Accepting request 1109203 from devel:languages:python:Factory

- Update to 3.9.18 (bsc#1214692):
  - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
    vulnerable to a bypass of the TLS handshake and included
    protections (like certificate verification) and treating sent
    unencrypted data as if it were post-handshake TLS encrypted data.
    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
    Gregory P. Smith.
  - gh-107845: tarfile.data_filter() now takes the location of
    symlinks into account when determining their target, so it will no
    longer reject some valid tarballs with
    LinkOutsideDestinationError.
  - gh-107565: Update multissltests and GitHub CI workflows to use
    OpenSSL 1.1.1v, 3.0.10, and 3.1.2.

OBS-URL: https://build.opensuse.org/request/show/1109203
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python39?expand=0&rev=50

Python-3.9.17.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:30ce057c44f283f8ed93606ccbdb8d51dd526bdc4c62cce5e0dc217bfa3e8cee
-size 19647312

Python-3.9.17.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmR/AFcACgkQsmmV4xAl
-BWg7Fg/7Bq3qKbUD+4LYCOEESdu1MQm4bxfySqFLrzfe0YML/Xvei3ot/MsoTxY+
-9dwLivBab6YVDw3x65Zm2Y1sKAwcKn80qcwfxkxKPFVzeFAIYaO48zACJ5gvNEwk
-tXxEcDV0Nirs5ksqjs439eWXFFSZJJjHUxrBKwVVXoVTl9P3wbvKzeAUGuWMdvBt
-8RYtaHMt24w+mtFBdBM5ODl9qHD30HvEdHItF1HFtnnIR2mvE5W3dNkytrEWckq7
-urrQZlIFqSffnK89oNrQBGQC1dipzfgb3Vdk52usIVq+3J9VeWEmw8my/HUtf6LM
-uSETKCDM6POcC1Hjn3Zar8pVg/5IrGfag2aOWPQwRf5+py+nHO9a8P0nAz1TvygJ
-Q4FPcGCRyxa6gw9TEoO3zutQrHG2q+bvr61hSx3bcnlTk5EwTgblxOw9A5L++uzQ
-JK6vkPIaid4KboIOgpgw2xYWu8uVl2KtEyOeNrvZubuYqKh3xy25lNZT0tT6Axtv
-jOKC84FSvp5fLRAAHAr9B6uycKRlNY2Ca6t8FkkD0v2NgsRVM2Mc11/i/NS+EFKc
-hCZgAvbIEX17DQQNcmki1FWeJ0LfoE7PZgte7f6o1J9lcBYhmfC6nIWJ6Q3zZX/y
-96EESfeEshigdMEwlkCtYSJTc5/WpdiZ0LQyI0x/RQFb8Q4XHS0=
-=xjRt
------END PGP SIGNATURE-----

Python-3.9.18.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:01597db0132c1cf7b331eff68ae09b5a235a3c3caa9c944c29cac7d1c4c4c00a
+size 19673928

Python-3.9.18.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmTnntEACgkQsmmV4xAl
+BWgmQw/9EFWMXtSfWBV93AQF37r0nbUnOBvrOcubkO7ygt+GfHKzN8EPuNeO2It7
+yNZDuCmwepnNGaIkO7UkgbwYyNw3YaoHQqxG8izAfJAVqK6BSk8UAET/YKWFXbLv
+cZBfgxSa0tTEkwq3BAY4vDewRXnLkUq7k6JRRCKFGLNSi/ygC56SijxyAV2g4Vio
+Qcwr9VhsTvz6ujoWuPrfVpUY4I81LBJxKK7n9zBreYzh5uUXRu5k4lN2W8HrE4q0
+7tTdsccB9j1CJAiUacYLxTFsvwd/hBs9+g9Eu5kqGeChqEU56Gd8wR96TEu8cVIZ
+Bv5UEo9MgT1KsJwk0FMfV8qVScqZrGG3QaoMtNAeAm/tUrhhZO9ANYsC9dey03ut
+tU6s5GAeh6i17bqW5WfvzCdhY9ayCInndzkq7SPi9F7fYx79PgdsofqPdyCSBXUo
+Ozfn1VQkYQJTmYtrwqLfdAivubaEPIf1+fLqMOXbrI85Ujuy5xzlgVrrqO2K9rbE
+DYyPgGZjPtss/yZGRCUdJX6rbW8Tq0HKt/8HpbW5fCt9o0wCSawR71GhzPA1fpNs
+0mkAGvvoNGdiSizTLLPvNCaecw4kSzeBNViyP6oRCv69ifNqHPErItsMZ0YIMU14
+w4/d9yI9kUa2bvE3cmx6G+9OS8PYip9MsJbQgP7kJsZ8wgt9rQU=
+=aw+P
+-----END PGP SIGNATURE-----

python39.changes

@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Wed Sep  6 06:38:27 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 3.9.18 (bsc#1214692):
+  - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
+    vulnerable to a bypass of the TLS handshake and included
+    protections (like certificate verification) and treating sent
+    unencrypted data as if it were post-handshake TLS encrypted data.
+    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
+    Gregory P. Smith.
+  - gh-107845: tarfile.data_filter() now takes the location of
+    symlinks into account when determining their target, so it will no
+    longer reject some valid tarballs with
+    LinkOutsideDestinationError.
+  - gh-107565: Update multissltests and GitHub CI workflows to use
+    OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
+
 -------------------------------------------------------------------
 Thu Aug  3 14:53:38 UTC 2023 - Matej Cepl <mcepl@suse.com>
 

python39.spec

@@ -93,7 +93,7 @@
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 %bcond_without profileopt
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.9.17
+Version:        3.9.18
 Release:        0
 Summary:        Python 3 Interpreter
 License:        Python-2.0