diff --git a/python-2.7.10-overflow_check.patch b/python-2.7.10-overflow_check.patch
new file mode 100644
index 0000000..8a1bbba
--- /dev/null
+++ b/python-2.7.10-overflow_check.patch
@@ -0,0 +1,168 @@
+--- ./Objects/bytearrayobject.c.orig	2016-01-29 13:58:55.414941897 +0100
++++ ./Objects/bytearrayobject.c	2016-01-29 14:00:18.383902058 +0100
+@@ -1903,12 +1903,12 @@
+ 
+     /* Check for overflow */
+     /*    result_len = self_len + count * (to_len-from_len) */
+-    product = count * (to_len-from_len);
++    product = (size_t)count * (to_len-from_len);
+     if (product / (to_len-from_len) != count) {
+         PyErr_SetString(PyExc_OverflowError, "replace bytes is too long");
+         return NULL;
+     }
+-    result_len = self_len + product;
++    result_len = (size_t)self_len + product;
+     if (result_len < 0) {
+         PyErr_SetString(PyExc_OverflowError, "replace bytes is too long");
+         return NULL;
+--- ./Objects/stringobject.c.orig	2016-01-29 14:00:30.904046945 +0100
++++ ./Objects/stringobject.c	2016-01-29 14:01:14.120547063 +0100
+@@ -2693,12 +2693,12 @@
+ 
+     /* Check for overflow */
+     /*    result_len = self_len + count * (to_len-from_len) */
+-    product = count * (to_len-from_len);
++    product = (size_t)count * (to_len-from_len);
+     if (product / (to_len-from_len) != count) {
+         PyErr_SetString(PyExc_OverflowError, "replace string is too long");
+         return NULL;
+     }
+-    result_len = self_len + product;
++    result_len = (size_t)self_len + product;
+     if (result_len < 0) {
+         PyErr_SetString(PyExc_OverflowError, "replace string is too long");
+         return NULL;
+--- Objects/bytearrayobject.c.orig	2016-01-29 14:14:36.713834152 +0100
++++ Objects/bytearrayobject.c	2016-01-29 14:17:50.880080712 +0100
+@@ -357,7 +357,7 @@
+     if (count < 0)
+         count = 0;
+     mysize = Py_SIZE(self);
+-    size = mysize * count;
++    size = (size_t)mysize * count;
+     if (count != 0 && size / count != mysize)
+         return PyErr_NoMemory();
+     result = (PyByteArrayObject *)PyByteArray_FromStringAndSize(NULL, size);
+@@ -382,7 +382,7 @@
+     if (count < 0)
+         count = 0;
+     mysize = Py_SIZE(self);
+-    size = mysize * count;
++    size = (size_t)mysize * count;
+     if (count != 0 && size / count != mysize)
+         return PyErr_NoMemory();
+     if (size < self->ob_alloc) {
+@@ -1578,13 +1578,13 @@
+ 
+     /* Check for overflow */
+     /*   result_len = count * to_len + self_len; */
+-    product = count * to_len;
++    product = (size_t)count * to_len;
+     if (product / to_len != count) {
+         PyErr_SetString(PyExc_OverflowError,
+                         "replace string is too long");
+         return NULL;
+     }
+-    result_len = product + self_len;
++    result_len = (size_t)product + self_len;
+     if (result_len < 0) {
+         PyErr_SetString(PyExc_OverflowError,
+                         "replace string is too long");
+@@ -1833,12 +1833,12 @@
+ 
+     /* use the difference between current and new, hence the "-1" */
+     /*   result_len = self_len + count * (to_len-1)  */
+-    product = count * (to_len-1);
++    product = (size_t)count * (to_len-1);
+     if (product / (to_len-1) != count) {
+         PyErr_SetString(PyExc_OverflowError, "replace bytes is too long");
+         return NULL;
+     }
+-    result_len = self_len + product;
++    result_len = (size_t)self_len + product;
+     if (result_len < 0) {
+             PyErr_SetString(PyExc_OverflowError, "replace bytes is too long");
+             return NULL;
+--- ./Objects/stringobject.c.orig	2016-01-29 14:18:21.392433741 +0100
++++ ./Objects/stringobject.c	2016-01-29 14:20:23.669848479 +0100
+@@ -1084,7 +1084,7 @@
+     /* watch out for overflows:  the size can overflow int,
+      * and the # of bytes needed can overflow size_t
+      */
+-    size = Py_SIZE(a) * n;
++    size = (size_t)Py_SIZE(a) * n;
+     if (n && size / n != Py_SIZE(a)) {
+         PyErr_SetString(PyExc_OverflowError,
+             "repeated string is too long");
+@@ -1644,9 +1644,9 @@
+             Py_DECREF(seq);
+             return NULL;
+         }
+-        sz += PyString_GET_SIZE(item);
++        sz += (size_t)PyString_GET_SIZE(item);
+         if (i != 0)
+-            sz += seplen;
++            sz += (size_t)seplen;
+         if (sz < old_sz || sz > PY_SSIZE_T_MAX) {
+             PyErr_SetString(PyExc_OverflowError,
+                 "join() result is too long for a Python string");
+@@ -2370,13 +2370,13 @@
+ 
+     /* Check for overflow */
+     /*   result_len = count * to_len + self_len; */
+-    product = count * to_len;
++    product = (size_t)count * to_len;
+     if (product / to_len != count) {
+         PyErr_SetString(PyExc_OverflowError,
+                         "replace string is too long");
+         return NULL;
+     }
+-    result_len = product + self_len;
++    result_len = (size_t)product + self_len;
+     if (result_len < 0) {
+         PyErr_SetString(PyExc_OverflowError,
+                         "replace string is too long");
+@@ -2624,12 +2624,12 @@
+ 
+     /* use the difference between current and new, hence the "-1" */
+     /*   result_len = self_len + count * (to_len-1)  */
+-    product = count * (to_len-1);
++    product = (size_t)count * (to_len-1);
+     if (product / (to_len-1) != count) {
+         PyErr_SetString(PyExc_OverflowError, "replace string is too long");
+         return NULL;
+     }
+-    result_len = self_len + product;
++    result_len = (size_t)self_len + product;
+     if (result_len < 0) {
+         PyErr_SetString(PyExc_OverflowError, "replace string is too long");
+         return NULL;
+--- Objects/tupleobject.c.orig	2016-01-29 14:38:23.334287970 +0100
++++ Objects/tupleobject.c	2016-01-29 14:39:46.175240404 +0100
+@@ -79,7 +79,7 @@
+     else
+ #endif
+     {
+-        Py_ssize_t nbytes = size * sizeof(PyObject *);
++        Py_ssize_t nbytes = (size_t)size * sizeof(PyObject *);
+         /* Check for overflow */
+         if (nbytes / sizeof(PyObject *) != (size_t)size ||
+             (nbytes > PY_SSIZE_T_MAX - sizeof(PyTupleObject) - sizeof(PyObject *)))
+@@ -446,7 +446,7 @@
+         return NULL;
+     }
+ #define b ((PyTupleObject *)bb)
+-    size = Py_SIZE(a) + Py_SIZE(b);
++    size = (size_t)Py_SIZE(a) + Py_SIZE(b);
+     if (size < 0)
+         return PyErr_NoMemory();
+     np = (PyTupleObject *) PyTuple_New(size);
+@@ -490,7 +490,7 @@
+         if (Py_SIZE(a) == 0)
+             return PyTuple_New(0);
+     }
+-    size = Py_SIZE(a) * n;
++    size = (size_t)Py_SIZE(a) * n;
+     if (size/Py_SIZE(a) != n)
+         return PyErr_NoMemory();
+     np = (PyTupleObject *) PyTuple_New(size);
diff --git a/python-base.changes b/python-base.changes
index f0a3409..b191abb 100644
--- a/python-base.changes
+++ b/python-base.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Jan 29 13:03:40 UTC 2016 - rguenther@suse.com
+
+- Add python-2.7.10-overflow_check.patch to fix broken overflow checks.
+  [bnc#964182]
+
 -------------------------------------------------------------------
 Mon Sep 14 15:04:43 UTC 2015 - jmatejek@suse.com
 
diff --git a/python-base.spec b/python-base.spec
index abd5fb4..6f68b19 100644
--- a/python-base.spec
+++ b/python-base.spec
@@ -56,6 +56,7 @@ Patch33:        python-2.7.9-ssl_ca_path.patch
 Patch34:        python-2.7.9-sles-disable-verification-by-default.patch
 # PATCH-FIX-UPSTREAM python-ncurses-6.0-accessors.patch dimstar@opensuse.org -- Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1
 Patch35:        python-ncurses-6.0-accessors.patch
+Patch36:	python-2.7.10-overflow_check.patch
 # COMMON-PATCH-END
 %define         python_version    %(echo %{tarversion} | head -c 3)
 BuildRequires:  automake
@@ -149,6 +150,7 @@ other applications.
 %patch34 -p1
 %endif
 %patch35 -p1
+%patch36
 
 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac
diff --git a/python-doc.spec b/python-doc.spec
index 97e2af7..5da1d4d 100644
--- a/python-doc.spec
+++ b/python-doc.spec
@@ -15,7 +15,6 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-
 Name:           python-doc
 Version:        2.7.10
 Release:        0
@@ -57,6 +56,7 @@ Patch33:        python-2.7.9-ssl_ca_path.patch
 Patch34:        python-2.7.9-sles-disable-verification-by-default.patch
 # PATCH-FIX-UPSTREAM python-ncurses-6.0-accessors.patch dimstar@opensuse.org -- Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1
 Patch35:        python-ncurses-6.0-accessors.patch
+Patch36:	python-2.7.10-overflow_check.patch
 # COMMON-PATCH-END
 Provides:       pyth_doc
 Provides:       pyth_ps
@@ -104,6 +104,7 @@ Python, and Macintosh Module Reference in PDF format.
 %patch34 -p1
 %endif
 %patch35 -p1
+%patch36
 
 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac
diff --git a/python.spec b/python.spec
index 619ba73..1ddbe65 100644
--- a/python.spec
+++ b/python.spec
@@ -15,7 +15,6 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-
 Name:           python
 Version:        2.7.10
 Release:        0
@@ -62,6 +61,7 @@ Patch33:        python-2.7.9-ssl_ca_path.patch
 Patch34:        python-2.7.9-sles-disable-verification-by-default.patch
 # PATCH-FIX-UPSTREAM python-ncurses-6.0-accessors.patch dimstar@opensuse.org -- Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1
 Patch35:        python-ncurses-6.0-accessors.patch
+Patch36:	python-2.7.10-overflow_check.patch
 # COMMON-PATCH-END
 BuildRequires:  automake
 BuildRequires:  db-devel
@@ -205,6 +205,7 @@ that rely on earlier non-verification behavior.
 %patch34 -p1
 %endif
 %patch35 -p1
+%patch36
 
 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac