SHA256
1
0
forked from pool/python310
python310/Python-3.10.14.tar.xz.asc
Matej Cepl 041ff70f73 - Update 3.10.14:
- gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0
    to address CVE-2023-52425, and control of the new reparse
    deferral functionality was exposed with new APIs
  - gh-109858: zipfile is now protected from the “quoted-overlap”
    zipbomb to address CVE-2024-0450. It now raises BadZipFile
    when attempting to read an entry that overlaps with another
    entry or central directory
  - gh-91133: tempfile.TemporaryDirectory cleanup no longer
    dereferences symlinks when working around file system
    permission errors to address CVE-2023-6597
  - gh-115197: urllib.request no longer resolves the hostname
    before checking it against the system’s proxy bypass list on
    macOS and Windows
  - gh-81194: a crash in socket.if_indextoname() with a specific
    value (UINT_MAX) was fixed. Relatedly, an integer overflow in
    socket.if_indextoname() on 64-bit non-Windows platforms was
    fixed
  - gh-113659: .pth files with names starting with a dot or
    containing the hidden file attribute are now skipped
  - gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer
    read out of bounds
  - gh-114572: ssl.SSLContext.cert_store_stats() and
    ssl.SSLContext.get_ca_certs() now correctly lock access to
    the certificate store, when the ssl.SSLContext is shared
    across multiple threads
- Remove upstreamed patches:
  - CVE-2023-6597-TempDir-cleaning-symlink.patch
- Port to %autosetup and %autopatch.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=119
2024-03-21 16:45:30 +00:00

17 lines
833 B
Plaintext

-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmX6IF0ACgkQsmmV4xAl
BWj0Lw//cYVyJ6YPSr42rylEeHV3+jZNjgpNadPFlM46M9zKmx8tP95fAut+JDF4
gwcuql/lvfbPw1eJDrX+7TiIn33yS+KZDD/J2U6v/aCbuLByOWGWt5C3BfE6U5o/
FkCbJ2GM6e4M85dVGEIudgwoZfZByRLxA8HJ6n37UhoeXSQQTr8LHfC4w7lyXJ+D
V2JQ+Mru0NJmG2FaVA+46Rez1ynsqSQnabJsM+0Kmaqs+ziWHSpWkLMecwqrojcJ
kzEs6TBGCaPDJncSONRU2o8i4pzkeq9SsXGT03kHsfPTZqU5sJD6yIeiIJbhQfea
+hPKg5+LVNDnOeSWPzm+5Fs1WWqeVNiFi/pDG4ofVXH79ULP7hxnnDMRe/ShdWWh
gp4uchu15tqbQLwCdH7r/r/j21PjSYxJBnz+1n2Yon9hYrjT8wTPalt6TyaQ7dpL
tKG/JLC8r9hxMSFSa6QlHB/+kOu57NZccy4XoitCEQhsnqmRFX/7zCiHM3P4t1G9
RrLWYseS9elf6OZUlvF1PbwiEuRA36pvGCHEF0NWBF4yVxShN81f05pZutZVfVFx
W2V/ACB10agGbMsR5FVJROLo0zuek/G/QJ9GSp6cB6D1xuNbL1nNFfWZ7aEzPdeu
yBZkyyY4bOqstAw2I/bOlZTfFEMwdZFG6Zg2au/mtt2qFcGIEKM=
=9/7V
-----END PGP SIGNATURE-----