python310

pool/python310

SHA256

Fork 1

Commit Graph

Author	SHA256	Message	Date
Matej Cepl	9168347d4a	- Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=109	2024-02-12 13:18:00 +00:00
Dirk Mueller	310cd89462	Accepting request 1108888 from home:dgarcia:branches:devel:languages:python:Factory - Add fix-sphinx-72.patch to make it work with latest sphinx version gh#python/cpython#97950 - Update to 3.10.13: - gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. - gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with LinkOutsideDestinationError. - gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, 3.0.10, and 3.1.2. - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data: *consumed was not set. OBS-URL: https://build.opensuse.org/request/show/1108888 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=105	2023-09-04 15:07:39 +00:00

Author

SHA256

Message

Date

Matej Cepl

9168347d4a

- Refresh CVE-2023-27043-email-parsing-errors.patch to

gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- Thus we can remove Revert-gh105127-left-tests.patch, which is
  now useless.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=109

2024-02-12 13:18:00 +00:00

Dirk Mueller

310cd89462

Accepting request 1108888 from home:dgarcia:branches:devel:languages:python:Factory

- Add fix-sphinx-72.patch to make it work with latest sphinx version
  gh#python/cpython#97950
- Update to 3.10.13:
  - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
    vulnerable to a bypass of the TLS handshake and included
    protections (like certificate verification) and treating sent
    unencrypted data as if it were post-handshake TLS encrypted data.
    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
    Gregory P. Smith.
  - gh-107845: tarfile.data_filter() now takes the location of
    symlinks into account when determining their target, so it will no
    longer reject some valid tarballs with
    LinkOutsideDestinationError.
  - gh-107565: Update multissltests and GitHub CI workflows to use
    OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
  - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
    *consumed was not set.

OBS-URL: https://build.opensuse.org/request/show/1108888
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=105

2023-09-04 15:07:39 +00:00

2 Commits