- Update to Python 3.11.4:
- gh-103142: The version of OpenSSL used in Windows and
Mac installers has been upgraded to 1.1.1u to address
CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
fixed previously in 1.1.1t (gh-101727).
- gh-102153: urllib.parse.urlsplit() now strips leading C0
control and space characters following the specification for
URLs defined by WHATWG in response to CVE-2023-24329
(bsc#1208471).
- gh-99889: Fixed a security in flaw in uu.decode() that could
allow for directory traversal based on the input if no
out_file was specified.
- gh-104049: Do not expose the local on-disk
location in directory indexes produced by
http.client.SimpleHTTPRequestHandler.
- gh-103935: trace.__main__ now uses io.open_code() for files
to be executed instead of raw open().
- gh-102953: The extraction methods in tarfile, and
shutil.unpack_archive(), have a new filter argument that
allows limiting tar features than may be surprising or
dangerous, such as creating files outside the destination
directory. See Extraction filters for details (fixing
CVE-2007-4559, bsc#1203750).
- Remove upstreamed patches:
- CVE-2007-4559-filter-tarfile_extractall.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=71
This commit is contained in:
Git OBS Bridge
parent
6bf0620e58
commit
b8797f4452
File diff suppressed because it is too large
Load Diff
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:8a5db99c961a7ecf27c75956189c9602c968751f11dbeae2b900dbff1c085b5e
|
|
||||||
size 19906156
|
|
||||||
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmQsppwACgkQ/+h0BBaL
|
|
||||||
2Ee3kg//ewFzE4twuLz2MKoki+7xKz5VzTm2fvCtymAtqVq8Tk3oTvRrc9llHIQn
|
|
||||||
+QU6Cjiu38igRgQ4O0/i6909U3N1tmqXsSHtuGIB5mEOqwK9LESTPJG+wK4nULg5
|
|
||||||
fLH+FgBAJ4HSI3WIMt8jn98LJ8lsfFrH1sdv9ijcDN9VdekY8vXOOaWbAWg2vpYb
|
|
||||||
vXTtajHXA1KLZR1GvhDel3G6qPhxOjud/gwVJgzHcxA/mpDjT5DTiqS5rVMsJQq0
|
|
||||||
R/LCtsqM4NVjurWwe5jEOi/Fv60qTN7ekuIdziC3IB50WjkwXltKB90l9heihnZo
|
|
||||||
oGAe2T9Kv74Pr1kWhkstURwFGP6hRrZHNfvZXYgcJdN2SxsS9VNkt2JQ9aKevPo3
|
|
||||||
t1ZgmB5WGsWAWgny7pm+qLfKy5mkdaal/BB7iLTh5/u3b6tlO2C7wNpGRLS1OBrN
|
|
||||||
kr/SMS0uyVXcZfcjMTs9e/7YU/ArAvu5nwbFqDrFLHe1SHqTq1PXkeVxbxf1c6KW
|
|
||||||
TZyOivQA7pcbPyqrbm+tuL2qbAjfOtDo771i9AG2vjgsblxTQvBxXc7buv5/JoCl
|
|
||||||
4jKuDYHuteiVsuJFeC2Gs67hcM0qjEzbB7mFSJLPDZU3gMMGQxMn/ZWrI/laD5hB
|
|
||||||
biXtLQJt/Z+3f1ROWiFgjZvdaWYjT26BWaBkIMrv65NG//M7wfo=
|
|
||||||
=SzVA
|
|
||||||
-----END PGP SIGNATURE-----
|
|
||||||
3
Python-3.11.4.tar.xz
Normal file
3
Python-3.11.4.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:2f0e409df2ab57aa9fc4cbddfb976af44e4e55bf6f619eee6bc5c2297264a7f6
|
||||||
|
size 19954828
|
||||||
16
Python-3.11.4.tar.xz.asc
Normal file
16
Python-3.11.4.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmR/sHIACgkQ/+h0BBaL
|
||||||
|
2EfQDQ//eFWvcQ5ijhVd3r5lp7NTNUPK6xKR2iqzpNWlN2Z4QkGJ2+IworBaZoGA
|
||||||
|
tzmbT0j0LB9ZQ+ba3xnqXGXD8Ky+fHLg8GV5yshPlH/bD7tPuHtfDRxNcWplEVSS
|
||||||
|
MbMuLjAYavTIHhYEz/Rpx4jvZTI5lwplVqj9WxNI/8tNrL5M2bsCtv+IB6brohiw
|
||||||
|
rUOUlT/KDkZbrGfB1Fe033Ep8hay5MkKjhgr7O1dU7zMuDRG+HRsCYGs7a5x6KhH
|
||||||
|
3QNTEp+GEIAKEsip5nR7vl5KqL02lHa5sf36SV2wjRTwO+IhgV7lvtJEwOD12oE5
|
||||||
|
c+TCQMFbmBXg2vVmNBN/Lwftw1SwT/+orFX6V4U93jq6QNUo4GvPqum6YzuayGYc
|
||||||
|
/JM4MNziqmfdNW2YjEHPPfzti3f40eTapys97YufOrmYjM2NY0Fs+kAErvyxiWqi
|
||||||
|
guVQtaZIYeLl/9KWqQ0F/Apy1N+fVDuWBkZlizwHrUsGips4Rp7Bh/iCrDdOj+1D
|
||||||
|
gRCio7+KvdtzHavZPZnU5dcpUiXZgsDzOTI138IyYaEtVUS59ELkA2qxI1yCb5mk
|
||||||
|
eLVG1L7r/J2tIaTcguQppp5Z+62UDTArlUbnRxda0buzA2r1aFiQCTMwp+kTRegw
|
||||||
|
T9Ht/CT/D4vpMdmSQTun9MkKifcK+2uGfSsS7Lz4fSWjQLqg36k=
|
||||||
|
=zSfJ
|
||||||
|
-----END PGP SIGNATURE-----
|
||||||
@ -1,3 +1,33 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||||||
|
|
||||||
|
- Update to Python 3.11.4:
|
||||||
|
- gh-103142: The version of OpenSSL used in Windows and
|
||||||
|
Mac installers has been upgraded to 1.1.1u to address
|
||||||
|
CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
|
||||||
|
as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
|
||||||
|
fixed previously in 1.1.1t (gh-101727).
|
||||||
|
- gh-102153: urllib.parse.urlsplit() now strips leading C0
|
||||||
|
control and space characters following the specification for
|
||||||
|
URLs defined by WHATWG in response to CVE-2023-24329
|
||||||
|
(bsc#1208471).
|
||||||
|
- gh-99889: Fixed a security in flaw in uu.decode() that could
|
||||||
|
allow for directory traversal based on the input if no
|
||||||
|
out_file was specified.
|
||||||
|
- gh-104049: Do not expose the local on-disk
|
||||||
|
location in directory indexes produced by
|
||||||
|
http.client.SimpleHTTPRequestHandler.
|
||||||
|
- gh-103935: trace.__main__ now uses io.open_code() for files
|
||||||
|
to be executed instead of raw open().
|
||||||
|
- gh-102953: The extraction methods in tarfile, and
|
||||||
|
shutil.unpack_archive(), have a new filter argument that
|
||||||
|
allows limiting tar features than may be surprising or
|
||||||
|
dangerous, such as creating files outside the destination
|
||||||
|
directory. See Extraction filters for details (fixing
|
||||||
|
CVE-2007-4559, bsc#1203750).
|
||||||
|
- Remove upstreamed patches:
|
||||||
|
- CVE-2007-4559-filter-tarfile_extractall.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||||||
|
|
||||||
|
|||||||
@ -94,7 +94,7 @@
|
|||||||
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
|
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
|
||||||
%bcond_without profileopt
|
%bcond_without profileopt
|
||||||
Name: %{python_pkg_name}%{psuffix}
|
Name: %{python_pkg_name}%{psuffix}
|
||||||
Version: 3.11.3
|
Version: 3.11.4
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Python 3 Interpreter
|
Summary: Python 3 Interpreter
|
||||||
License: Python-2.0
|
License: Python-2.0
|
||||||
@ -157,9 +157,6 @@ Patch35: fix_configure_rst.patch
|
|||||||
# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com
|
# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com
|
||||||
# Makes Python resilient to changes of API of libexpat
|
# Makes Python resilient to changes of API of libexpat
|
||||||
Patch36: support-expat-CVE-2022-25236-patched.patch
|
Patch36: support-expat-CVE-2022-25236-patched.patch
|
||||||
# PATCH-FIX-UPSTREAM CVE-2007-4559-filter-tarfile_extractall.patch bsc#1203750 mcepl@suse.com
|
|
||||||
# PEP 706 – Filter for tarfile.extractall
|
|
||||||
Patch37: CVE-2007-4559-filter-tarfile_extractall.patch
|
|
||||||
# PATCH-FIX-UPSTREAM 103213-fetch-CONFIG_ARGS.patch gh#python/cpython#103053 mcepl@suse.com
|
# PATCH-FIX-UPSTREAM 103213-fetch-CONFIG_ARGS.patch gh#python/cpython#103053 mcepl@suse.com
|
||||||
# Fetch CONFIG_ARGS from original python instance
|
# Fetch CONFIG_ARGS from original python instance
|
||||||
Patch38: 103213-fetch-CONFIG_ARGS.patch
|
Patch38: 103213-fetch-CONFIG_ARGS.patch
|
||||||
@ -424,7 +421,6 @@ other applications.
|
|||||||
%endif
|
%endif
|
||||||
%patch35 -p1
|
%patch35 -p1
|
||||||
%patch36 -p1
|
%patch36 -p1
|
||||||
%patch37 -p1
|
|
||||||
%patch38 -p1
|
%patch38 -p1
|
||||||
%patch39 -p1
|
%patch39 -p1
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user