python-interpreters/python310
SHA256
6
0
Fork 0
forked from pool/python310
Code Pull Requests Activity

Accepting request 1108888 from home:dgarcia:branches:devel:languages:python:Factory

Browse Source 
- Add fix-sphinx-72.patch to make it work with latest sphinx version
  gh#python/cpython#97950
- Update to 3.10.13:
  - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
    vulnerable to a bypass of the TLS handshake and included
    protections (like certificate verification) and treating sent
    unencrypted data as if it were post-handshake TLS encrypted data.
    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
    Gregory P. Smith.
  - gh-107845: tarfile.data_filter() now takes the location of
    symlinks into account when determining their target, so it will no
    longer reject some valid tarballs with
    LinkOutsideDestinationError.
  - gh-107565: Update multissltests and GitHub CI workflows to use
    OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
  - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
    *consumed was not set.

OBS-URL: https://build.opensuse.org/request/show/1108888
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=105
This commit is contained in:
Dirk Mueller
2023-09-04 15:07:39 +00:00
committed by Git OBS Bridge
parent 4a7871d409
commit 310cd89462
8 changed files with 3185 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
python310.changes
View File

@@ -1,3 +1,24 @@
-------------------------------------------------------------------
Mon Sep 4 13:18:29 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
- Add fix-sphinx-72.patch to make it work with latest sphinx version
gh#python/cpython#97950
- Update to 3.10.13:
- gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included
protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.
Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
Gregory P. Smith.
- gh-107845: tarfile.data_filter() now takes the location of
symlinks into account when determining their target, so it will no
longer reject some valid tarballs with
LinkOutsideDestinationError.
- gh-107565: Update multissltests and GitHub CI workflows to use
OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
- gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
*consumed was not set.
-------------------------------------------------------------------
Thu Aug 3 14:13:30 UTC 2023 - Matej Cepl <mcepl@suse.com>