- Update to 3.8.15:

- Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - Update bundled libexpat to 2.4.9 - Fixes a potential buffer overrun in msilib. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=106
2022-10-19 07:18:07 +00:00 · 2022-10-19 07:18:07 +00:00 · b21d8c938d
commit b21d8c938d
parent 07285bcb8c
6 changed files with 40 additions and 20 deletions
--- a/Python-3.8.14.tar.xz
+++ b/Python-3.8.14.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5d77e278271ba803e9909a41a4f3baca006181c93ada682a5e5fe8dc4a24c5f3
-size 19031932
--- a/Python-3.8.14.tar.xz.asc
+++ b/Python-3.8.14.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmMXt3cACgkQsmmV4xAl
-BWhwsg/7BJyqcgE7Zdk5Pjm/uFSbWXeAUYuYn11m0cHvUu47rxalj3nR3sct5759
-MJO+GyvsoqIwoFHOY0Kre17lVdRAB06Au3q+bcWcxRPOYv8jdHBCHj7Um/p1yVxW
-z0EUl75rzSK5Fugj8DXirW94YpYaQSN0YOJoH371DHsBs5zy5nP3Rt329FwR6gqz
-LaiIgE2IgxtXjs+2e6xcI1idm/K39wbEbIv2NqW8zDcd/9cFsECEb2VRzWZibHxB
-WGK8sCTLAojFT7Me3Q/Zk6QnP8x6sA+QgtyfXJu5hIBDmJVIeWpmUUfx+c9IQxSU
-TdO8oh4T1rX2V5h6DpLMkzJ3DNn5u1evDvU8esZuSNQ9KKdoH97aGv+0vJszs3BF
-49QrF5ojxCEmeE3jqaetaVqSJRXiVL/VbBXlufQvP9CGyVlaEYXZzxeN4V3Obd6T
-8cx3cBJhEdnNI/gTGCRFliFS0/OdiBEw6xApzTsNw3pqvTZcPa6hGPhXAXgodTEG
-At7Ge5ZC9IpRvTGN2IKzWVaT96GOSfXACScprO978Y2TX6TzQrLbkh53SNC/COU+
-EAt2P5XZ+nhW8mYGJxClvdKgrBQyuQSj5J3QLubxQWOeFT3l6QUL6D1S5diTjhxn
-aoiUEcTCcm005lX3vvgLWBzoYo4hOpGNFcUx8ROMYCMPqFgaBFQ=
-=pVji
-----END PGP SIGNATURE-----
--- a/Python-3.8.15.tar.xz
+++ b/Python-3.8.15.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5114fc7918a2a5e20eb5aac696b30c36f412c6ef24b13f5c9eb9e056982d9550
+size 19038408
--- a/Python-3.8.15.tar.xz.asc
+++ b/Python-3.8.15.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmNFk9MACgkQsmmV4xAl
+BWjPyA//dMfeT6hw09rFQtv1w7LrAuLFrQ/03uqYz/MZPZZgMyGvN+bGbR9U9EPA
+DSntLM75GjzaXiZ8dMyvi+A/HJCX7CWeJATxVRBo+3GoFTZfmsex7B78oTakHGnZ
+3pHRDiXJovD8DPQo3/eNpbQsEri74MOqIIbBZfdrRc4Gqqv/rVRI1qxqYzt3hmHc
+NcsZudbvBlUe+5HWaYgXbgnuzixSK4iSftlfwx289bsx12b8jzY5OEP9z5NKGqLu
+Sfb0sUWaJptSn1iEKSfLj4AamN0PeeQObOXHz+N1hdqWmWjEBKX37CEnOyHjJyVc
+Xb1PH6vJPJbPBXBR3H8YP+jwG8jDIFItJph+NduQnfZ3yLPpjEiCHs/FyUzzIKWB
+iptNyVMBvgPiMDgge+kLICywbujtI2UB7tS3YO5rb09LtQiXxkGyDbE6R6Yu7ZMb
+qJJMAJUY9zHAN1rTLL7GJHHypwd3UHoXImMvrm15+vy3ctNTA6VDxn7Zw/uym7F/
+gZJY6JaUxsnPiOhtvPYHs6EOGwLFszWvgh7AhXjZ2uncPuZ/qzgWpWsRYsKIWSRz
+yVplWRGfXaZ96pWVKmHACZY6BdgZS18Y9FdRLiqYrNG85dfqd3XFrVJqQIFHjaUX
+bImNJRcwMpuU9p23CaSeUDRFdELVQ9dXfBq//x0JL2F6/vG1ADw=
+=jc+c
+-----END PGP SIGNATURE-----
--- a/python38.changes
+++ b/python38.changes
@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Wed Oct 19 07:12:23 UTC 2022 - Matej Cepl <mcepl@suse.com>
+
+- Update to 3.8.15:
+  - Fix multiplying a list by an integer (list *= int): detect
+    the integer overflow when the new allocated length is close
+    to the maximum size.
+  - Fix a shell code injection vulnerability in the
+    get-remote-certificate.py example script. The script no
+    longer uses a shell to run openssl commands. (originally
+    filed as CVE-2022-37460, later withdrawn)
+  - Fix command line parsing: reject -X int_max_str_digits option
+    with no value (invalid) when the PYTHONINTMAXSTRDIGITS
+    environment variable is set to a valid limit.
+  - When ValueError is raised if an integer is larger than the
+    limit, mention the sys.set_int_max_str_digits() function in
+    the error message.
+  - Update bundled libexpat to 2.4.9
+  - Fixes a potential buffer overrun in msilib.
+
 -------------------------------------------------------------------
 Sun Sep 11 09:07:38 UTC 2022 - Matej Cepl <mcepl@suse.com>

--- a/python38.spec
+++ b/python38.spec
@ -92,7 +92,7 @@
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 %bcond_without profileopt
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.8.14
+Version:        3.8.15
 Release:        0
 Summary:        Python 3 Interpreter
 License:        Python-2.0