forked from pool/python310
- Update 3.10.14:
- gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0
to address CVE-2023-52425, and control of the new reparse
deferral functionality was exposed with new APIs
- gh-109858: zipfile is now protected from the “quoted-overlap”
zipbomb to address CVE-2024-0450. It now raises BadZipFile
when attempting to read an entry that overlaps with another
entry or central directory
- gh-91133: tempfile.TemporaryDirectory cleanup no longer
dereferences symlinks when working around file system
permission errors to address CVE-2023-6597
- gh-115197: urllib.request no longer resolves the hostname
before checking it against the system’s proxy bypass list on
macOS and Windows
- gh-81194: a crash in socket.if_indextoname() with a specific
value (UINT_MAX) was fixed. Relatedly, an integer overflow in
socket.if_indextoname() on 64-bit non-Windows platforms was
fixed
- gh-113659: .pth files with names starting with a dot or
containing the hidden file attribute are now skipped
- gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer
read out of bounds
- gh-114572: ssl.SSLContext.cert_store_stats() and
ssl.SSLContext.get_ca_certs() now correctly lock access to
the certificate store, when the ssl.SSLContext is shared
across multiple threads
- Remove upstreamed patches:
- CVE-2023-6597-TempDir-cleaning-symlink.patch
- Port to %autosetup and %autopatch.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=119
This commit is contained in:
Git OBS Bridge
@@ -1,3 +1,36 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 21 07:38:15 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||||
|
||||
- Update 3.10.14:
|
||||
- gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0
|
||||
to address CVE-2023-52425, and control of the new reparse
|
||||
deferral functionality was exposed with new APIs
|
||||
- gh-109858: zipfile is now protected from the “quoted-overlap”
|
||||
zipbomb to address CVE-2024-0450. It now raises BadZipFile
|
||||
when attempting to read an entry that overlaps with another
|
||||
entry or central directory
|
||||
- gh-91133: tempfile.TemporaryDirectory cleanup no longer
|
||||
dereferences symlinks when working around file system
|
||||
permission errors to address CVE-2023-6597
|
||||
- gh-115197: urllib.request no longer resolves the hostname
|
||||
before checking it against the system’s proxy bypass list on
|
||||
macOS and Windows
|
||||
- gh-81194: a crash in socket.if_indextoname() with a specific
|
||||
value (UINT_MAX) was fixed. Relatedly, an integer overflow in
|
||||
socket.if_indextoname() on 64-bit non-Windows platforms was
|
||||
fixed
|
||||
- gh-113659: .pth files with names starting with a dot or
|
||||
containing the hidden file attribute are now skipped
|
||||
- gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer
|
||||
read out of bounds
|
||||
- gh-114572: ssl.SSLContext.cert_store_stats() and
|
||||
ssl.SSLContext.get_ca_certs() now correctly lock access to
|
||||
the certificate store, when the ssl.SSLContext is shared
|
||||
across multiple threads
|
||||
- Remove upstreamed patches:
|
||||
- CVE-2023-6597-TempDir-cleaning-symlink.patch
|
||||
- Port to %autosetup and %autopatch.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user