- Update to 2.7.18, final release of Python 2. Ever.:

- Newline characters have been escaped when performing uu
    encoding to prevent them from overflowing into to content
    section of the encoded file. This prevents malicious or
    accidental modification of data during the decoding process.
  - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch
    by Ben Caller.
  - Fixed line numbers and column offsets for AST nodes for calls
    without arguments in decorators.
  - Disallow control characters in hostnames in http.client,
    addressing CVE-2019-18348. Such potentially malicious header
    injection URLs now cause a InvalidURL to be raised.
  - Fix urllib.urlretrieve failing on subsequent ftp transfers
    from the same host.
  - Fix problems identified by GCC's -Wstringop-truncation
    warning.
  - AddRefActCtx() was needlessly being checked for failure in
    PC/dl_nt.c.
  - Prevent failure of test_relative_path in test_py_compile on
    macOS Catalina.
  - Fixed possible leak in :c:func:`PyArg_Parse` and similar
    functions for format units "es#" and "et#" when the macro
    :c:macro:`PY_SSIZE_T_CLEAN` is not defined.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=281

Python-2.7.17.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4d43f033cdbd0aa7b7023c81b0e986fd11e653b5248dac9144d508f11812ba41
-size 12855568

Python-2.7.17.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEwB4crV6ixPC441cVBMNnwhit1P8FAl2rXRsACgkQBMNnwhit
-1P/dJg//UrZRji4wnui1gfsp/qUtEIQe3Qb48LU7NAPjr5Y0B+ebG9peOw2pR4JX
-yUXYewWFN7Cy4wxyQki5pbo9bNwSqJ0Xfix/R+mcoSQHGWb0FVH+gk2tGehtM99M
-EUR1cdywA2a3K+Dpqaqysl7NCYMTq2bqMcRh/ADUHfmCpneisdSZTq2vX7lfgBAj
-py+OIeXTa3P6EFhMZYKOc+/7p/pltmh28cmLqhL91UEVQi4eT3EbAu17CI7d9pQr
-28FtqM7EDhm1cbkE25GuVDE8zP5JO+AjcMmRBSiRDBTur////0NqzeoCqmFcwPpt
-DZAfS4AAyQroXJsYElZDr5STL/guhgYe3FJGVSqpZ4Tk2Fyr1olQGnVR2TlPufQu
-21e6dJZFyc+7cHIe9+gpizXsoOgMk40qTJB/xQ0ERNGJZ6t39VJ2s8GlaY0+Dnvq
-yRt5a/SzHrJK4Y/0lC17LylSP5VuMUKm0gXFGmJGYfHYw7I51IpXpFWBQBzghelj
-aKgEsjWxmHcaM7t8tBlQniSQ8eAONCBvhG+pnQn2WEaSdQxpTdeckcfP6K2CV7AN
-XuZ42/u+lwRB4QI4sA1HXQ6ab/gjCAQzKJSbRhhx4WIosGxNMf0rI+u0cCOT/eBI
-sYCLEx564/NS2ErMAVoT+tvXIDQXl7Z/0K95I4IJel+6aPiW9HI=
-=YxNu
------END PGP SIGNATURE-----

Python-2.7.18.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b62c0e7937551d0cc02b8fd5cb0f544f9405bafc9a54d3808ed4594812edef43
+size 12854736

Python-2.7.18.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEwB4crV6ixPC441cVBMNnwhit1P8FAl6cx00ACgkQBMNnwhit
+1P8kiBAAmGj5Nz8rsDoqRppDfWuk/oLU1WwXIixFOuzrrIcSnUDGtZgikIlA0q1z
+At/09+mbQMSv93/oa+ISCQujvH5QTbKqOoYYdBGdsK6XZevrGM1UO3eRaldBElQ0
+03zIT7d9OyvbvvvegsqaCMFoGhcAmnp6AomXFt20U80tIaCBCftGKIfQQXR/aTfz
+w3F7s+ZrzLd2mj9rVtld6KPs9ZuTl3xK1YlsfKvXnLwK0v9h7shVvkj9vKnolwPI
+Ykl1FDI0p/gHbkRzC0D10zOv58mO4jrkezlq1ZKVwu7hgGFVXt1ZudwbpIWz8cl0
+AHcEK+ls9F9fw6bvRJPHi0L/jvvr58+3hg1iwJW24eYvP2GuRSRk1GF3FroARll7
++PW6y+kyrjhyznv0KVY5efEgJQRGJ4o6d5PvWKIWiwL6HycAXfUt7248S0N3acKZ
+Am4UVCRXwhCB0+xENAaT/KtMK/kvl5G9bVLSpah0LlSZ0u/X86zhyitVky3LD/el
+JRrHskXIA4wDcxfv503tEvRm9vLOdr0XwAyZ9qh7NGfmmAT2W/bKa3qlM6DJ027c
+mRl0VKmiseh4r3JIOAqkDFUNbvjKhteA4HeTrOxsqacnzWTH+tvB2Pm3Qpl/oRhM
+iAsGICpa9IMFmhmhoWjdpacXIiPaGhJA9AC3lufOPgIqMVvwsQ4=
+=V2yl
+-----END PGP SIGNATURE-----

python-2.7.17-docs-pdf-a4.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bec4c29c255bcf87b39606ec76d6ed25ef3880333a88447bb8958cf9269f7a21
-size 11440300

python-2.7.17-docs-pdf-letter.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:27d3f0f23a13300a5df66c66d7a28d09681b810436ab94895295479a8ae0572d
-size 11440077

python-2.7.18-docs-pdf-a4.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:55cfc0527ec38284ae56d90b165f099184d6c4e2f1ba604af9e462a66552fcaa
+size 11455638

python-2.7.18-docs-pdf-letter.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:76e56fe618a6d5d1cd7b90e73d46fa1a4d0b3e5bbdfdce6c5d59cff9d49ed749
+size 11455851

python-base.changes

@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl <mcepl@suse.com>
+
+- Update to 2.7.18, final release of Python 2. Ever.:
+  - Newline characters have been escaped when performing uu
+    encoding to prevent them from overflowing into to content
+    section of the encoded file. This prevents malicious or
+    accidental modification of data during the decoding process.
+  - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch
+    by Ben Caller.
+  - Fixed line numbers and column offsets for AST nodes for calls
+    without arguments in decorators.
+  - Disallow control characters in hostnames in http.client,
+    addressing CVE-2019-18348. Such potentially malicious header
+    injection URLs now cause a InvalidURL to be raised.
+  - Fix urllib.urlretrieve failing on subsequent ftp transfers
+    from the same host.
+  - Fix problems identified by GCC's -Wstringop-truncation
+    warning.
+  - AddRefActCtx() was needlessly being checked for failure in
+    PC/dl_nt.c.
+  - Prevent failure of test_relative_path in test_py_compile on
+    macOS Catalina.
+  - Fixed possible leak in :c:func:`PyArg_Parse` and similar
+    functions for format units "es#" and "et#" when the macro
+    :c:macro:`PY_SSIZE_T_CLEAN` is not defined.
+
 -------------------------------------------------------------------
 Sat Feb  8 23:29:28 CET 2020 - Matej Cepl <mcepl@suse.com>
 

python-base.spec

@@ -19,7 +19,7 @@
 %define so_version 2_7-1_0
 
 Name:           python-base
-Version:        2.7.17
+Version:        2.7.18
 Release:        0
 Summary:        Python Interpreter base package
 License:        Python-2.0

python-doc.changes

@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl <mcepl@suse.com>
+
+- Update to 2.7.18, final release of Python 2. Ever.:
+  - Newline characters have been escaped when performing uu
+    encoding to prevent them from overflowing into to content
+    section of the encoded file. This prevents malicious or
+    accidental modification of data during the decoding process.
+  - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch
+    by Ben Caller.
+  - Fixed line numbers and column offsets for AST nodes for calls
+    without arguments in decorators.
+  - Disallow control characters in hostnames in http.client,
+    addressing CVE-2019-18348. Such potentially malicious header
+    injection URLs now cause a InvalidURL to be raised.
+  - Fix urllib.urlretrieve failing on subsequent ftp transfers
+    from the same host.
+  - Fix problems identified by GCC's -Wstringop-truncation
+    warning.
+  - AddRefActCtx() was needlessly being checked for failure in
+    PC/dl_nt.c.
+  - Prevent failure of test_relative_path in test_py_compile on
+    macOS Catalina.
+  - Fixed possible leak in :c:func:`PyArg_Parse` and similar
+    functions for format units "es#" and "et#" when the macro
+    :c:macro:`PY_SSIZE_T_CLEAN` is not defined.
+
+-------------------------------------------------------------------
+Sat Feb  8 23:29:28 CET 2020 - Matej Cepl <mcepl@suse.com>
+
+- Add CVE-2019-9674-zip-bomb.patch to improve documentation
+  warning about dangers of zip-bombs and other security problems
+  with zipfile library. (bsc#1162825 CVE-2019-9674)
+
 -------------------------------------------------------------------
 Sat Feb  8 22:30:51 CET 2020 - Matej Cepl <mcepl@suse.com>
 

python-doc.spec

@@ -17,7 +17,7 @@
 
 
 Name:           python-doc
-Version:        2.7.17
+Version:        2.7.18
 Release:        0
 Summary:        Additional Package Documentation for Python
 License:        Python-2.0

python.changes

@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl <mcepl@suse.com>
+
+- Update to 2.7.18, final release of Python 2. Ever.:
+  - Newline characters have been escaped when performing uu
+    encoding to prevent them from overflowing into to content
+    section of the encoded file. This prevents malicious or
+    accidental modification of data during the decoding process.
+  - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch
+    by Ben Caller.
+  - Fixed line numbers and column offsets for AST nodes for calls
+    without arguments in decorators.
+  - Disallow control characters in hostnames in http.client,
+    addressing CVE-2019-18348. Such potentially malicious header
+    injection URLs now cause a InvalidURL to be raised.
+  - Fix urllib.urlretrieve failing on subsequent ftp transfers
+    from the same host.
+  - Fix problems identified by GCC's -Wstringop-truncation
+    warning.
+  - AddRefActCtx() was needlessly being checked for failure in
+    PC/dl_nt.c.
+  - Prevent failure of test_relative_path in test_py_compile on
+    macOS Catalina.
+  - Fixed possible leak in :c:func:`PyArg_Parse` and similar
+    functions for format units "es#" and "et#" when the macro
+    :c:macro:`PY_SSIZE_T_CLEAN` is not defined.
+
+-------------------------------------------------------------------
+Sat Feb  8 23:29:28 CET 2020 - Matej Cepl <mcepl@suse.com>
+
+- Add CVE-2019-9674-zip-bomb.patch to improve documentation
+  warning about dangers of zip-bombs and other security problems
+  with zipfile library. (bsc#1162825 CVE-2019-9674)
+
 -------------------------------------------------------------------
 Sat Feb  8 22:30:51 CET 2020 - Matej Cepl <mcepl@suse.com>
 

python.spec

@@ -17,7 +17,7 @@
 
 
 Name:           python
-Version:        2.7.17
+Version:        2.7.18
 Release:        0
 Summary:        Python Interpreter
 License:        Python-2.0