diff --git a/Python-2.7.17.tar.xz b/Python-2.7.17.tar.xz
deleted file mode 100644
index 94abb7e..0000000
--- a/Python-2.7.17.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4d43f033cdbd0aa7b7023c81b0e986fd11e653b5248dac9144d508f11812ba41
-size 12855568
diff --git a/Python-2.7.17.tar.xz.asc b/Python-2.7.17.tar.xz.asc
deleted file mode 100644
index e92d432..0000000
--- a/Python-2.7.17.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEwB4crV6ixPC441cVBMNnwhit1P8FAl2rXRsACgkQBMNnwhit
-1P/dJg//UrZRji4wnui1gfsp/qUtEIQe3Qb48LU7NAPjr5Y0B+ebG9peOw2pR4JX
-yUXYewWFN7Cy4wxyQki5pbo9bNwSqJ0Xfix/R+mcoSQHGWb0FVH+gk2tGehtM99M
-EUR1cdywA2a3K+Dpqaqysl7NCYMTq2bqMcRh/ADUHfmCpneisdSZTq2vX7lfgBAj
-py+OIeXTa3P6EFhMZYKOc+/7p/pltmh28cmLqhL91UEVQi4eT3EbAu17CI7d9pQr
-28FtqM7EDhm1cbkE25GuVDE8zP5JO+AjcMmRBSiRDBTur////0NqzeoCqmFcwPpt
-DZAfS4AAyQroXJsYElZDr5STL/guhgYe3FJGVSqpZ4Tk2Fyr1olQGnVR2TlPufQu
-21e6dJZFyc+7cHIe9+gpizXsoOgMk40qTJB/xQ0ERNGJZ6t39VJ2s8GlaY0+Dnvq
-yRt5a/SzHrJK4Y/0lC17LylSP5VuMUKm0gXFGmJGYfHYw7I51IpXpFWBQBzghelj
-aKgEsjWxmHcaM7t8tBlQniSQ8eAONCBvhG+pnQn2WEaSdQxpTdeckcfP6K2CV7AN
-XuZ42/u+lwRB4QI4sA1HXQ6ab/gjCAQzKJSbRhhx4WIosGxNMf0rI+u0cCOT/eBI
-sYCLEx564/NS2ErMAVoT+tvXIDQXl7Z/0K95I4IJel+6aPiW9HI=
-=YxNu
------END PGP SIGNATURE-----
diff --git a/Python-2.7.18.tar.xz b/Python-2.7.18.tar.xz
new file mode 100644
index 0000000..26608d7
--- /dev/null
+++ b/Python-2.7.18.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b62c0e7937551d0cc02b8fd5cb0f544f9405bafc9a54d3808ed4594812edef43
+size 12854736
diff --git a/Python-2.7.18.tar.xz.asc b/Python-2.7.18.tar.xz.asc
new file mode 100644
index 0000000..5afd904
--- /dev/null
+++ b/Python-2.7.18.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEwB4crV6ixPC441cVBMNnwhit1P8FAl6cx00ACgkQBMNnwhit
+1P8kiBAAmGj5Nz8rsDoqRppDfWuk/oLU1WwXIixFOuzrrIcSnUDGtZgikIlA0q1z
+At/09+mbQMSv93/oa+ISCQujvH5QTbKqOoYYdBGdsK6XZevrGM1UO3eRaldBElQ0
+03zIT7d9OyvbvvvegsqaCMFoGhcAmnp6AomXFt20U80tIaCBCftGKIfQQXR/aTfz
+w3F7s+ZrzLd2mj9rVtld6KPs9ZuTl3xK1YlsfKvXnLwK0v9h7shVvkj9vKnolwPI
+Ykl1FDI0p/gHbkRzC0D10zOv58mO4jrkezlq1ZKVwu7hgGFVXt1ZudwbpIWz8cl0
+AHcEK+ls9F9fw6bvRJPHi0L/jvvr58+3hg1iwJW24eYvP2GuRSRk1GF3FroARll7
++PW6y+kyrjhyznv0KVY5efEgJQRGJ4o6d5PvWKIWiwL6HycAXfUt7248S0N3acKZ
+Am4UVCRXwhCB0+xENAaT/KtMK/kvl5G9bVLSpah0LlSZ0u/X86zhyitVky3LD/el
+JRrHskXIA4wDcxfv503tEvRm9vLOdr0XwAyZ9qh7NGfmmAT2W/bKa3qlM6DJ027c
+mRl0VKmiseh4r3JIOAqkDFUNbvjKhteA4HeTrOxsqacnzWTH+tvB2Pm3Qpl/oRhM
+iAsGICpa9IMFmhmhoWjdpacXIiPaGhJA9AC3lufOPgIqMVvwsQ4=
+=V2yl
+-----END PGP SIGNATURE-----
diff --git a/python-2.7.17-docs-pdf-a4.tar.bz2 b/python-2.7.17-docs-pdf-a4.tar.bz2
deleted file mode 100644
index dfee271..0000000
--- a/python-2.7.17-docs-pdf-a4.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bec4c29c255bcf87b39606ec76d6ed25ef3880333a88447bb8958cf9269f7a21
-size 11440300
diff --git a/python-2.7.17-docs-pdf-letter.tar.bz2 b/python-2.7.17-docs-pdf-letter.tar.bz2
deleted file mode 100644
index ae384b5..0000000
--- a/python-2.7.17-docs-pdf-letter.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:27d3f0f23a13300a5df66c66d7a28d09681b810436ab94895295479a8ae0572d
-size 11440077
diff --git a/python-2.7.18-docs-pdf-a4.tar.bz2 b/python-2.7.18-docs-pdf-a4.tar.bz2
new file mode 100644
index 0000000..4550925
--- /dev/null
+++ b/python-2.7.18-docs-pdf-a4.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:55cfc0527ec38284ae56d90b165f099184d6c4e2f1ba604af9e462a66552fcaa
+size 11455638
diff --git a/python-2.7.18-docs-pdf-letter.tar.bz2 b/python-2.7.18-docs-pdf-letter.tar.bz2
new file mode 100644
index 0000000..721dc10
--- /dev/null
+++ b/python-2.7.18-docs-pdf-letter.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:76e56fe618a6d5d1cd7b90e73d46fa1a4d0b3e5bbdfdce6c5d59cff9d49ed749
+size 11455851
diff --git a/python-base.changes b/python-base.changes
index 272fae2..e53f85c 100644
--- a/python-base.changes
+++ b/python-base.changes
@@ -1,3 +1,35 @@
+-------------------------------------------------------------------
+Mon Apr 27 06:56:55 UTC 2020 - Matej Cepl <mcepl@suse.com>
+
+- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
+
+-------------------------------------------------------------------
+Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl <mcepl@suse.com>
+
+- Update to 2.7.18, final release of Python 2. Ever.:
+  - Newline characters have been escaped when performing uu
+    encoding to prevent them from overflowing into to content
+    section of the encoded file. This prevents malicious or
+    accidental modification of data during the decoding process.
+  - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch
+    by Ben Caller.
+  - Fixed line numbers and column offsets for AST nodes for calls
+    without arguments in decorators.
+  - Disallow control characters in hostnames in http.client,
+    addressing CVE-2019-18348. Such potentially malicious header
+    injection URLs now cause a InvalidURL to be raised.
+  - Fix urllib.urlretrieve failing on subsequent ftp transfers
+    from the same host.
+  - Fix problems identified by GCC's -Wstringop-truncation
+    warning.
+  - AddRefActCtx() was needlessly being checked for failure in
+    PC/dl_nt.c.
+  - Prevent failure of test_relative_path in test_py_compile on
+    macOS Catalina.
+  - Fixed possible leak in :c:func:`PyArg_Parse` and similar
+    functions for format units "es#" and "et#" when the macro
+    :c:macro:`PY_SSIZE_T_CLEAN` is not defined.
+
 -------------------------------------------------------------------
 Sat Feb  8 23:29:28 CET 2020 - Matej Cepl <mcepl@suse.com>
 
diff --git a/python-base.spec b/python-base.spec
index 39396d2..ad010fc 100644
--- a/python-base.spec
+++ b/python-base.spec
@@ -19,7 +19,7 @@
 %define so_version 2_7-1_0
 
 Name:           python-base
-Version:        2.7.17
+Version:        2.7.18
 Release:        0
 Summary:        Python Interpreter base package
 License:        Python-2.0
diff --git a/python-doc.changes b/python-doc.changes
index b935f47..e53f85c 100644
--- a/python-doc.changes
+++ b/python-doc.changes
@@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Mon Apr 27 06:56:55 UTC 2020 - Matej Cepl <mcepl@suse.com>
+
+- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
+
+-------------------------------------------------------------------
+Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl <mcepl@suse.com>
+
+- Update to 2.7.18, final release of Python 2. Ever.:
+  - Newline characters have been escaped when performing uu
+    encoding to prevent them from overflowing into to content
+    section of the encoded file. This prevents malicious or
+    accidental modification of data during the decoding process.
+  - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch
+    by Ben Caller.
+  - Fixed line numbers and column offsets for AST nodes for calls
+    without arguments in decorators.
+  - Disallow control characters in hostnames in http.client,
+    addressing CVE-2019-18348. Such potentially malicious header
+    injection URLs now cause a InvalidURL to be raised.
+  - Fix urllib.urlretrieve failing on subsequent ftp transfers
+    from the same host.
+  - Fix problems identified by GCC's -Wstringop-truncation
+    warning.
+  - AddRefActCtx() was needlessly being checked for failure in
+    PC/dl_nt.c.
+  - Prevent failure of test_relative_path in test_py_compile on
+    macOS Catalina.
+  - Fixed possible leak in :c:func:`PyArg_Parse` and similar
+    functions for format units "es#" and "et#" when the macro
+    :c:macro:`PY_SSIZE_T_CLEAN` is not defined.
+
+-------------------------------------------------------------------
+Sat Feb  8 23:29:28 CET 2020 - Matej Cepl <mcepl@suse.com>
+
+- Add CVE-2019-9674-zip-bomb.patch to improve documentation
+  warning about dangers of zip-bombs and other security problems
+  with zipfile library. (bsc#1162825 CVE-2019-9674)
+
 -------------------------------------------------------------------
 Sat Feb  8 22:30:51 CET 2020 - Matej Cepl <mcepl@suse.com>
 
diff --git a/python-doc.spec b/python-doc.spec
index 12bd25a..49300c0 100644
--- a/python-doc.spec
+++ b/python-doc.spec
@@ -17,7 +17,7 @@
 
 
 Name:           python-doc
-Version:        2.7.17
+Version:        2.7.18
 Release:        0
 Summary:        Additional Package Documentation for Python
 License:        Python-2.0
@@ -31,7 +31,11 @@ Source0:        %{tarname}.tar.xz
 #Source3:        http://docs.python.org/%{version}/archives/python-%{pyver}-docs-pdf-letter.tar.bz2
 Source2:        python-%{version}-docs-pdf-a4.tar.bz2
 Source3:        python-%{version}-docs-pdf-letter.tar.bz2
+%if 0%{?suse_version} >= 1500
+BuildRequires:  python3-Sphinx
+%else
 BuildRequires:  python-Sphinx
+%endif
 BuildRequires:  xz
 # COMMON-PATCH-BEGIN
 Patch1:         python-2.7-dirs.patch
diff --git a/python.changes b/python.changes
index b935f47..e53f85c 100644
--- a/python.changes
+++ b/python.changes
@@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Mon Apr 27 06:56:55 UTC 2020 - Matej Cepl <mcepl@suse.com>
+
+- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
+
+-------------------------------------------------------------------
+Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl <mcepl@suse.com>
+
+- Update to 2.7.18, final release of Python 2. Ever.:
+  - Newline characters have been escaped when performing uu
+    encoding to prevent them from overflowing into to content
+    section of the encoded file. This prevents malicious or
+    accidental modification of data during the decoding process.
+  - Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch
+    by Ben Caller.
+  - Fixed line numbers and column offsets for AST nodes for calls
+    without arguments in decorators.
+  - Disallow control characters in hostnames in http.client,
+    addressing CVE-2019-18348. Such potentially malicious header
+    injection URLs now cause a InvalidURL to be raised.
+  - Fix urllib.urlretrieve failing on subsequent ftp transfers
+    from the same host.
+  - Fix problems identified by GCC's -Wstringop-truncation
+    warning.
+  - AddRefActCtx() was needlessly being checked for failure in
+    PC/dl_nt.c.
+  - Prevent failure of test_relative_path in test_py_compile on
+    macOS Catalina.
+  - Fixed possible leak in :c:func:`PyArg_Parse` and similar
+    functions for format units "es#" and "et#" when the macro
+    :c:macro:`PY_SSIZE_T_CLEAN` is not defined.
+
+-------------------------------------------------------------------
+Sat Feb  8 23:29:28 CET 2020 - Matej Cepl <mcepl@suse.com>
+
+- Add CVE-2019-9674-zip-bomb.patch to improve documentation
+  warning about dangers of zip-bombs and other security problems
+  with zipfile library. (bsc#1162825 CVE-2019-9674)
+
 -------------------------------------------------------------------
 Sat Feb  8 22:30:51 CET 2020 - Matej Cepl <mcepl@suse.com>
 
diff --git a/python.spec b/python.spec
index 1fb2188..3b3940b 100644
--- a/python.spec
+++ b/python.spec
@@ -17,7 +17,7 @@
 
 
 Name:           python
-Version:        2.7.17
+Version:        2.7.18
 Release:        0
 Summary:        Python Interpreter
 License:        Python-2.0