- Update to Python 3.11.4:
- gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727). - gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 (bsc#1208471). - gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. - gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. - gh-103935: trace.__main__ now uses io.open_code() for files to be executed instead of raw open(). - gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details (fixing CVE-2007-4559, bsc#1203750). - Remove upstreamed patches: - CVE-2007-4559-filter-tarfile_extractall.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=71
This commit is contained in:
parent
6bf0620e58
commit
b8797f4452
File diff suppressed because it is too large
Load Diff
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:8a5db99c961a7ecf27c75956189c9602c968751f11dbeae2b900dbff1c085b5e
|
||||
size 19906156
|
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmQsppwACgkQ/+h0BBaL
|
||||
2Ee3kg//ewFzE4twuLz2MKoki+7xKz5VzTm2fvCtymAtqVq8Tk3oTvRrc9llHIQn
|
||||
+QU6Cjiu38igRgQ4O0/i6909U3N1tmqXsSHtuGIB5mEOqwK9LESTPJG+wK4nULg5
|
||||
fLH+FgBAJ4HSI3WIMt8jn98LJ8lsfFrH1sdv9ijcDN9VdekY8vXOOaWbAWg2vpYb
|
||||
vXTtajHXA1KLZR1GvhDel3G6qPhxOjud/gwVJgzHcxA/mpDjT5DTiqS5rVMsJQq0
|
||||
R/LCtsqM4NVjurWwe5jEOi/Fv60qTN7ekuIdziC3IB50WjkwXltKB90l9heihnZo
|
||||
oGAe2T9Kv74Pr1kWhkstURwFGP6hRrZHNfvZXYgcJdN2SxsS9VNkt2JQ9aKevPo3
|
||||
t1ZgmB5WGsWAWgny7pm+qLfKy5mkdaal/BB7iLTh5/u3b6tlO2C7wNpGRLS1OBrN
|
||||
kr/SMS0uyVXcZfcjMTs9e/7YU/ArAvu5nwbFqDrFLHe1SHqTq1PXkeVxbxf1c6KW
|
||||
TZyOivQA7pcbPyqrbm+tuL2qbAjfOtDo771i9AG2vjgsblxTQvBxXc7buv5/JoCl
|
||||
4jKuDYHuteiVsuJFeC2Gs67hcM0qjEzbB7mFSJLPDZU3gMMGQxMn/ZWrI/laD5hB
|
||||
biXtLQJt/Z+3f1ROWiFgjZvdaWYjT26BWaBkIMrv65NG//M7wfo=
|
||||
=SzVA
|
||||
-----END PGP SIGNATURE-----
|
3
Python-3.11.4.tar.xz
Normal file
3
Python-3.11.4.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2f0e409df2ab57aa9fc4cbddfb976af44e4e55bf6f619eee6bc5c2297264a7f6
|
||||
size 19954828
|
16
Python-3.11.4.tar.xz.asc
Normal file
16
Python-3.11.4.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmR/sHIACgkQ/+h0BBaL
|
||||
2EfQDQ//eFWvcQ5ijhVd3r5lp7NTNUPK6xKR2iqzpNWlN2Z4QkGJ2+IworBaZoGA
|
||||
tzmbT0j0LB9ZQ+ba3xnqXGXD8Ky+fHLg8GV5yshPlH/bD7tPuHtfDRxNcWplEVSS
|
||||
MbMuLjAYavTIHhYEz/Rpx4jvZTI5lwplVqj9WxNI/8tNrL5M2bsCtv+IB6brohiw
|
||||
rUOUlT/KDkZbrGfB1Fe033Ep8hay5MkKjhgr7O1dU7zMuDRG+HRsCYGs7a5x6KhH
|
||||
3QNTEp+GEIAKEsip5nR7vl5KqL02lHa5sf36SV2wjRTwO+IhgV7lvtJEwOD12oE5
|
||||
c+TCQMFbmBXg2vVmNBN/Lwftw1SwT/+orFX6V4U93jq6QNUo4GvPqum6YzuayGYc
|
||||
/JM4MNziqmfdNW2YjEHPPfzti3f40eTapys97YufOrmYjM2NY0Fs+kAErvyxiWqi
|
||||
guVQtaZIYeLl/9KWqQ0F/Apy1N+fVDuWBkZlizwHrUsGips4Rp7Bh/iCrDdOj+1D
|
||||
gRCio7+KvdtzHavZPZnU5dcpUiXZgsDzOTI138IyYaEtVUS59ELkA2qxI1yCb5mk
|
||||
eLVG1L7r/J2tIaTcguQppp5Z+62UDTArlUbnRxda0buzA2r1aFiQCTMwp+kTRegw
|
||||
T9Ht/CT/D4vpMdmSQTun9MkKifcK+2uGfSsS7Lz4fSWjQLqg36k=
|
||||
=zSfJ
|
||||
-----END PGP SIGNATURE-----
|
@ -1,3 +1,33 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
- Update to Python 3.11.4:
|
||||
- gh-103142: The version of OpenSSL used in Windows and
|
||||
Mac installers has been upgraded to 1.1.1u to address
|
||||
CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
|
||||
as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
|
||||
fixed previously in 1.1.1t (gh-101727).
|
||||
- gh-102153: urllib.parse.urlsplit() now strips leading C0
|
||||
control and space characters following the specification for
|
||||
URLs defined by WHATWG in response to CVE-2023-24329
|
||||
(bsc#1208471).
|
||||
- gh-99889: Fixed a security in flaw in uu.decode() that could
|
||||
allow for directory traversal based on the input if no
|
||||
out_file was specified.
|
||||
- gh-104049: Do not expose the local on-disk
|
||||
location in directory indexes produced by
|
||||
http.client.SimpleHTTPRequestHandler.
|
||||
- gh-103935: trace.__main__ now uses io.open_code() for files
|
||||
to be executed instead of raw open().
|
||||
- gh-102953: The extraction methods in tarfile, and
|
||||
shutil.unpack_archive(), have a new filter argument that
|
||||
allows limiting tar features than may be surprising or
|
||||
dangerous, such as creating files outside the destination
|
||||
directory. See Extraction filters for details (fixing
|
||||
CVE-2007-4559, bsc#1203750).
|
||||
- Remove upstreamed patches:
|
||||
- CVE-2007-4559-filter-tarfile_extractall.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
|
@ -94,7 +94,7 @@
|
||||
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
|
||||
%bcond_without profileopt
|
||||
Name: %{python_pkg_name}%{psuffix}
|
||||
Version: 3.11.3
|
||||
Version: 3.11.4
|
||||
Release: 0
|
||||
Summary: Python 3 Interpreter
|
||||
License: Python-2.0
|
||||
@ -157,9 +157,6 @@ Patch35: fix_configure_rst.patch
|
||||
# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com
|
||||
# Makes Python resilient to changes of API of libexpat
|
||||
Patch36: support-expat-CVE-2022-25236-patched.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2007-4559-filter-tarfile_extractall.patch bsc#1203750 mcepl@suse.com
|
||||
# PEP 706 – Filter for tarfile.extractall
|
||||
Patch37: CVE-2007-4559-filter-tarfile_extractall.patch
|
||||
# PATCH-FIX-UPSTREAM 103213-fetch-CONFIG_ARGS.patch gh#python/cpython#103053 mcepl@suse.com
|
||||
# Fetch CONFIG_ARGS from original python instance
|
||||
Patch38: 103213-fetch-CONFIG_ARGS.patch
|
||||
@ -424,7 +421,6 @@ other applications.
|
||||
%endif
|
||||
%patch35 -p1
|
||||
%patch36 -p1
|
||||
%patch37 -p1
|
||||
%patch38 -p1
|
||||
%patch39 -p1
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user