From 36d04b865e2d8d3ad8b04a29191c16ebcd8b11950d52e277f6819e4917c3b68c Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Wed, 6 Sep 2023 06:19:21 +0000 Subject: [PATCH] - Update to 3.8.18 (bsc#1214692): - gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. - gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with LinkOutsideDestinationError. - gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, 3.0.10, and 3.1.2. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=137 --- Python-3.8.17.tar.xz | 3 --- Python-3.8.17.tar.xz.asc | 16 ---------------- Python-3.8.18.tar.xz | 3 +++ Python-3.8.18.tar.xz.asc | 16 ++++++++++++++++ python38.changes | 17 +++++++++++++++++ python38.spec | 2 +- 6 files changed, 37 insertions(+), 20 deletions(-) delete mode 100644 Python-3.8.17.tar.xz delete mode 100644 Python-3.8.17.tar.xz.asc create mode 100644 Python-3.8.18.tar.xz create mode 100644 Python-3.8.18.tar.xz.asc diff --git a/Python-3.8.17.tar.xz b/Python-3.8.17.tar.xz deleted file mode 100644 index 93026ad..0000000 --- a/Python-3.8.17.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2e54b0c68191f16552f6de2e97a2396540572a219f6bbb28591a137cecc490a9 -size 20696584 diff --git a/Python-3.8.17.tar.xz.asc b/Python-3.8.17.tar.xz.asc deleted file mode 100644 index 1a31f68..0000000 --- a/Python-3.8.17.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmR/P90ACgkQsmmV4xAl -BWgSZhAAkO3g9Wo9y6hK22U7RvEoe/t8hmsAjXCGRnHDywQWd/utJoROjbwE7C7M -hACiYdBrEoBLV0UDtTkvkMiBwD32kKgjBYh8zUIpQt52ysbC4nZmvlRF2p9IfTVq -x1MmlW4JwKCqc4Oj3me5sD3Z8JRuN9EuIYybnSRXhLLV6d7kn5MMJMbQ7L16Jc5I -ORXUTzt9Oq49qZ6gIJxbtdvEuVNcpTYc0BYo/8eJtcVualPZ47hnHjQUnRfEd9Mq -P3AEW4KCeuosOdjDxf/qXl6UvH79gpesSG1tzlDt7egmDk0DYwyod5cKntE2RIaU -OcSvBG8QlzfOg2Yj1/zL5wcL90jVP5z2j/532tQeiycIMU1fEpBGPJm/q10IGZtg -wa9Z84Z0FRU3FKBOLem89wtzQCUWBFWO0u7cRHyUYWyScmGCIJ2OaV7YQAfBwPYl -sjnlFw2R9VvubdZK8uwYAWhjztRq40X0iutO3xTnOU6wX/doU02kfRzQltGXasKH -kb+trWjCWVVK2HvxJUgj6cvPrpl7R+fIUMJMNfYirrzntqQM63AB291opisnIT+G -OxZbSmDR5/LYG5HCEtMgZN0knMoiLbdB9LxI0p0x7W+yuk5Yn+E3W/7IwlfihvTz -wlbFGFr4WVLH6065BOc0CYn0bMrU7mo8RFt2m1wrkOq0tzHcfXk= -=m6a1 ------END PGP SIGNATURE----- diff --git a/Python-3.8.18.tar.xz b/Python-3.8.18.tar.xz new file mode 100644 index 0000000..9701bff --- /dev/null +++ b/Python-3.8.18.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3ffb71cd349a326ba7b2fadc7e7df86ba577dd9c4917e52a8401adbda7405e3f +size 20696952 diff --git a/Python-3.8.18.tar.xz.asc b/Python-3.8.18.tar.xz.asc new file mode 100644 index 0000000..256e456 --- /dev/null +++ b/Python-3.8.18.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmTnuvoACgkQsmmV4xAl +BWj4nA//brAaCYj+V6woO1gcYScI2xk2Ncmq3Mj1T/s0tkLxpFcaevsu4snnY4tV +VhGVTMZPBSi7F1stLXwwb2WLisuNsr2oYCdze2BKyMWyRrF1SlLX+Uj7R5PQbZRn +b7PuFTQcfUxXISkof6fL8dhfF+uWkLUO83xxb/Yxl37IXZVIXaJbOFQtIVRxhbFC +U4yAwKdzMLpvwOdzHgc5l6GewUdIkBWGVObalSXs8jCOeu+GY/Q17oUQv9pxsSp6 +UY1nnvfYSPzOeIB5QzdNVoISP4DZRacZu5k26niK2QhUUdey66KWPBUgxQ5jFoJl +bhpA1Idp9p54sNgZOSYkWsMvoLSBkXuzfcmfgGCANZ2FYkGCs0En6YbUHwBTjWdk +ll+ZrxZuYTy1JfP0fFEp1vLBBSdjla5MIDFp5DRT0GL82GvwGvPyH5JEhhinFReZ +kkdk2leRUWKhNhGfv9Ln3A/glNX2txIDKuXT1/N2CQXxfOpQA6QqFGjkUVAQa8iY +LqpHyTs66pmrTqqEzbRUv6o+fEvJPzMzhs526EBvpzj/xhCY2we84FEAzKtF6Vmm +vT4bHKhw6eKfpGZFbSQrH2mnl4b7B/6zPfzsotec44tNijeuc/fAlJfaINg2Xvcg +9rhOV6KGsNI6K5PNdemQxJ1hoeDS7WnKJPAutQQor1uqrvekby0= +=F51n +-----END PGP SIGNATURE----- diff --git a/python38.changes b/python38.changes index 331f237..53e63cc 100644 --- a/python38.changes +++ b/python38.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Wed Sep 6 06:09:33 UTC 2023 - Daniel Garcia + +- Update to 3.8.18 (bsc#1214692): + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will no + longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + ------------------------------------------------------------------- Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl diff --git a/python38.spec b/python38.spec index 72656b4..4a3e7af 100644 --- a/python38.spec +++ b/python38.spec @@ -92,7 +92,7 @@ %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.8.17 +Version: 3.8.18 Release: 0 Summary: Python 3 Interpreter License: Python-2.0