- Update to 3.8.18 (bsc#1214692):
- gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included
protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.
Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
Gregory P. Smith.
- gh-107845: tarfile.data_filter() now takes the location of
symlinks into account when determining their target, so it will no
longer reject some valid tarballs with
LinkOutsideDestinationError.
- gh-107565: Update multissltests and GitHub CI workflows to use
OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=137
This commit is contained in:
Git OBS Bridge
parent
0ec3738d87
commit
36d04b865e
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:2e54b0c68191f16552f6de2e97a2396540572a219f6bbb28591a137cecc490a9
|
|
||||||
size 20696584
|
|
||||||
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmR/P90ACgkQsmmV4xAl
|
|
||||||
BWgSZhAAkO3g9Wo9y6hK22U7RvEoe/t8hmsAjXCGRnHDywQWd/utJoROjbwE7C7M
|
|
||||||
hACiYdBrEoBLV0UDtTkvkMiBwD32kKgjBYh8zUIpQt52ysbC4nZmvlRF2p9IfTVq
|
|
||||||
x1MmlW4JwKCqc4Oj3me5sD3Z8JRuN9EuIYybnSRXhLLV6d7kn5MMJMbQ7L16Jc5I
|
|
||||||
ORXUTzt9Oq49qZ6gIJxbtdvEuVNcpTYc0BYo/8eJtcVualPZ47hnHjQUnRfEd9Mq
|
|
||||||
P3AEW4KCeuosOdjDxf/qXl6UvH79gpesSG1tzlDt7egmDk0DYwyod5cKntE2RIaU
|
|
||||||
OcSvBG8QlzfOg2Yj1/zL5wcL90jVP5z2j/532tQeiycIMU1fEpBGPJm/q10IGZtg
|
|
||||||
wa9Z84Z0FRU3FKBOLem89wtzQCUWBFWO0u7cRHyUYWyScmGCIJ2OaV7YQAfBwPYl
|
|
||||||
sjnlFw2R9VvubdZK8uwYAWhjztRq40X0iutO3xTnOU6wX/doU02kfRzQltGXasKH
|
|
||||||
kb+trWjCWVVK2HvxJUgj6cvPrpl7R+fIUMJMNfYirrzntqQM63AB291opisnIT+G
|
|
||||||
OxZbSmDR5/LYG5HCEtMgZN0knMoiLbdB9LxI0p0x7W+yuk5Yn+E3W/7IwlfihvTz
|
|
||||||
wlbFGFr4WVLH6065BOc0CYn0bMrU7mo8RFt2m1wrkOq0tzHcfXk=
|
|
||||||
=m6a1
|
|
||||||
-----END PGP SIGNATURE-----
|
|
||||||
3
Python-3.8.18.tar.xz
Normal file
3
Python-3.8.18.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:3ffb71cd349a326ba7b2fadc7e7df86ba577dd9c4917e52a8401adbda7405e3f
|
||||||
|
size 20696952
|
||||||
16
Python-3.8.18.tar.xz.asc
Normal file
16
Python-3.8.18.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmTnuvoACgkQsmmV4xAl
|
||||||
|
BWj4nA//brAaCYj+V6woO1gcYScI2xk2Ncmq3Mj1T/s0tkLxpFcaevsu4snnY4tV
|
||||||
|
VhGVTMZPBSi7F1stLXwwb2WLisuNsr2oYCdze2BKyMWyRrF1SlLX+Uj7R5PQbZRn
|
||||||
|
b7PuFTQcfUxXISkof6fL8dhfF+uWkLUO83xxb/Yxl37IXZVIXaJbOFQtIVRxhbFC
|
||||||
|
U4yAwKdzMLpvwOdzHgc5l6GewUdIkBWGVObalSXs8jCOeu+GY/Q17oUQv9pxsSp6
|
||||||
|
UY1nnvfYSPzOeIB5QzdNVoISP4DZRacZu5k26niK2QhUUdey66KWPBUgxQ5jFoJl
|
||||||
|
bhpA1Idp9p54sNgZOSYkWsMvoLSBkXuzfcmfgGCANZ2FYkGCs0En6YbUHwBTjWdk
|
||||||
|
ll+ZrxZuYTy1JfP0fFEp1vLBBSdjla5MIDFp5DRT0GL82GvwGvPyH5JEhhinFReZ
|
||||||
|
kkdk2leRUWKhNhGfv9Ln3A/glNX2txIDKuXT1/N2CQXxfOpQA6QqFGjkUVAQa8iY
|
||||||
|
LqpHyTs66pmrTqqEzbRUv6o+fEvJPzMzhs526EBvpzj/xhCY2we84FEAzKtF6Vmm
|
||||||
|
vT4bHKhw6eKfpGZFbSQrH2mnl4b7B/6zPfzsotec44tNijeuc/fAlJfaINg2Xvcg
|
||||||
|
9rhOV6KGsNI6K5PNdemQxJ1hoeDS7WnKJPAutQQor1uqrvekby0=
|
||||||
|
=F51n
|
||||||
|
-----END PGP SIGNATURE-----
|
||||||
@ -1,3 +1,20 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 6 06:09:33 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
|
||||||
|
|
||||||
|
- Update to 3.8.18 (bsc#1214692):
|
||||||
|
- gh-108310: Fixed an issue where instances of ssl.SSLSocket were
|
||||||
|
vulnerable to a bypass of the TLS handshake and included
|
||||||
|
protections (like certificate verification) and treating sent
|
||||||
|
unencrypted data as if it were post-handshake TLS encrypted data.
|
||||||
|
Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
|
||||||
|
Gregory P. Smith.
|
||||||
|
- gh-107845: tarfile.data_filter() now takes the location of
|
||||||
|
symlinks into account when determining their target, so it will no
|
||||||
|
longer reject some valid tarballs with
|
||||||
|
LinkOutsideDestinationError.
|
||||||
|
- gh-107565: Update multissltests and GitHub CI workflows to use
|
||||||
|
OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||||||
|
|
||||||
|
|||||||
@ -92,7 +92,7 @@
|
|||||||
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
|
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
|
||||||
%bcond_without profileopt
|
%bcond_without profileopt
|
||||||
Name: %{python_pkg_name}%{psuffix}
|
Name: %{python_pkg_name}%{psuffix}
|
||||||
Version: 3.8.17
|
Version: 3.8.18
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Python 3 Interpreter
|
Summary: Python 3 Interpreter
|
||||||
License: Python-2.0
|
License: Python-2.0
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user