Singaravelan. * Library - bpo#42103: InvalidFileException and RecursionError are now the only errors caused by loading malformed binary Plist file (previously ValueError and TypeError could be raised in some specific cases). * Tests - bpo#42794: Update test_nntplib to use offical group name of news.aioe.org for testing. Patch by Dong-hee Na. - bpo#41944: Tests for CJK codecs no longer call eval() on content received via HTTP. - Patches removed, because they were included in the upstream tarball: - CVE-2020-27619-no-eval-http-content.patch - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution.- Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686).- (bsc#1180125) We really don't Require python-rpm-macros package. Unnecessary dependency.- readd --with-fpectl (bsc#1180377)- Adjust sphinx-update-removed-function.patch- (bsc#1179630) Update sphinx-update-removed-function.patch to work with all versions of Sphinx (not binding the Python documentation build to the latest verison of Sphinx). Updated version mentioned on gh#python/cpython#13236.- Add CVE-2020-27619-no-eval-http-content.patch fixing CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP.- Add patch sphinx-update-removed-function.patch to no longer call a now removed function (gh#python/cpython#13236). As a consequence, no longer pin Sphinx version.- Pin Sphinx version to fix doc subpackage- Change setuptools and pip version numbers according to new wheels (bsc#1179756). - Add ignore_pip_deprec_warn.patch to switch of persistently failing test.- Replace bundled wheels for pip and setuptools with the updated ones (bsc#1176262 CVE-2019-20916).- Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - Rebase bpo23395-PyErr_SetInterrupt-signal.patch- Fix build with RPM 4.16: error: bare words are no longer supported, please use "...": x86 == ppc.- Fix installing .desktop file- Buildrequire timezone only for general flavor. It's used in this flavor for the test suite.- Add faulthandler_stack_overflow_on_GCC10.patch to make build working even with GCC10 (bpo#38965).- Just cleanup and reordering items to synchronize with python38- Format with spec-cleaner- riscv64-support.patch: bpo-33377: add triplets for mips-r6 and riscv (#6655) - riscv64-ctypes.patch: bpo-35847: RISC-V needs CTYPES_PASS_BY_REF_HACK (GH-11694) - Update list of tests to exclude under qemu linux-user- Update the python keyring - Correct libpython name- Drop patches which are not mentioned in spec: * CVE-2019-5010-null-defer-x509-cert-DOS.patch * F00102-lib64.patch * F00251-change-user-install-location.patch * OBS_dev-shm.patch * SUSE-FEDORA-multilib.patch * bpo-31046_ensurepip_honours_prefix.patch * bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch * bpo36302-sort-module-sources.patch * bpo40784-Fix-sqlite3-deterministic-test.patch * bsc1167501-invalid-alignment.patch * python3-imp-returntype.patch - Working around missing python-packaging dependency in python-Sphinx (bsc#1174571) is not necessary anymore.- Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(…). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - Drop merged fixtures: * CVE-2020-14422-ipaddress-hash-collision.patch * CVE-2019-20907_tarfile-inf-loop.patch * recursion.tar - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091).- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch.- Make library names internally consistent- Disable profile optimalizations as they deadlock in test_faulthandler- Disable lto as it causes mess and works with 3.7 onwards only- Sync the test disablements from the python3 in sle15- Update to 3.6.11: - bpo-39073: Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - bpo-38576 (bsc#1155094): Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. - bpo-39401: Avoid unsafe load of api-ms-win-core-path-l1-1-0.dll at startup on Windows 7. - Remove merged patch CVE-2020-8492-urllib-ReDoS.patch, CRLF_injection_via_host_part.patch, and CVE-2019-18348-CRLF_injection_via_host_part.patch.- Fix minor issues found in the staging.- Do not set ourselves as a primary interpreter- Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS.- Change name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894).- Add CVE-2019-9674-zip-bomb.patch to improve documentation warning about dangers of zip-bombs and other security problems with zipfile library. (bsc#1162825 CVE-2019-9674) - Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug "Python urrlib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)" (bsc#1162367)- Add Requires: libpython%{so_version} == %{version}-%{release} to python3-base to keep both packages always synchronized (bsc#1162224).- Reame idle icons to idle3 in order to not conflict with python2 variant of the package bsc#1165894 * renamed the icons * renamed icon load in desktop file- Add pep538_coerce_legacy_c_locale.patch to coerce locale to C.UTF-8 always (bsc#1162423).- Update to 3.6.10 (still in line with jsc#SLE-9426, jsc#SLE-9427, bsc#1159035): - Security: - bpo-38945: Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. - bpo-37228: Due to significant security concerns, the reuse_address parameter of asyncio.loop.create_datagram_endpoint() is no longer supported. This is because of the behavior of SO_REUSEADDR in UDP. For more details, see the documentation for loop.create_datagram_endpoint(). (Contributed by Kyle Stanley, Antoine Pitrou, and Yury Selivanov in bpo-37228.) - bpo-38804: Fixes a ReDoS vulnerability in http.cookiejar. Patch by Ben Caller. - bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. (Contributed by Dong-hee Na in bpo-38243.) - bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903. - bpo-37461: Fix an infinite loop when parsing specially crafted email headers. Patch by Abhilash Raj. - bpo-34155: Fix parsing of invalid email addresses with more than one @ (e.g. a@b@c.com.) to not return the part before 2nd @ as valid email address. Patch by maxking & jpic. - Library: - bpo-38216: Allow the rare code that wants to send invalid http requests from the http.client library a way to do so. The fixes for bpo-30458 led to breakage for some projects that were relying on this ability to test their own behavior in the face of bad requests. - bpo-36564: Fix infinite loop in email header folding logic that would be triggered when an email policy’s max_line_length is not long enough to include the required markup and any values in the message. Patch by Paul Ganssle - Remove patches included in the upstream tarball: - CVE-2019-16935-xmlrpc-doc-server_title.patch (and also bpo37614-race_test_docxmlrpc_srv_setup.patch, which was resolving bsc#1174701). - CVE-2019-16056-email-parse-addr.patch - Move idle subpackage build from python3-base to python3 (bsc#1159622). appstream-glib required for packaging introduces considerable extra dependencies and a build loop via rust/librsvg. - Correct installation of idle IDE icons: + idle.png is not the target directory + non-GNOME-specific icons belong into icons/hicolor - Add required Name key to idle3 desktop file- Unify all Python 3.6* SLE packages into one (jsc#SLE-9426, jsc#SLE-9427, bsc#1159035) - Patches which were already included upstream: - CVE-2018-1061-DOS-via-regexp-difflib.patch - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in python/Lib/DocXMLRPCServer.py- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes bsc#1149792 - Add bpo36263-Fix_hashlib_scrypt.patch which works around bsc#1151490- Add CVE-2019-16056-email-parse-addr.patch fixing the email module wrongly parses email addresses [bsc#1149955, bnc#1149955, CVE-2019-16056]- jsc#PM-1350 bsc#1149121 Update python3 to the last version of the 3.6 line. This is just a bugfix release with no changes in functionality. - The following patches were included in the upstream release as so they can be removed in the package: - CVE-2018-20852-cookie-domain-check.patch - CVE-2019-5010-null-defer-x509-cert-DOS.patch - CVE-2019-10160-netloc-port-regression.patch - CVE-2019-9636-urlsplit-NFKC-norm.patch - CVE-2019-9947-no-ctrl-char-http.patch - Patch bpo23395-PyErr_SetInterrupt-signal.patch has been reapplied on the upstream base without changing any functionality. - Add patch aarch64-prolong-timeout.patch to fix failing test_utime_current_old test.- FAKE RECORD FROM SLE-12 CHANNEL Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802]- FAKE RECORD FROM SLE-12 CHANNEL bsc#1109847: add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo#34623.- boo#1141853 (CVE-2018-20852) add CVE-2018-20852-cookie-domain-check.patch fixing http.cookiejar.DefaultPolicy.domain_return_ok which did not correctly validate the domain: it could be tricked into sending cookies to the wrong server.- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) Upstream gh#python/cpython#13812- FAKE RECORD FROM SLE-12 CHANNEL bsc#1137942: Avoid duplicate files with python3* packages (https://fate.suse.com/327309)- bsc#1094814: Add bpo23395-PyErr_SetInterrupt-signal.patch to handle situation when the SIGINT signal is ignored or not handled- Update to 3.6.8: - bugfixes only - removed patches (subsumed in the upstream tarball): - CVE-2018-20406-pickle_LONG_BINPUT.patch - refreshed patches: - CVE-2019-5010-null-defer-x509-cert-DOS.patch - CVE-2019-9636-urlsplit-NFKC-norm.patch - Python-3.0b1-record-rpm.patch - python-3.3.0b1-fix_date_time_compiler.patch - python-3.3.0b1-test-posix_fadvise.patch - python-3.3.3-skip-distutils-test_sysconfig_module.patch - python-3.6.0-multilib-new.patch - python3-sorted_tar.patch - subprocess-raise-timeout.patch - switch off LTO and PGO optimization (bsc#1133452) - bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised.- bsc#1129346: add CVE-2019-9636-urlsplit-NFKC-norm.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised. (CVE-2019-9636) Upstream gh#python/cpython#12224- bsc#1120644 add CVE-2018-20406-pickle_LONG_BINPUT.patch fixing bpo#34656 Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data.- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746. An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.- Add -fwrapv to OPTS, which is default for python3 anyway See for example https://github.com/zopefoundation/persistent/issues/86 for bugs which are caused by avoiding it. (bsc#1107030)- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS (CVE-2018-1061). Prior to this patch mail server's timestamp was susceptible to catastrophic backtracking on long evil response from the server. Also, it was susceptible to catastrophic backtracking, which was a potential DOS vector. [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]- As we run in main python package do not generate the pre_checkin from both now- Move the tests from base to generic package wrt bsc#1088573 * We still fail the whole distro if python3 is not build * The other archs than x86_64 took couple of hours to unblock build of other software, this way we work around the issue - Some tests are still run in -base for the LTO tweaking, but at least it is not run twice- update to 3.6.5 * bugfix release * see Misc/NEWS for details - drop ctypes-pass-by-value.patch - drop fix-localeconv-encoding-for-LC_NUMERIC.patch - refresh python-3.6.0-multilib-new.patch- Apply "python-3.6-CVE-2017-18207.patch" to add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this check, attackers could cause a denial of service (divide-by-zero error and application crash) via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207]- Created %so_major and %so_minor macros - Put Tools/gdb/libpython.py script into proper place and ship it with devel subpackage.- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64- Add python3-sorted_tar.patch (boo#1081750, bsc#1086001)- Add patch to fix glibc 2.27 fail bsc#1079761: * fix-localeconv-encoding-for-LC_NUMERIC.patch- move XML modules and python3-xml provide to python3-base (fixes bsc#1077230) - move ensurepip to base- Add skip_random_failing_tests.patch only for PowerPC- update to 3.6.4 * bugfix release, over a hundred bugs fixed * see Misc/NEWS for details - drop upstreamed python3-ncurses-6.0-accessors.patch - drop PYTHONSTARTUP hooks that cause spurious startup errors * fixes bsc#1070738 * the relevant feature (REPL history) is now built into Python itself- Install 2to3-%{python_version} executable (override defattr of the -tools package). 2to3 (unversioned) is a symlink and does not carry permissions (bsc#1070853).- move 2to3 to python3-tools package- update to 3.6.3 * bugfix release, over a hundred bugs fixed * see Misc/NEWS for details - drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch- drop python-2.7-libffi-aarch64.patch: this patches the intree copy of libffi which is unused/deleted in the line afterwards - fix build against system libffi: include flags weren't set so it actually used the in-tree libffi headers.- Fix test broken with OpenSSL 1.1 (bsc#1042670) * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch- fix missing %{?armsuffix}- distutils-reproducible-compile.patch: ensure distutils order files before compiling, which works around bsc#1049186- Add libnsl-devel build requires for glibc obsoleting libnsl- update to 3.6.2 * bugfix release, over a hundred bugs fixed * see Misc/NEWS for details - drop upstreamed test-socket-aead-kernel49.patch - add Provides: python3-typing (fixes bsc#1050653) - drop duplicate Provides: python3- Add missing link to python library in config dir (bsc#1040164)- update to 3.6.1 * bugfix release, over a hundred bugs fixed * never add import location's parent directory to sys.path * switch to git for version control, build changes related to that * fix "failed to get random numbers" on old kernels (bsc#1029902) * several crashes and memory leaks corrected * f-string are no longer accepted as docstrings- prevent regenerating AST at build-time more robustly - add "--without profileopt" and "--without testsuite" options to python3-base to allow short circuiting when working on the package- FAKE RECORD FROM SLE-12 CHANNEL update to 3.4.6 (bsc#1027282): * fixed potential crash in PyUnicode_AsDecodedObject() in debug build * fixed possible DoS and arbitrary execution in gettext plurals * fix possible use of uninitialized memory in operator.methodcaller * fix possible Py_DECREF on unowned object in _sre * fix possible integer overflow in _csv module * prevent HTTPoxy attack (CVE-2016-1000110) * fix selectors incorrectly retaining invalid fds - drop upstreamed python-3.4-CVE-2016-1000110-fix.patch - move _elementtree to python3.rpm to match its pyexpat dependency (bsc#1029377)- Add 0001-allow-for-reproducible-builds-of-python-packages.patch upstream https://github.com/python/cpython/pull/296- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) - reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent)- update to 3.6.0 * PEP 498 Formated string literals * PEP 515 Underscores in numeric literals * PEP 526 Syntax for variable annotations * PEP 525 Asynchronous generators * PEP 530 Asynchronous comprehensions * PEP 506 New "secrets" module for safe key generation * less memory consumed by dicts * dtrace and systemtap support * improved asyncio module * better defaults for ssl * new hashing algorithms in hashlib * bytecode format changed to allow more optimizations * "async" and "await" are on track to be reserved words * StopIteration from generators is deprecated * support for openssl < 1.0.2 is deprecated * os.urandom now blocks when getrandom() blocks * huge number of new features, bugfixes and optimizations * see https://docs.python.org/3.6/whatsnew/3.6.html for details - rework multilib patch: drop Python-3.5.0-multilib.patch, implement upstreamable python-3.6.0-multilib-new.patch - refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch - drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch - finally drop python-2.6b1-canonicalize2.patch that was not applied in source and only kept around in case we needed it in the future. (which we don't, as it seems) - update import_failed map and baselibs - build ctypes against system libffi (buildrequire libffi-devel in python3-base) - add new key to keyring (signed by keys already in keyring) - introduced common configure section between python3 and python3-base - moved pyconfig.h and Makefile to devel subpackage as distutils no longer need it at runtime - added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py because it is not used now - improve summaries and descriptions (fixes bsc#917607) - enabled Link-Time Optimization, see what happens - including skipped_tests.py in pre_checkin.sh run - run specs through spec-cleaner, rearrange sections- FAKE RECORD FROM SLE-12 CHANNEL apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user supplied Proxy request header: python-3.4-CVE-2016-1000110-fix.patch (fixes bsc#989523, CVE-2016-1000110) - refresh python3-urllib-prefer-lowercase-proxies.patch- FAKE RECORD FROM SLE-12 CHANNEL update to 3.4.5 check: https://docs.python.org/3.4/whatsnew/changelog.html (fixes bsc#984751, CVE-2016-0772) (fixes bsc#985177, CVE-2016-5636) (fixes bsc#985348, CVE-2016-5699) - drop upstreamed werror-declaration-after-statement.patch- FAKE RECORD FROM SLE-12 CHANNEL Due to being fixed upstream (differently), removed outdated patch CVE-2014-4650-CGIHTTPServer-traversal.patch (bsc#983582)- move _hashlib and _ssl modules and tests to python3-base - recommend python3- Add Python-3.5.1-fix_lru_cache_copying.patch Fix copying the lru_cache() wrapper object. Fixes deep-copying lru_cache regression, which worked on previous versions of python but fails on python 3.5. This fixes a bunch of packages in devel:languages:python3. See: https://bugs.python.org/issue25447- update to 3.5.1 * bugfix-only release, dozens of bugs fixed - Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch - "Python3" to "Python 3" in summary * This seems cleaner and fixes and rpmlint warning- FAKE RECORD FROM SLE-12 CHANNEL Issue #21121: Don't force 3rd party C extensions to be built with -Werror=declaration-after-statement. (werror-declaration-after-statement.patch, bsc#951166)- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch This fixes a build error for many packages that use the Python, C-API. This patch is already accepted upstream and is slated to appear in python 3.5.1.- update to 3.5.0 * coroutines with async/await syntax * matrix multiplication operator `@` * unpacking generalizations * new modules `typing` and `zipapp` * type annotations * .pyo files replaced by custom suffixes for optimization levels in __pycache__ * support for memory BIO in ssl module * performance improvements in several modules * and many more - removals and behavior changes * deprecated `__version__` is removed * support for .pyo files was removed * system calls are auto-retried on EINTR * bare generator expressions in function calls now cause SyntaxError (change "f(x for x in i)" to "f((x for x in i))" to fix) * removed undocumented `format` member of private `PyMemoryViewObject` struct * renamed `PyMemAllocator` to `PyMemAllocatorEx` - redefine %dynlib macro to reflect that modules now have arch+os as part of name - module `time` is now built-in - dropped upstreamed patches: python-3.4.1-fix-faulthandler.patch python-3.4.3-test-conditional-ssl.patch python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) - updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch - python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure with new gcc + ncurses- Add python3-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1.- improve import_failed hook to do the right thing when invoking missing modules with "python3 -m modulename" (boo#942751)- Build with --enable-loadable-sqlite-extensions to make it works as geospatial database.- dh2048.pem: added generated 2048 dh parameter set to fix ssl test (bsc#935856) - python-fix-short-dh.patch: replace the 512 bits dh parameter set by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856)- ctypes-libffi-aarch64.patch: remove upstreamed patch - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64- python-3.4.3-test-conditional-ssl.patch - restore tests failing because test_urllib was unconditionally importing ssl (without really needing it) - restore functionality of multilib patch - drop libffi-ppc64le.diff because upstream completely changed everything yet again (sorry ppc64 folks :| )- Update to version 3.4.3 - Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch (bpo#21766)- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus faulthandler which fails with GCC 5.- asyncio has been merged in python3 main package; provide and obsolete it - Remove obsolete AUTHORS section - Remove redundant %clean section- add %python3_version rpm macro for Fedora compatibility - add missing argument in import_failed, rename Novell Bugzilla to SUSE Bugzillapython3-develh04-ch1b 1727084268  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~3.63.63.63.6.153.6.15-150300.10.72.13.6.15-150300.10.72.13.6.15 python3-configpython3.6-configpython3.6m-configpython3.6mPython-ast.hPython.habstract.haccu.hasdl.hast.hbitset.hbltinmodule.hboolobject.hbytearrayobject.hbytes_methods.hbytesobject.hcellobject.hceval.hclassobject.hcode.hcodecs.hcompile.hcomplexobject.hdatetime.hdescrobject.hdictobject.hdtoa.hdynamic_annotations.henumobject.herrcode.heval.hfileobject.hfileutils.hfloatobject.hframeobject.hfuncobject.hgenobject.hgraminit.hgrammar.himport.hintrcheck.hiterobject.hlistobject.hlongintrepr.hlongobject.hmarshal.hmemoryobject.hmetagrammar.hmethodobject.hmodsupport.hmoduleobject.hnamespaceobject.hnode.hobject.hobjimpl.hodictobject.hopcode.hosdefs.hosmodule.hparsetok.hpatchlevel.hpgen.hpgenheaders.hpy_curses.hpyarena.hpyatomic.hpycapsule.hpyconfig.hpyctype.hpydebug.hpydtrace.hpyerrors.hpyexpat.hpyfpe.hpygetopt.hpyhash.hpylifecycle.hpymacconfig.hpymacro.hpymath.hpymem.hpyport.hpystate.hpystrcmp.hpystrhex.hpystrtod.hpythonrun.hpythread.hpytime.hrangeobject.hsetobject.hsliceobject.hstructmember.hstructseq.hsymtable.hsysmodule.htoken.htraceback.htupleobject.htypeslots.hucnhash.hunicodeobject.hwarnings.hweakrefobject.hlibpython3.6m.solibpython3.sopython-3.6.pcpython-3.6m.pcpython3.pcconfig-3.6m-x86_64-linux-gnuMakefileSetupSetup.configSetup.localconfig.cconfig.c.ininstall-shlibpython3.6m.somakesetuppython-config.pypython.ogdbauto-loadusrlib64libpython3.6m.so.1.0-gdb.py/usr/bin//usr/include//usr/include/python3.6m//usr/lib64//usr/lib64/pkgconfig//usr/lib64/python3.6//usr/lib64/python3.6/config-3.6m-x86_64-linux-gnu//usr/share//usr/share/gdb//usr/share/gdb/auto-load//usr/share/gdb/auto-load/usr//usr/share/gdb/auto-load/usr/lib64/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:35633/SUSE_SLE-15-SP3_Update/49d100f4782fe3fa552c67d6b7bc38f8-python3.SUSE_SLE-15-SP3_Update:basedrpmxz5x86_64-suse-linux POSIX shell script, ASCII text executabledirectoryC source, ASCII textASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4d5a15d2b9acc2802e86588ba5a06d7f80d415b7, strippedpkgconfig fileASCII text, with very long linesPython script, ASCII text executableELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), with debug_info, not stripped RPRRRRPRPRPRRRRRRR{'d3Putf-8e33cd944dcf611a8cc7e4ca84e36e2eda0c091682f83357901f5ce7341cf1406?7zXZ !t/SA]"k%4Pa Z2 (KPRYudðZXFqJB_˞cQ/՚XzJ^ 7rܒzx2G)1t8`υOu rl;~_A,"ꞯ(";"b" E s'v,C (eWbw.wH;ntM)IP.{-|\Z5i 8nhu`8iBw>WL9!Zb[;"㗦RIW VEV\1U{WT!(%bc,J;;Fиi25dY ֵ))k}l `Έl>)l rǯ-̆"DP\>R# ֐1"ճKhLFnO7 +;QڄuLr XGǖ@9K5 3], d5B&ߒ^`5y=WKjLյ7iy" hj2{nM)]JR/WCOO4#(^ȝ6XNϹr9x? {p͐q'< ~P-ve\Z7>P]M,C‰s ޹6uą7x:KrgJ ŕ\w mqz d#[fTΞjP(p_DR2q ]<Ͽdg?Xl!tbe!jOQGҮE{E*z6P^pByjKG$Q&$ Pe5lSQ'gχ= ([%v6LYJRRYUatÐ]Q׈ 10Uګ@]%x3j`_)JӁe=pAi'Jq+aM\1ynׅ>%ux4g<|)9J*oO/W[K@vd?B/, 9,yCp EN*W$ pv:,{ ͼwlwIQԻ_&NmL{P[t9+?-u[3afӸw)x1.I>OC,.Wc (vJp!H zih*Nא{ą\TߗJຮ$ѻ^W&s)|/S@bIFJDS: xwTQ-d>=vh0 ,+'vꬫ&`eS'*v,v6;C C^ʀOo΋B/xn,}ir^Q*7wʽ4N1b^u+l-ac)fy,]U,Uhmgs{ʍа:^AcT :6=YGڦBAx1J{&-7)}Wќ %Rⶱl|QA?M4Y=+OEr'Fڿj{92};)^WSr/\] rfq VRdY C%-ɦKQkSKVyHa\B@avB*g:rـ!ahW&~MZ 4∝ls NʖJ&}M0P=KPj桿LJrOYA0DiC>V{?ys:$ymKPlG=58sUG9ܣۭC̖O_94 4Qզ]_AZ"4:4֗Mhv/L Wnja '{ N',{;iC7Bޒ[d=T9ghk C>_$DE6t}o'6ɜaZ=QY KAE_L#aU|5.6re$y/xew*bèE0;Z-SZ8J䃆Q[;/; `AV2/2QjHԣj֦JH KubGXa:#_| +y$I 8@ 0t(#ӟ!+ G#K\[bw,L-ڣ}jt3SC+gGHm?rRE1!k7bz`c=Qt~>Ub+|4P(˯.uo—J1Ů_.rI` E'$qkf{uZN7pIӖ;] ҜM]u;Z_$[l WiC{<Sѩd6:fD18ngawCDJ=[kKʃ{",bM9Ѻuwaoι8>U; Mf83dXt?['8 &`>3\KnU߼5yqdfkA/ມ%a7r8(E2HK3Egfq K}adž&At4<:LĚ$^+qM/*cO!"UPL8toJΖ҅YȯV-4რEc}&dQ"UvІIa%RJDrn*<ҪF=]DnKs$m#Jd.ĩiؐ!kUv+#Vg$ ڛz7p; y 9H)JWUh*.#Xʻl&}і;iеŻx/_Fp0^\Md]@QoQzE/bo[s}p" QːXPɜD@{8vJcFY5S9"R R=(΀Nv'QZÝ5 >RqNjܛ߬gޑq =q$x͈?NUSuVЉutTVꟅ9ҏm^(7)]tQ7QTk=T= TWAJÒ7lɬ@^KQy"2Q 649 яlh%+RiFÁr/q{?k薫QIҗr|d9[<lMr<69>  ӭ;K25^{ZrXBNWFNJd0V٠[W12-{lVS/5nwFI6ߕ.6=ώPW&Z&:6r/s۾brABΐZlw_ikc1iX4j&yȯP_ᑣLW߭=}IL6 D|0t}.9 70R0|b _G V}TglrXH2i@Ȩ4ZDeo}Ahnȳv"H" M7OY^-' OXbQF-D$ĤU-,%<+t9`Q"-Y6Un謅{I{f?&kXVRjOk%5!Rl|eLƜd!Cה'ܮJ{%pFFpbI7Rq -`t{.Q*J ~v،{U;AFtndbJ}OrC%(-rjDsMAt 'kZ3$yzㅟ],n`Sӓ+K FϚ00oAzv2I3ο|)Bh7.N-OL  pa;Vw7C!Gc;Caj @1s㟵 3alNG"5GPVO/*+`%BrW(ޖ$ːDX(҂F;jHȥ,xRƬBS8<<ДU-fH5sjWfȩF]ž2yZ¬bڟLe_kе4z?!bKk:bOH9:dbkE]'zKn{@YIQq‘#BaDẗ́kKtWJʸ*eײ!HԇDw>*̲czZOJ|C'zP?RRۼ69?_I*w,E`HM:UC NYypMDOwbu# DKQ,ӝ fzs>,6!Qaq DBYOC—6Iq9y[_HVC n:1\J;>Dq盧- x CHg$E|Q3 !lWu 2d_m7h~d_0^6SO+kcO$ql@nGcB9]H&W?aM/SIN+'`ba _l;yoqM3X'Po]T, f,oDntK zyu uH(Pl\=R[ps"'rp4Wdbٙ.f5 ϯmd@|IejEgMwm6XUb,{2l16#¥\)-ߴ-a4mTOK7Ρ;RjŐ1H0&^Q~ݗ J^ioY=@$(L=R zS3zp0ib}5ӗ6h5 fxHRtXvSp/b ?oeO?Cu4i5ȟ'@ S֟.2e/aBNzL4 aO#z{蕍>JsHWfOcꥈZEɓ.GW+$CI~XYKbOʃuE#gqsv@@ȶ9V]` j6iBAZAqtjXQfp{9TAվۂ4+.; G> L> /fH>vlEwG'SCWaÜ @THS؛9 /6<UTRH1WB3i 1^D{f;bU ,,Ry:yq'N/(tϦ8j,uV*$l90ey/PM~dFu6 ⯘mEOt;+ t^f&^t=WOJh1G/-pFFc'P^;ȀwH5e$w8jCaW̪<:~[N5l6R#[ip!o0BK woA\٠<Λ֨nqi?^.0yh~x H=>*V{8crV/Bd‹$Pv덼y47E-:GF(&s+QFsw`,mZro|ksxC gbUo8'K4@1)Zwcu5e[{[_W\xj*uap|psv^ykt'8Z;}~^AYkߩ_dVT/>(Zyv9 hz=i]*ݙ72\ֿu5nڛʾ> iSWUҸݕDՑf/?i;W(>nPd~=OH ~37}D4!̲AySJ>Μ?UTJ6}cdLئ!2sǴb]r mhVT`FeRyd- %3Fz{ rAGKbgW{n-aQV=CRu¶r4+9D҆ 8z6'n:kuZmDC} U\?~T;[ .Hl˚ {"]p'✧9'QWNdgwI-Bp%rx?eEwsվ~h6NUw|bY}>N;?!Ƣ\0t 1ON{"g3̺e V9ޓ%>3$콺G {mgrT:X|TN;I~WNp|:\RO (QtG;^5 ceHv@$O'&f\;8 F Վ|a26'sQG, _yky~HRgk Am猆ZV߻ _Vu¬ڙt]Ϣ ߄,"UPR{_5".)zm%^ bAh*t+}~\-EeB 0Qe'l)~Hƿ׳.)@E)G;HPHl<Ҡ0_n@N4WB2`uOx \w`=:;ĘiL. \p+ BԖfbixi3'^6lBM:YdUb-4{wdZ#a 1:F-i)U.`b} @5MP߃h;4>ZJc17P&]NU)Qy4X!12,y S'/H* J~'$E+_O"!o,=9-YJuB(`L ي(4N~PySB:SAVn~P>j;Mi`^km-('[KK~+GQ)Ğ3kd1^F􁭶 IMjvnT|?mrvW\d4ZcٕL[U'񕠚$L.~# CK3< /P i~#"tFD )1+f)]' UB4e3r ̚SYN;'c٫؇>E& _hQo밫B:u R+ 86[e-i/rqD- @U#77nw30%*U/ iSAi A=00 "=nv3X$=mf(#iڷW\vDlI]x8٨uQ°kw2!dO3ab m`O[;$7H@Xr}HAWll)a)i:(MY"gn w6y0eٺH a;04ZM%ahRcUUr% `' qlfpYhGMTݿJ1 " v"2_:e?r1~FGr |=}8 | T f&6S+" 5K>K(.Zn/bIuĸPe)_J9"ulj\'L`M~h:k)1.qyG[rͼ2ÈM'޲A*%tEiLi%r`=Ť@,!RcD+tH`9jAn;NsީMLIgm[W%bXލB d4Aa1]ׯJog(ӛ|q4pys杦R#cNM""zK\bK?&\"z\ٗsZ@׊ }!rpxXyh xg1RWYipϭLCݲYrTWvd,|d#wk"OeUɜD~& ilt)6jadRpʩa |o)>1 jy &'p[Uģ̛5 ($)1JDhT8d.q2cD]|u&k.Q21T#WOd d42\Xk@p-~6:-&L!pyfj^^/\5==ɔk4+{xdd4< a\XCk ^}{n7my|"p-2}5i/.MOǕ߶ J&*j=ʝ`h;k0l]Ya[-,IgTpK9tTMS3!wNݰ&-|m XIRo#:-}yq{ixO_Q-ږKq[:qAh? k||aTg5:jÒwʕat}o|m'@pNmQv{l##]KcYJXz>{RwP ~71})=no?0 hh<*I!|(4)edlPdÐ!^%y St3'ckg.XQֆWat ^Oyђ@+ԫnDZ8-詽u 21mMwwz*k!$р _xQ {LƅT(c5B`|h3~Te؄w49~:υl4[;|OYϴti[30PLOVe8-[ &Z8UnJQۜ/Y#ժL:AZ |,}ۃ m,:w$VVŘ UKUxz~#pdINE50Uasl{Lz{JHc?{< Q*y̴Mv莈Kh+ oQMos=* n1,]gX{yVMO'3=O7t%EηPe[:]}[ަ*:VDJ5|Da Zt,~8 1 Yg31ƃp_Jj)!9,Z!vg;ȹbR'bJnH-DĄOlL qe,pv2uZ`qFUs ?7?mWE hK;x?'BC|I ?]{=_h'.rDqr2 @{z~Gg~;;ݬAQ&?gQt6e08/ˮO:/s ]0EUmPpcjnf,E]lN!ICKܾCCoSi!SJ/-kj0\B13bg׭˷ɓDB|,]+_7U(3= w2m6a*"Gu]W h tW6S Ƿ~6UeRdI(r'Ƽ4/b$U 19q rydf%ۃ+X_OYUʇ5bDg=f`4K71F4StcRF;YʀŠQ]=Ymq+/m\iNhW*MkUVa EX5 :yҜXf =+?IWܻSLϱ}. =$AGLCswEJ1}նvs3S[es $ck3Zw9~5 z+}&aۉ8Wu*6 41Ŷ YZ