python-doc-2.7.17-bp152.2.1

- Add CVE-2019-18348-CRLF_injection_via_host_part.patch to
  disallow control characters in hostnames in httplib,
  addressing CVE-2019-18348. Such potentially malicious header
  injection URLs now cause a InvalidURL to be raised.
  (bsc#1155094)

- Add CVE-2019-9674-zip-bomb.patch to improve documentation
  warning about dangers of zip-bombs and other security problems
  with zipfile library. (bsc#1162825 CVE-2019-9674)

- Change to Requires: libpython%{so_version} == %{version}-%{release}
  to python-base to keep both packages always synchronized (add
  %{so_version}) (bsc#1162224).

- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug
  "Python urrlib allowed an HTTP server to conduct Regular
  Expression Denial of Service (ReDoS)" (bsc#1162367)

- Provide python-testsuite from devel subkg to ease py2->py3
  dependencies

- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch
  off tests coliding with the combination of modern Python and
  ancient OpenSSL on SLE-12.

- libnsl is required only on more recent SLEs and openSUSE, older
  glibc supported NIS on its own.

- Add provides in gdbm subpackage to provide dbm symbols. This
  allows us to use %%{python_module dbm} as a dependency and have
  it properly resolved for both python2 and python3

- Drop appstream-glib BuildRequires and no longer call
  appstream-util validate-relax: eliminate a build cycle between
  as-glib and python. The only thing would would gain by calling
  as-uril is catching if upstream breaks the appdata.xml file in a
  future release. Considering py2 is dying, chances for a new
  release, let alone one breaking the xml file, are slim.

- Unify packages among openSUSE:Factory and SLE versions.
  (bsc#1159035) ; add missing records to this changelog.
- Add idle.desktop and idle.appdata.xml to provide IDLE in menus
  (bsc#1153830)

- Add python2_split_startup Provide to make it possible to
  conflict older packages by shared-python-startup.

- Move /etc/pythonstart script to shared-python-startup
  package.

- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from
  bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes
  bsc#1149792

- Add adapted-from-F00251-change-user-install-location.patch fixing
  pip/distutils to install into /usr/local.

- Update to 2.7.17:
  - a bug fix release in the Python 2.7.x series. It is expected
    to be the penultimate release for Python 2.7.
- Removed patches included upstream:
  - CVE-2018-20852-cookie-domain-check.patch
  - CVE-2019-16935-xmlrpc-doc-server_title.patch
  - CVE-2019-9636-netloc-no-decompose-characters.patch
  - CVE-2019-9947-no-ctrl-char-http.patch
  - CVE-2019-9948-avoid_local-file.patch
  - python-2.7.14-CVE-2018-1000030-1.patch
  - python-2.7.14-CVE-2018-1000030-2.patch
- Renamed remove-static-libpython.diff and python-bsddb6.diff to
  remove-static-libpython.patch and python-bsddb6.patch to unify
  filenames.

- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing
  bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in
  python/Lib/DocXMLRPCServer.py

- Add bpo36302-sort-module-sources.patch (boo#1041090)

- Add CVE-2019-16056-email-parse-addr.patch fixing the email
  module wrongly parses email addresses [bsc#1149955,
  CVE-2019-16056]

- boo#1141853 (CVE-2018-20852) add
  CVE-2018-20852-cookie-domain-check.patch fixing
  http.cookiejar.DefaultPolicy.domain_return_ok which did not
  correctly validate the domain: it could be tricked into sending
  cookies to the wrong server.

- Skip test_urllib2_localnet that randomly fails in OBS