Changelog for python-xml-2.7.15-119.9.x86_64.rpm :

* Sat Jan 19 2019 bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746. An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
* Wed Dec 19 2018 Todd R - Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros.
* Fri Oct 26 2018 Tomáš Chvátal - Add patch openssl-111.patch to work with openssl-1.1.1
* Tue Sep 25 2018 Matěj Cepl - Apply \"CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch\" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802]
* Mon May 21 2018 update to 2.7.15
* dozens of bugfixes, see NEWS for details- removed obsolete patches:
* python-ncurses-6.0-accessors.patch
* python-fix-shebang.patch
* gcc8-miscompilation-fix.patch- add patch from upstream:
* do-not-use-non-ascii-in-test_ssl.patch
* Fri Apr 06 2018 Add gcc8-miscompilation-fix.patch (boo#1084650).
* Tue Feb 20 2018 Add python-sorted_tar.patch (boo#1081750)
* Mon Feb 05 2018 exclude test_socket & test_subprocess for PowerPC boo#1078485 (same ref as previous change)
* Fri Feb 02 2018 Add python-skip_random_failing_tests.patch bypass boo#1078485 and exclude many tests for PowerPC
* Tue Jan 30 2018 Add patch python-fix-shebang.patch to fix bsc#1078326
* Fri Dec 22 2017 exclude test_regrtest for s390, where it does not segfault as it should (fixes bsc#1073269)- fix segfault while creating weakref - bsc#1073748, bpo#29347 (this is actually fixed by the 2.7.14 update; mentioning this for purposes of bugfix tracking)
* Mon Nov 20 2017 update to 2.7.14
* dozens of bugfixes, see NEWS for details
* fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664)
* fixed segfaults with dict mutated during search
* fixed possible free-after-use problems with buffer objects with custom indexing
* fixed urllib.splithost to correctly parse fragments (bpo-30500)- drop upstreamed python-2.7.13-overflow_check.patch- drop unneeded python-2.7.12-makeopcode.patch- drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch
* Thu Nov 02 2017 Call python2 instead of python in macros
* Thu Aug 17 2017 Add libnsl-devel build requires for glibc obsoleting libnsl
* Mon May 15 2017 obsolete/provide python-argparse and provide python2-argparse, because the argparse module is available from python 2.7 up
* Fri Feb 24 2017 Add reproducible.patch to allow reproducible builds of various python packages like python-amqp Upstream:
* Tue Jan 03 2017 update to 2.7.13
* dozens of bugfixes, see NEWS for details
* updated cipher lists for openssl wrapper, support openssl >= 1.1.0
* properly fix HTTPoxy (CVE-2016-1000110)
* profile-opt build now applies PGO to modules as well- update python-2.7.10-overflow_check.patch with python-2.7.13-overflow_check.patch, incorporating upstream changes- add \"-fwrapv\" to optflags explicitly because upstream code still relies on it in many places
* Fri Dec 02 2016 provide python2-
* symbols, for support of new packages built as python2-foo- rename macros.python to macros.python2 accordingly- require python-rpm-macros package, drop macro definitions from macros.python2
* Thu Jun 30 2016 update to 2.7.12
* dozens of bugfixes, see NEWS for details
* fixes multiple security issues: CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) CVE-2016-5636 zipimporter heap overflow (bsc#985177) CVE-2016-5699 httplib header injection (bsc#985348) (this one is actually fixed since 2.7.10)- removed upstreamed python-2.7.7-mhlib-linkcount.patch- refreshed multilib patch- python-2.7.12-makeopcode.patch - run newly-built python interpreter to make opcodes, in order not to require pre-built python- update LD_LIBRARY_PATH to use $PWD instead of \".\" because the test process escapes to its own directory- modify shebang-fixing scriptlet to ignore
* Fri Jan 29 2016 Add python-2.7.10-overflow_check.patch to fix broken overflow checks. [bnc#964182]
* Mon Sep 14 2015 copy strict-tls-checks subpackage from SLE to retain future compatibility (not built in openSUSE)- do this properly to fix bnc#945401
* Wed Sep 09 2015 Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1.
* Wed Jun 10 2015 add __python2 compatibility macro (used by Fedora)
* Sun May 24 2015 update to 2.7.10- removed obsolete python-2.7-urllib2-localnet-ssl.patch
* Tue May 19 2015 Reenable test_posix on aarch64
* Sun Dec 21 2014 python-2.7.4-aarch64.patch: Remove obsolete patch- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64
* Fri Dec 12 2014 update to 2.7.9
* contains full backport of ssl module from Python 3.4 (PEP466)
* HTTPS certificate validation enabled by default (PEP476)
* SSLv3 disabled by default (bnc#901715)
* backported ensurepip module (PEP477)
* fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753
* dozens of minor bugfixes- dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch- dropped patch python-2.7.3-ssl_ca_path.patch because we don\'t need it with ssl module from Python 3- libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well- python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional \"import ssl\" from test_urllib2_localnet that caused it to fail without ssl
* Wed Oct 22 2014 skip test_thread in qemu_linux_user mode