Accepting request 692400 from home:mcepl:branches:devel:languages:python:Factory

- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch 
  removing unnecessary (and potentially harmful) URL scheme
  local-file://.

- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
  Characters in the netloc attribute that decompose under NFKC
  normalization (as used by the IDNA encoding) into any of ``/``,
  ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
  URL is decomposed before parsing, or is not a Unicode string,
  no error will be raised.
  Upstream commits e37ef41 and 507bd8c.

- Update to 2.7.16:
  * bugfix-only release: complete list of changes on
    https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
  * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
    which are fully included in the tarball.
  * Updated patches to apply cleanly:
        CVE-2019-5010-null-defer-x509-cert-DOS.patch
        bpo36160-init-sysconfig_vars.patch
        do-not-use-non-ascii-in-test_ssl.patch
        openssl-111-middlebox-compat.patch
        openssl-111-ssl_options.patch
        python-2.5.1-sqlite.patch
        python-2.6-gettext-plurals.patch
        python-2.7-dirs.patch
        python-2.7.2-fix_date_time_compiler.patch
        python-2.7.4-canonicalize2.patch
        python-2.7.5-multilib.patch
        python-2.7.9-ssl_ca_path.patch

OBS-URL: https://build.opensuse.org/request/show/692400
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=241

python-bsddb6.diff

@@ -16,10 +16,8 @@ This patch was partially autogenerated:
  setup.py                           |    6 +-
  6 files changed, 120 insertions(+), 41 deletions(-)
 
-Index: Python-2.7.14/Lib/bsddb/test/test_all.py
-===================================================================
---- Python-2.7.14.orig/Lib/bsddb/test/test_all.py
-+++ Python-2.7.14/Lib/bsddb/test/test_all.py
+--- a/Lib/bsddb/test/test_all.py
++++ b/Lib/bsddb/test/test_all.py
 @@ -74,8 +74,9 @@ if sys.version_info[0] >= 3 :
                  key = key.decode(charset)
              return (key, value.decode(charset))
@@ -56,10 +54,8 @@ Index: Python-2.7.14/Lib/bsddb/test/test_all.py
      print 'My pid:               %s' % os.getpid()
      print '-=' * 38
  
-Index: Python-2.7.14/Lib/bsddb/test/test_misc.py
-===================================================================
---- Python-2.7.14.orig/Lib/bsddb/test/test_misc.py
-+++ Python-2.7.14/Lib/bsddb/test/test_misc.py
+--- a/Lib/bsddb/test/test_misc.py
++++ b/Lib/bsddb/test/test_misc.py
 @@ -46,8 +46,9 @@ class MiscTestCase(unittest.TestCase):
              d[repr(i)] = repr(100*i)
          db.close()
@@ -72,10 +68,8 @@ Index: Python-2.7.14/Lib/bsddb/test/test_misc.py
          db.close()
  
      # http://sourceforge.net/tracker/index.php?func=detail&aid=1708868&group_id=13900&atid=313900
-Index: Python-2.7.14/Lib/bsddb/test/test_replication.py
-===================================================================
---- Python-2.7.14.orig/Lib/bsddb/test/test_replication.py
-+++ Python-2.7.14/Lib/bsddb/test/test_replication.py
+--- a/Lib/bsddb/test/test_replication.py
++++ b/Lib/bsddb/test/test_replication.py
 @@ -165,21 +165,10 @@ class DBReplicationManager(DBReplication
          # is not generated if the master has no new transactions.
          # This is solved in BDB 4.6 (#15542).
@@ -124,10 +118,8 @@ Index: Python-2.7.14/Lib/bsddb/test/test_replication.py
          while (time.time()<timeout) and not (self.confirmed_master and
                  self.client_startupdone) :
              time.sleep(0.02)
-Index: Python-2.7.14/Modules/_bsddb.c
-===================================================================
---- Python-2.7.14.orig/Modules/_bsddb.c
-+++ Python-2.7.14/Modules/_bsddb.c
+--- a/Modules/_bsddb.c
++++ b/Modules/_bsddb.c
 @@ -124,10 +124,14 @@ typedef int Py_ssize_t;
  #define NUMBER_Check    PyLong_Check
  #define NUMBER_AsLong   PyLong_AsLong
@@ -162,7 +154,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
  /* The same, when the value is a time_t */
  static void _addTimeTToDict(PyObject* dict, char *name, time_t value)
  {
-@@ -2655,13 +2671,21 @@ _default_cmp(const DBT *leftKey,
+@@ -2677,13 +2693,21 @@ _default_cmp(const DBT *leftKey,
  static int
  _db_compareCallback(DB* db,
                      const DBT *leftKey,
@@ -185,7 +177,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
      if (self == NULL || self->btCompareCallback == NULL) {
          MYDB_BEGIN_BLOCK_THREADS;
          PyErr_SetString(PyExc_TypeError,
-@@ -2769,13 +2793,21 @@ DB_set_bt_compare(DBObject* self, PyObje
+@@ -2791,13 +2815,21 @@ DB_set_bt_compare(DBObject* self, PyObje
  static int
  _db_dupCompareCallback(DB* db,
  		    const DBT *leftKey,
@@ -208,7 +200,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
      if (self == NULL || self->dupCompareCallback == NULL) {
  	MYDB_BEGIN_BLOCK_THREADS;
  	PyErr_SetString(PyExc_TypeError,
-@@ -3554,13 +3586,14 @@ Py_ssize_t DB_length(PyObject* _self)
+@@ -3576,13 +3608,14 @@ Py_ssize_t DB_length(PyObject* _self)
      err = self->db->stat(self->db, /*txnid*/ NULL, &sp, 0);
      MYDB_END_ALLOW_THREADS;
  
@@ -226,7 +218,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
      free(sp);
      return size;
  }
-@@ -8398,12 +8431,22 @@ static PyObject*
+@@ -8420,12 +8453,22 @@ static PyObject*
  DBSequence_get(DBSequenceObject* self, PyObject* args, PyObject* kwargs)
  {
      int err, flags = 0;
@@ -250,7 +242,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
          return NULL;
      CHECK_SEQUENCE_NOT_CLOSED(self)
  
-@@ -8533,8 +8576,19 @@ DBSequence_remove(DBSequenceObject* self
+@@ -8555,8 +8598,19 @@ DBSequence_remove(DBSequenceObject* self
  static PyObject*
  DBSequence_set_cachesize(DBSequenceObject* self, PyObject* args)
  {
@@ -272,7 +264,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
          return NULL;
      CHECK_SEQUENCE_NOT_CLOSED(self)
  
-@@ -8549,7 +8603,11 @@ DBSequence_set_cachesize(DBSequenceObjec
+@@ -8571,7 +8625,11 @@ DBSequence_set_cachesize(DBSequenceObjec
  static PyObject*
  DBSequence_get_cachesize(DBSequenceObject* self)
  {
@@ -285,7 +277,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
  
      CHECK_SEQUENCE_NOT_CLOSED(self)
  
-@@ -8678,6 +8736,9 @@ DBSequence_stat(DBSequenceObject* self,
+@@ -8700,6 +8758,9 @@ DBSequence_stat(DBSequenceObject* self,
  
  
  #define MAKE_INT_ENTRY(name)  _addIntToDict(dict_stat, #name, sp->st_##name)
@@ -295,7 +287,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
  #define MAKE_LONG_LONG_ENTRY(name)  _addDb_seq_tToDict(dict_stat, #name, sp->st_##name)
  
      MAKE_INT_ENTRY(wait);
-@@ -8687,10 +8748,15 @@ DBSequence_stat(DBSequenceObject* self,
+@@ -8709,10 +8770,15 @@ DBSequence_stat(DBSequenceObject* self,
      MAKE_LONG_LONG_ENTRY(last_value);
      MAKE_LONG_LONG_ENTRY(min);
      MAKE_LONG_LONG_ENTRY(max);
@@ -311,7 +303,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
  #undef MAKE_LONG_LONG_ENTRY
  
      free(sp);
-@@ -8992,7 +9058,7 @@ static PyMethodDef DBEnv_methods[] = {
+@@ -9014,7 +9080,7 @@ static PyMethodDef DBEnv_methods[] = {
      {"txn_recover",     (PyCFunction)DBEnv_txn_recover,     METH_NOARGS},
  #if (DBVER < 48)
      {"set_rpc_server",  (PyCFunction)DBEnv_set_rpc_server,
@@ -320,7 +312,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
  #endif
      {"set_mp_max_openfd", (PyCFunction)DBEnv_set_mp_max_openfd, METH_VARARGS},
      {"get_mp_max_openfd", (PyCFunction)DBEnv_get_mp_max_openfd, METH_NOARGS},
-@@ -9964,6 +10030,10 @@ PyMODINIT_FUNC  PyInit__bsddb(void)    /
+@@ -9986,6 +10052,10 @@ PyMODINIT_FUNC  PyInit__bsddb(void)    /
      ADD_INT(d, DB_LOG_ZERO);
  #endif
  
@@ -331,7 +323,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
  #if (DBVER >= 44)
      ADD_INT(d, DB_DSYNC_DB);
  #endif
-@@ -10024,6 +10094,10 @@ PyMODINIT_FUNC  PyInit__bsddb(void)    /
+@@ -10046,6 +10116,10 @@ PyMODINIT_FUNC  PyInit__bsddb(void)    /
      ADD_INT(d, DB_EVENT_REG_PANIC);
  #endif
  
@@ -342,7 +334,7 @@ Index: Python-2.7.14/Modules/_bsddb.c
  #if (DBVER >=52)
      ADD_INT(d, DB_EVENT_REP_SITE_ADDED);
      ADD_INT(d, DB_EVENT_REP_SITE_REMOVED);
-@@ -10128,6 +10202,20 @@ PyMODINIT_FUNC  PyInit__bsddb(void)    /
+@@ -10150,6 +10224,20 @@ PyMODINIT_FUNC  PyInit__bsddb(void)    /
      ADD_INT(d, DB_REP_CONF_INMEM);
  #endif
  
@@ -363,10 +355,8 @@ Index: Python-2.7.14/Modules/_bsddb.c
      ADD_INT(d, DB_TIMEOUT);
  
  #if (DBVER >= 50)
-Index: Python-2.7.14/Modules/bsddb.h
-===================================================================
---- Python-2.7.14.orig/Modules/bsddb.h
-+++ Python-2.7.14/Modules/bsddb.h
+--- a/Modules/bsddb.h
++++ b/Modules/bsddb.h
 @@ -110,7 +110,7 @@
  #error "eek! DBVER can't handle minor versions > 9"
  #endif
@@ -376,10 +366,8 @@ Index: Python-2.7.14/Modules/bsddb.h
  
  /* Python object definitions */
  
-Index: Python-2.7.14/setup.py
-===================================================================
---- Python-2.7.14.orig/setup.py
-+++ Python-2.7.14/setup.py
+--- a/setup.py
++++ b/setup.py
 @@ -905,7 +905,7 @@ class PyBuildExt(build_ext):
          # a release.  Most open source OSes come with one or more
          # versions of BerkeleyDB already installed.