Removed rpms
============

 - DisplayCAL
 - chameleon
 - createrepo
 - fslint
 - fwzs
 - gonvert
 - gtkparasite
 - gyp
 - iceWMCP
 - iceWMCP-addons
 - iwscanner
 - jumpnbump
 - libraft0
 - lxcc
 - mysql-workbench
 - nagstamon
 - ndpmon
 - py-fishcrypt
 - qm
 - sk1
 - telepathy-gabble
 - telepathy-gabble-xmpp-console
 - vpp-api-python
 - yum
 - yum-lang
 - yum-metadata-parser
 - yum-updatesd
 - zeroinstall-injector

Added rpms
==========

 - libraft2
 - python-devel
 - python-xml
 - python2-PyYAML

Package Source Changes
======================

autotrace
+- biWidth*biBitCnt integer overflow fix (bsc#1182158,
+  CVE-2019-19004, CVE-2019-19004.patch).
+- Bitmap double free fix (bsc1182159, CVE-2019-19005,
+  CVE-2017-9182, CVE-2017-9190, CVE-2019-19005.patch).
+
-- Fix AC_DEFUN quoting
-
clustershell
+- Disable py2 support on Leap 15.4
+
createrepo_c
-- [boo#1187811] fix segfaults when metadata loading fails
-  + added 0001-set-proper-error-on-failed-loading-of-metadata.patch
+- removed %is_opensuse (CtLG)
+- disabled drpm for SLE/Leap 15.3
+
+- Update to 0.16.0
+  + Never do dir walk when --recycle-pkglist specified
+  + Add automatic module metadata handling for repos (rh#1795936)
+
+- Update to 0.15.11
+  + Add python unittest for invalid date in updateinfo record get_datetime
+  + Simplify case when attr is empty (prevents covscan warnings)
+  + Fix couple of memory leaks, some mistakenly dead code and error handling
+  + Add --arch-expand option
+  + Fix spelling errors.
+
+- Update to 0.15.7
+  + Add relogin_suggested to updatecollectionpackage (rh#1779751)
+  + Support issued date in epoch format in Python API (rh#1779751)
+
+- Update to 0.15.6
+  + Set global_exit_status on sigint so that .repodata are cleaned up
+  + Fix various issues discovered by covscans (rh#1789707)
+  + Enhance error handling when locating repositories (rh#1762697)
+  + Switch updateinfo to explicitly include bool values (rh#1772466)
+  + add --recycle-pkglist option
+  + use pkg href for cache lookup with --update
+  + Sync --excludes matching for dir-walk vs. --pkglist
grass
+- Use python3 on Leap 15.4
+
kicad
+- Use python3 on Leap 15.4
+
package-translations
-- Leap 15.4 Beta poo#99990 bump to version 89.87.20220225.5943e334:
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Slovak)
-  * Translated using Weblate (Catalan)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Dutch)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Dutch)
-  * Translated using Weblate (Dutch)
-  * Translated using Weblate (Dutch)
-  * Translated using Weblate (Dutch)
-  * Translated using Weblate (Dutch)
-  * Translated using Weblate (Dutch)
-  * Translated using Weblate (Dutch)
+- Update to version 89.87.20220316.36bed595:
+  * Update pot and po files for Leap 15.4 and SLE 15 SP4
+  * urls_sle.txt: Update for the latest SLE15 SP4 content
+  * Replace non-responding downloadcontent.opensuse.org by download.opensuse.org
+  * Translated using Weblate (Chinese (China) (zh_CN))
+  * Translated using Weblate (Chinese (Taiwan) (zh_TW))
-  * executing extractor for Leap 15.4 Beta poo#99879
-  * bump for 15.4
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Finnish)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Chinese (China) (zh_CN))
-  * Translated using Weblate (Chinese (China) (zh_CN))
-  * Translated using Weblate (Chinese (China) (zh_CN))
-  * Translated using Weblate (Chinese (China) (zh_CN))
-  * Translated using Weblate (Chinese (China) (zh_CN))
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Arabic)
-  * Translated using Weblate (Arabic)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Ukrainian)
+  * Translated using Weblate (French)
+  * Translated using Weblate (Indonesian)
+  * Translated using Weblate (Italian)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Russian)
+  * Translated using Weblate (Polish)
+  * Translated using Weblate (Portuguese (Brazil))
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Spanish)
-  * Translated using Weblate (Spanish)
+  * Translated using Weblate (Slovak)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
+  * Translated using Weblate (Swedish)
+
+- Leap 15.4 Beta poo#99990 bump to version 89.87.20220225.5943e334:
+  * bump for 15.4
+  * executing extractor for Leap 15.4 Beta poo#99879
+  * Translated using Weblate (Arabic)
+  * Translated using Weblate (Catalan)
+  * Translated using Weblate (Chinese (China) (zh_CN))
+  * Translated using Weblate (Czech)
+  * Translated using Weblate (Dutch)
+  * Translated using Weblate (Finnish)
+  * Translated using Weblate (German)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Ukrainian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Indonesian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (German)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Czech)
-  * Translated using Weblate (Czech)
-  * Translated using Weblate (Czech)
-  * Translated using Weblate (Czech)
-  * Translated using Weblate (Czech)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Czech)
-  * Translated using Weblate (Czech)
-  * Translated using Weblate (Czech)
-  * Translated using Weblate (Czech)
-  * Translated using Weblate (Czech)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Japanese)
-  * Translated using Weblate (Russian)
-  * Translated using Weblate (Catalan)
-  * Translated using Weblate (Russian)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Spanish)
+  * Translated using Weblate (Ukrainian)
patterns-lxde
+- Remove Resommends lxcc, lxcc will be deleted
+
python-base
+- Update bundled pip wheel to the latest SLE version patched
+  against bsc#1186819 (CVE-2021-3572).
+- Recover again proper value of %python2_package_prefix
+  (bsc#1175619).
+
+- BuildRequire rpm-build-python: The provider to inject python(abi)
+  has been moved there. rpm-build pulls rpm-build-python
+  automatically in when building anything against python3-base, but
+  this implies that the initial build of python3-base does not
+  trigger the automatic installation.
+
+- Older SLE versions should use old OpenSSL.
+
+- Add CVE-2022-0391-urllib_parse-newline-parsing.patch
+  (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs
+  containing ASCII newline and tabs in urlparse.
+
+- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,
+  bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib
+  not trust the PASV response.
+
+- build against openssl 1.1.x (incompatible with openssl 3.0x)
+  for now.
+
+- on sle12, python2 modules will still be called python-xxxx until EOL,
+  for newer SLE versions they will be python2-xxxx
+
+- BuildRequire rpm-build-python: The provider to inject python(abi)
+  has been moved there. rpm-build pulls rpm-build-python
+  automatically in when building anything against python3-base, but
+  this implies that the initial build of python3-base does not
+  trigger the automatic installation.
+
+- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
+  (CVE-2019-20907, bpo#39017) avoiding possible infinite loop
+  in specifically crafted tarball.
+  Add recursion.tar as a testing tarball for the patch.
+- Provide the newest setuptools wheel (bsc#1176262,
+  CVE-2019-20916) in their correct form (bsc#1180686).
+- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
+  (CVE-2020-26116, bpo#39603) no longer allowing special characters in
+  the method parameter of HTTPConnection.putrequest in httplib, stopping
+  injection of headers. Such characters now raise ValueError.
+
+- Renamed patch for assigned CVE:
+  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
+    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+    (boo#1189241, CVE-2021-3737)
+
+- Renamed patch for assigned CVE:
+  * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
+    (boo#1189287, CVE-2021-3733)
+- Fix python-doc build (bpo#35293):
+  * sphinx-update-removed-function.patch
+- Update documentation formatting for Sphinx 3.0 (bpo#40204).
+
+- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
+  request (bpo#43075, boo#1189287).
+- Add missing security announcement to
+  bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
+
+- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+  which fixes http client infinite line reading (DoS) after a http
+  100 (bpo#44022, boo#1189241).
+
+- Modify Lib/ensurepip/__init__.py to contain the same version
+  numbers as are in reality the ones in the bundled wheels
+  (bsc#1187668).
+
+- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
+  use of semicolon as a query string separator (bpo#42967,
+  bsc#1182379, CVE-2021-23336).
+
+- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
+  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
+  _ctypes/callproc.c, which may lead to remote code execution.
+
+- (bsc#1180125) We really don't Require python-rpm-macros package.
+  Unnecessary dependency.
+
+- Add patch configure_PYTHON_FOR_REGEN.patch which makes
+  configure.ac to consider the correct version of
+  PYTHON_FO_REGEN (bsc#1078326).
+
+- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
+
+- Update to 2.7.18, final release of Python 2. Ever.:
+  - Newline characters have been escaped when performing uu
+    encoding to prevent them from overflowing into to content
+    section of the encoded file. This prevents malicious or
+    accidental modification of data during the decoding process.
+  - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
+    Caller.
+  - Fixed line numbers and column offsets for AST nodes for calls
+    without arguments in decorators.
+  - bsc#1155094 (CVE-2019-18348) Disallow control characters in
+    hostnames in http.client. Such potentially malicious header
+    injection URLs now cause a InvalidURL to be raised.
+  - Fix urllib.urlretrieve failing on subsequent ftp transfers
+    from the same host.
+  - Fix problems identified by GCC's -Wstringop-truncation
+    warning.
+  - AddRefActCtx() was needlessly being checked for failure in
+    PC/dl_nt.c.
+  - Prevent failure of test_relative_path in test_py_compile on
+    macOS Catalina.
+  - Fixed possible leak in `PyArg_Parse` and similar
+    functions for format units "es#" and "et#" when the macro
+    `PY_SSIZE_T_CLEAN` is not defined.
+- Remove upstreamed patches:
+  - CVE-2019-18348-CRLF_injection_via_host_part.patch
+  - python-2.7.14-CVE-2017-1000158.patch
+  - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
+  - CVE-2018-1061-DOS-via-regexp-difflib.patch
+  - CVE-2019-10160-netloc-port-regression.patch
+  - CVE-2019-16056-email-parse-addr.patch
+
+- Add CVE-2019-9674-zip-bomb.patch to improve documentation
+  warning about dangers of zip-bombs and other security problems
+  with zipfile library. (bsc#1162825 CVE-2019-9674)
+
+- Change to Requires: libpython%{so_version} == %{version}-%{release}
+  to python-base to keep both packages always synchronized (add
+  %{so_version}) (bsc#1162224).
+
+- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug
+  "Python urrlib allowed an HTTP server to conduct Regular
+  Expression Denial of Service (ReDoS)" (bsc#1162367)
+
+- Provide python-testsuite from devel subkg to ease py2->py3
+  dependencies
+
+- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
+  off tests coliding with the combination of modern Python and
+  ancient OpenSSL on SLE-12.
+
+- libnsl is required only on more recent SLEs and openSUSE, older
+  glibc supported NIS on its own.
+
+- Add provides in gdbm subpackage to provide dbm symbols. This
+  allows us to use %%{python_module dbm} as a dependency and have
+  it properly resolved for both python2 and python3
+
+- Drop appstream-glib BuildRequires and no longer call
+  appstream-util validate-relax: eliminate a build cycle between
+  as-glib and python. The only thing would would gain by calling
+  as-uril is catching if upstream breaks the appdata.xml file in a
+  future release. Considering py2 is dying, chances for a new
+  release, let alone one breaking the xml file, are slim.
+
+- Unify packages among openSUSE:Factory and SLE versions.
+  (bsc#1159035) ; add missing records to this changelog.
+- Add idle.desktop and idle.appdata.xml to provide IDLE in menus
+  (bsc#1153830)
+
+- Add python2_split_startup Provide to make it possible to
+  conflict older packages by shared-python-startup.
+
+- Move /etc/pythonstart script to shared-python-startup
+  package.
+
+- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from
+  bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes
+  bsc#1149792
+
+- Add adapted-from-F00251-change-user-install-location.patch fixing
+  pip/distutils to install into /usr/local.
+
+- Update to 2.7.17:
+  - a bug fix release in the Python 2.7.x series. It is expected
+    to be the penultimate release for Python 2.7.
+- Removed patches included upstream:
+  - CVE-2018-20852-cookie-domain-check.patch
+  - CVE-2019-16935-xmlrpc-doc-server_title.patch
+  - CVE-2019-9636-netloc-no-decompose-characters.patch
+  - CVE-2019-9947-no-ctrl-char-http.patch
+  - CVE-2019-9948-avoid_local-file.patch
+  - python-2.7.14-CVE-2018-1000030-1.patch
+  - python-2.7.14-CVE-2018-1000030-2.patch
+- Renamed remove-static-libpython.diff and python-bsddb6.diff to
+  remove-static-libpython.patch and python-bsddb6.patch to unify
+  filenames.
+
+- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing
+  bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in
+  python/Lib/DocXMLRPCServer.py
+
+- Add bpo36302-sort-module-sources.patch (boo#1041090)
+
+- Add CVE-2019-16056-email-parse-addr.patch fixing the email
+  module wrongly parses email addresses [bsc#1149955,
+  CVE-2019-16056]
+
+- boo#1141853 (CVE-2018-20852) add
+  CVE-2018-20852-cookie-domain-check.patch fixing
+  http.cookiejar.DefaultPolicy.domain_return_ok which did not
+  correctly validate the domain: it could be tricked into sending
+  cookies to the wrong server.
+
+- Skip test_urllib2_localnet that randomly fails in OBS
+
+- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch
+  which fixes regression introduced by the previous patch.
+  (CVE-2019-10160)
+  Upstream gh#python/cpython#13812
+
+-  Set _lto_cflags to nil as it will prevent to propage LTO
+  for Python modules that are built in a separate package.
+
+- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch
+  Address the issue by disallowing URL paths with embedded
+  whitespace or control characters through into the underlying
+  http client request. Such potentially malicious header
+  injection URLs now cause a ValueError to be raised.
+
+- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch
+  removing unnecessary (and potentially harmful) URL scheme
+  local-file://.
+
+- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
+  Characters in the netloc attribute that decompose under NFKC
+  normalization (as used by the IDNA encoding) into any of ``/``,
+  ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
+  URL is decomposed before parsing, or is not a Unicode string,
+  no error will be raised (CVE-2019-9636).
+  Upstream commits e37ef41 and 507bd8c.
+
+- (bsc#1111793) Update to 2.7.16:
+  * bugfix-only release: complete list of changes on
+    https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
+  * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
+    which are fully included in the tarball.
+  * Updated patches to apply cleanly:
+    CVE-2019-5010-null-defer-x509-cert-DOS.patch
+    bpo36160-init-sysconfig_vars.patch
+    do-not-use-non-ascii-in-test_ssl.patch
+    openssl-111-middlebox-compat.patch
+    openssl-111-ssl_options.patch
+    python-2.5.1-sqlite.patch
+    python-2.6-gettext-plurals.patch
+    python-2.7-dirs.patch
+    python-2.7.2-fix_date_time_compiler.patch
+    python-2.7.4-canonicalize2.patch
+    python-2.7.5-multilib.patch
+    python-2.7.9-ssl_ca_path.patch
+    python-bsddb6.diff
+    remove-static-libpython.patch
+  * Update python-2.7.5-multilib.patch to pass with new platlib
+    regime.
+
+- bsc#1109847 (CVE-2018-14647): add
+  CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
+  bpo-34623.
+
+- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch
+  PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance
+  of PyWeakReference struct and does not intialize wr_prev and
+  wr_next of new isntance. These pointers can have garbage and
+  point to random memory locations.
+  Python should not crash while destroying the isntance created
+  in the same interpreter function. As per my understanding, both
+  wr_prev and wr_next of PyWeakReference instance should be
+  initialized to NULL to avoid segfault.
+
+- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch
+  fixing bpo-35746 (CVE-2019-5010).
+  An exploitable denial-of-service vulnerability exists in the
+  X509 certificate parser of Python.org Python 2.7.11 / 3.7.2.
+  A specially crafted X509 certificate can cause a NULL pointer
+  dereference, resulting in a denial of service. An attacker can
+  initiate or accept TLS connections using crafted certificates
+  to trigger this vulnerability.
+
+- Use upstream-recommended %{_rpmconfigdir}/macros.d directory
+  for the rpm macros.
+
+- Add patch openssl-111.patch to work with openssl-1.1.1
+  (bsc#1113755)
+
+- Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which
+  converts shutil._call_external_zip to use subprocess rather than
+  distutils.spawn. [bsc#1109663, CVE-2018-1000802]
+
+- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent
+  low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS
+  (CVE-2018-1061). Prior to this patch mail server's timestamp was
+  susceptible to catastrophic backtracking on long evil response from
+  the server. Also, it was susceptible to catastrophic backtracking,
+  which was a potential DOS vector.
+  [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]
+
+- Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that
+  verifies that at least one channel is provided. Prior to this
+  check, attackers could cause a denial of service (divide-by-zero
+  error and application crash) via a crafted wav format audio file.
+  [bsc#1083507, CVE-2017-18207]
+
+- Apply "python-sorted_tar.patch" (bsc#1086001, boo#1081750)
+    sort tarfile output directory listing
+
+- update to 2.7.15
+  * dozens of bugfixes, see NEWS for details
+- removed obsolete patches:
+  * python-ncurses-6.0-accessors.patch
+  * python-fix-shebang.patch
+  * gcc8-miscompilation-fix.patch
+- add patch from upstream:
+  * do-not-use-non-ascii-in-test_ssl.patch
+
+- Add gcc8-miscompilation-fix.patch (boo#1084650).
+
+- Apply "python-2.7.14-CVE-2017-1000158.patch" to prevent integer
+  overflows in PyString_DecodeEscape that could have resulted in
+  heap-based buffer overflow attacks and possible arbitrary code
+  execution. [bsc#1068664, CVE-2017-1000158]
+
+- exclude test_socket & test_subprocess for PowerPC boo#1078485
+  (same ref as previous change)
+
+- Add python-skip_random_failing_tests.patch bypass boo#1078485
+  and exclude many tests for PowerPC
+
+- Add patch python-fix-shebang.patch to fix bsc#1078326
+
+- exclude test_regrtest for s390, where it does not segfault as it should
+  (fixes bsc#1073269)
+- fix segfault while creating weakref - bsc#1073748, bpo#29347
+  (this is actually fixed by the 2.7.14 update; mentioning this for purposes
+  of bugfix tracking)
+
+- update to 2.7.14
+  * dozens of bugfixes, see NEWS for details
+  * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664)
+  * fixed segfaults with dict mutated during search
+  * fixed possible free-after-use problems with buffer objects with custom indexing
+  * fixed urllib.splithost to correctly parse fragments (bpo-30500)
+- drop upstreamed python-2.7.13-overflow_check.patch
+- drop unneeded python-2.7.12-makeopcode.patch
+- drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch
+- Apply "python-2.7.14-CVE-2018-1000030-1.patch" and
+  "python-2.7.14-CVE-2018-1000030-2.patch" to remedy a bug that
+  would crash the Python interpreter when multiple threads used the
+  same I/O stream concurrently. This issue is not classified as a
+  security vulnerability due to the fact that an attacker must be
+  able to run code, however in some situations -- such as function
+  as a service -- this vulnerability can potentially be used by an
+  attacker to violate a trust boundary. [bsc#1079300,
+  CVE-2018-1000030]
+
+- Call python2 instead of python in macros
+
+- Fix test broken with OpenSSL 1.1 (bsc#1042670)
+  * add 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch
+
+- drop SUSE_ASNEEDED=0 as it is not needed anymore
+
+- Add libnsl-devel build requires for glibc obsoleting libnsl
+
+- obsolete/provide python-argparse and provide python2-argparse,
+  because the argparse module is available from python 2.7 up
+
+- SLE package update (bsc#1027282)
+- refresh python-2.7.5-multilib.patch
+- dropped upstreamed patches:
+  python-fix-short-dh.patch
+  python-2.7.7-mhlib-linkcount.patch
+  python-2.7-urllib2-localnet-ssl.patch
+  CVE-2016-0772-smtplib-starttls.patch
+  CVE-2016-5699-http-header-injection.patch
+  CVE-2016-5636-zipimporter-overflow.patch
+  python-2.7-httpoxy.patch
+- Add python-ncurses-6.0-accessors.patch: Fix build with
+  NCurses 6.0 and OPAQUE_WINDOW set to 1.
+  (dimstar@opensuse.org)
+
+- Add reproducible.patch to allow reproducible builds of various
+  python packages like python-amqp
+  Upstream: https://github.com/python/cpython/pull/296
+
+- update to 2.7.13
+  * dozens of bugfixes, see NEWS for details
+  * updated cipher lists for openssl wrapper, support openssl >= 1.1.0
+  * properly fix HTTPoxy (CVE-2016-1000110)
+  * profile-opt build now applies PGO to modules as well
+- update python-2.7.10-overflow_check.patch
+  with python-2.7.13-overflow_check.patch, incorporating upstream changes
+  (bnc#964182)
+- add "-fwrapv" to optflags explicitly because upstream code still
+  relies on it in many places
+
+- provide python2-* symbols, for support of new packages built as
+  python2-foo
+- rename macros.python to macros.python2 accordingly
+- require python-rpm-macros package, drop macro definitions from
+  macros.python2
+
+- initial packaging of `python27` side-by-side variant (fate#321075, bsc#997436)
+- renamed `python` to `python27` in package names and requires
+- removed Provides and Obsoletes clauses
+- dropped SLE12-only patch python-2.7.9-sles-disable-verification-by-default.patch,
+  companion sle_tls_checks_policy.py file and the python-strict-tls-checks subpackage
+- dropped profile files
+- removed /usr/bin/python and /usr/bin/python2, along with other unversioned
+  aliases
+- rewrote macros file to enable stand-alone packages depending on py2.7
+- re-included downloaded version of HTML documentation
+
+- update to 2.7.12
+  * dozens of bugfixes, see NEWS for details
+  * fixes multiple security issues:
+    CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751)
+    CVE-2016-5636 zipimporter heap overflow (bsc#985177)
+    CVE-2016-5699 httplib header injection (bsc#985348)
+    (this one is actually fixed since 2.7.10)
+- removed upstreamed python-2.7.7-mhlib-linkcount.patch
+- refreshed multilib patch
+- python-2.7.12-makeopcode.patch - run newly-built python interpreter
+  to make opcodes, in order not to require pre-built python
+- update LD_LIBRARY_PATH to use $PWD instead of "." because the test
+  process escapes to its own directory
+- modify shebang-fixing scriptlet to ignore makeopcodetargets.py
+
+- CVE-2016-0772-smtplib-starttls.patch:
+  smtplib vulnerability opens startTLS stripping attack
+  (CVE-2016-0772, bsc#984751)
+- CVE-2016-5636-zipimporter-overflow.patch:
+  heap overflow when importing malformed zip files
+  (CVE-2016-5636, bsc#985177)
+- CVE-2016-5699-http-header-injection.patch:
+  incorrect validation of HTTP headers allow header injection
+  (CVE-2016-5699, bsc#985348)
+- python-2.7-httpoxy.patch:
+  HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY
+  when REQUEST_METHOD is also set
+  (CVE-2016-1000110, bsc#989523)
+
+- Add python-2.7.10-overflow_check.patch to fix broken overflow checks.
+  [bnc#964182]
+
+- copy strict-tls-checks subpackage from SLE to retain future compatibility
+  (not built in openSUSE)
+- do this properly to fix bnc#945401
+- update SLE check to exclude Leap which also has version 1315,
+  just to be sure
+
+- Add python-ncurses-6.0-accessors.patch: Fix build with
+  NCurses 6.0 and OPAQUE_WINDOW set to 1.
+
+- add missing ssl.pyc and ssl.pyo to package
+- implement python-strict-tls-checks subpackage
+  * when present, Python will perform TLS certificate checking by default.
+    it is possible to remove the package to turn off the checks
+    for compatibility with legacy scripts.
+  * as discussed in fate#318300
+  * this is not built for openSUSE, but retained here in case we want
+    to build the package for a SLE system
+
+- python-fix-short-dh.patch: Bump DH parameters to 2048 bit
+  to fix logjam security issue. bsc#935856
+
+- add __python2 compatibility macro (used by Fedora) (fate#318838)
+
+- update to 2.7.10
+- removed obsolete python-2.7-urllib2-localnet-ssl.patch
+
+- Reenable test_posix on aarch64
+
+- python-2.7.4-aarch64.patch: Remove obsolete patch
+- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for
+  aarch64
+
+- update to 2.7.9
+  * contains full backport of ssl module from Python 3.4 (PEP466)
+  * HTTPS certificate validation enabled by default (PEP476)
+  * SSLv3 disabled by default (bnc#901715)
+  * backported ensurepip module (PEP477)
+  * fixes several missing CVEs from last release: CVE-2013-1752,
+    CVE-2013-1753
+  * dozens of minor bugfixes
+- dropped upstreamed patches: python-2.7.6-poplib.patch,
+  smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch
+- dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it
+  with ssl module from Python 3
+- libffi was upgraded upstream, seems to contain our changes,
+  so dropping libffi-ppc64le.diff as well
+- python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional
+  "import ssl" from test_urllib2_localnet that caused it to fail without ssl
+
+- skip test_thread in qemu_linux_user mode
+
raft
+- raft 0.13.0:
+  * move to raft_fsm v2 introducing snapshot_finalize
+
+- raft 0.11.3:
+  * initial support for tracing
+  * protocol bug fixes
+