Accepting request 1109196 from devel:languages:python:Factory

- Update to 3.8.18 (bsc#1214692): - gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. - gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with LinkOutsideDestinationError. - gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, 3.0.10, and 3.1.2. OBS-URL: https://build.opensuse.org/request/show/1109196 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=40
2023-09-06 16:59:26 +00:00 · 2023-09-06 16:59:26 +00:00 · 0ab6b54fde
commit 0ab6b54fde
parent a1dd924e47 36d04b865e
6 changed files with 37 additions and 20 deletions
--- a/Python-3.8.17.tar.xz
+++ b/Python-3.8.17.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2e54b0c68191f16552f6de2e97a2396540572a219f6bbb28591a137cecc490a9
-size 20696584
--- a/Python-3.8.17.tar.xz.asc
+++ b/Python-3.8.17.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmR/P90ACgkQsmmV4xAl
-BWgSZhAAkO3g9Wo9y6hK22U7RvEoe/t8hmsAjXCGRnHDywQWd/utJoROjbwE7C7M
-hACiYdBrEoBLV0UDtTkvkMiBwD32kKgjBYh8zUIpQt52ysbC4nZmvlRF2p9IfTVq
-x1MmlW4JwKCqc4Oj3me5sD3Z8JRuN9EuIYybnSRXhLLV6d7kn5MMJMbQ7L16Jc5I
-ORXUTzt9Oq49qZ6gIJxbtdvEuVNcpTYc0BYo/8eJtcVualPZ47hnHjQUnRfEd9Mq
-P3AEW4KCeuosOdjDxf/qXl6UvH79gpesSG1tzlDt7egmDk0DYwyod5cKntE2RIaU
-OcSvBG8QlzfOg2Yj1/zL5wcL90jVP5z2j/532tQeiycIMU1fEpBGPJm/q10IGZtg
-wa9Z84Z0FRU3FKBOLem89wtzQCUWBFWO0u7cRHyUYWyScmGCIJ2OaV7YQAfBwPYl
-sjnlFw2R9VvubdZK8uwYAWhjztRq40X0iutO3xTnOU6wX/doU02kfRzQltGXasKH
-kb+trWjCWVVK2HvxJUgj6cvPrpl7R+fIUMJMNfYirrzntqQM63AB291opisnIT+G
-OxZbSmDR5/LYG5HCEtMgZN0knMoiLbdB9LxI0p0x7W+yuk5Yn+E3W/7IwlfihvTz
-wlbFGFr4WVLH6065BOc0CYn0bMrU7mo8RFt2m1wrkOq0tzHcfXk=
-=m6a1
-----END PGP SIGNATURE-----
--- a/Python-3.8.18.tar.xz
+++ b/Python-3.8.18.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3ffb71cd349a326ba7b2fadc7e7df86ba577dd9c4917e52a8401adbda7405e3f
+size 20696952
--- a/Python-3.8.18.tar.xz.asc
+++ b/Python-3.8.18.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmTnuvoACgkQsmmV4xAl
+BWj4nA//brAaCYj+V6woO1gcYScI2xk2Ncmq3Mj1T/s0tkLxpFcaevsu4snnY4tV
+VhGVTMZPBSi7F1stLXwwb2WLisuNsr2oYCdze2BKyMWyRrF1SlLX+Uj7R5PQbZRn
+b7PuFTQcfUxXISkof6fL8dhfF+uWkLUO83xxb/Yxl37IXZVIXaJbOFQtIVRxhbFC
+U4yAwKdzMLpvwOdzHgc5l6GewUdIkBWGVObalSXs8jCOeu+GY/Q17oUQv9pxsSp6
+UY1nnvfYSPzOeIB5QzdNVoISP4DZRacZu5k26niK2QhUUdey66KWPBUgxQ5jFoJl
+bhpA1Idp9p54sNgZOSYkWsMvoLSBkXuzfcmfgGCANZ2FYkGCs0En6YbUHwBTjWdk
+ll+ZrxZuYTy1JfP0fFEp1vLBBSdjla5MIDFp5DRT0GL82GvwGvPyH5JEhhinFReZ
+kkdk2leRUWKhNhGfv9Ln3A/glNX2txIDKuXT1/N2CQXxfOpQA6QqFGjkUVAQa8iY
+LqpHyTs66pmrTqqEzbRUv6o+fEvJPzMzhs526EBvpzj/xhCY2we84FEAzKtF6Vmm
+vT4bHKhw6eKfpGZFbSQrH2mnl4b7B/6zPfzsotec44tNijeuc/fAlJfaINg2Xvcg
+9rhOV6KGsNI6K5PNdemQxJ1hoeDS7WnKJPAutQQor1uqrvekby0=
+=F51n
+-----END PGP SIGNATURE-----
--- a/python38.changes
+++ b/python38.changes
@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Wed Sep  6 06:09:33 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 3.8.18 (bsc#1214692):
+  - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
+    vulnerable to a bypass of the TLS handshake and included
+    protections (like certificate verification) and treating sent
+    unencrypted data as if it were post-handshake TLS encrypted data.
+    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
+    Gregory P. Smith.
+  - gh-107845: tarfile.data_filter() now takes the location of
+    symlinks into account when determining their target, so it will no
+    longer reject some valid tarballs with
+    LinkOutsideDestinationError.
+  - gh-107565: Update multissltests and GitHub CI workflows to use
+    OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
+
 -------------------------------------------------------------------
 Thu Aug  3 14:53:38 UTC 2023 - Matej Cepl <mcepl@suse.com>

--- a/python38.spec
+++ b/python38.spec
@ -92,7 +92,7 @@
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 %bcond_without profileopt
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.8.17
+Version:        3.8.18
 Release:        0
 Summary:        Python 3 Interpreter
 License:        Python-2.0