From b21d8c938d62703a3e422dbfb205eb49f92dbb3f7141ad0c859664b3562fd4c2 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 19 Oct 2022 07:18:07 +0000 Subject: [PATCH] - Update to 3.8.15: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - Update bundled libexpat to 2.4.9 - Fixes a potential buffer overrun in msilib. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=106 --- Python-3.8.14.tar.xz | 3 --- Python-3.8.14.tar.xz.asc | 16 ---------------- Python-3.8.15.tar.xz | 3 +++ Python-3.8.15.tar.xz.asc | 16 ++++++++++++++++ python38.changes | 20 ++++++++++++++++++++ python38.spec | 2 +- 6 files changed, 40 insertions(+), 20 deletions(-) delete mode 100644 Python-3.8.14.tar.xz delete mode 100644 Python-3.8.14.tar.xz.asc create mode 100644 Python-3.8.15.tar.xz create mode 100644 Python-3.8.15.tar.xz.asc diff --git a/Python-3.8.14.tar.xz b/Python-3.8.14.tar.xz deleted file mode 100644 index 33073c5..0000000 --- a/Python-3.8.14.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5d77e278271ba803e9909a41a4f3baca006181c93ada682a5e5fe8dc4a24c5f3 -size 19031932 diff --git a/Python-3.8.14.tar.xz.asc b/Python-3.8.14.tar.xz.asc deleted file mode 100644 index 4409695..0000000 --- a/Python-3.8.14.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmMXt3cACgkQsmmV4xAl -BWhwsg/7BJyqcgE7Zdk5Pjm/uFSbWXeAUYuYn11m0cHvUu47rxalj3nR3sct5759 -MJO+GyvsoqIwoFHOY0Kre17lVdRAB06Au3q+bcWcxRPOYv8jdHBCHj7Um/p1yVxW -z0EUl75rzSK5Fugj8DXirW94YpYaQSN0YOJoH371DHsBs5zy5nP3Rt329FwR6gqz -LaiIgE2IgxtXjs+2e6xcI1idm/K39wbEbIv2NqW8zDcd/9cFsECEb2VRzWZibHxB -WGK8sCTLAojFT7Me3Q/Zk6QnP8x6sA+QgtyfXJu5hIBDmJVIeWpmUUfx+c9IQxSU -TdO8oh4T1rX2V5h6DpLMkzJ3DNn5u1evDvU8esZuSNQ9KKdoH97aGv+0vJszs3BF -49QrF5ojxCEmeE3jqaetaVqSJRXiVL/VbBXlufQvP9CGyVlaEYXZzxeN4V3Obd6T -8cx3cBJhEdnNI/gTGCRFliFS0/OdiBEw6xApzTsNw3pqvTZcPa6hGPhXAXgodTEG -At7Ge5ZC9IpRvTGN2IKzWVaT96GOSfXACScprO978Y2TX6TzQrLbkh53SNC/COU+ -EAt2P5XZ+nhW8mYGJxClvdKgrBQyuQSj5J3QLubxQWOeFT3l6QUL6D1S5diTjhxn -aoiUEcTCcm005lX3vvgLWBzoYo4hOpGNFcUx8ROMYCMPqFgaBFQ= -=pVji ------END PGP SIGNATURE----- diff --git a/Python-3.8.15.tar.xz b/Python-3.8.15.tar.xz new file mode 100644 index 0000000..ac6f6b1 --- /dev/null +++ b/Python-3.8.15.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5114fc7918a2a5e20eb5aac696b30c36f412c6ef24b13f5c9eb9e056982d9550 +size 19038408 diff --git a/Python-3.8.15.tar.xz.asc b/Python-3.8.15.tar.xz.asc new file mode 100644 index 0000000..95c97e6 --- /dev/null +++ b/Python-3.8.15.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmNFk9MACgkQsmmV4xAl +BWjPyA//dMfeT6hw09rFQtv1w7LrAuLFrQ/03uqYz/MZPZZgMyGvN+bGbR9U9EPA +DSntLM75GjzaXiZ8dMyvi+A/HJCX7CWeJATxVRBo+3GoFTZfmsex7B78oTakHGnZ +3pHRDiXJovD8DPQo3/eNpbQsEri74MOqIIbBZfdrRc4Gqqv/rVRI1qxqYzt3hmHc +NcsZudbvBlUe+5HWaYgXbgnuzixSK4iSftlfwx289bsx12b8jzY5OEP9z5NKGqLu +Sfb0sUWaJptSn1iEKSfLj4AamN0PeeQObOXHz+N1hdqWmWjEBKX37CEnOyHjJyVc +Xb1PH6vJPJbPBXBR3H8YP+jwG8jDIFItJph+NduQnfZ3yLPpjEiCHs/FyUzzIKWB +iptNyVMBvgPiMDgge+kLICywbujtI2UB7tS3YO5rb09LtQiXxkGyDbE6R6Yu7ZMb +qJJMAJUY9zHAN1rTLL7GJHHypwd3UHoXImMvrm15+vy3ctNTA6VDxn7Zw/uym7F/ +gZJY6JaUxsnPiOhtvPYHs6EOGwLFszWvgh7AhXjZ2uncPuZ/qzgWpWsRYsKIWSRz +yVplWRGfXaZ96pWVKmHACZY6BdgZS18Y9FdRLiqYrNG85dfqd3XFrVJqQIFHjaUX +bImNJRcwMpuU9p23CaSeUDRFdELVQ9dXfBq//x0JL2F6/vG1ADw= +=jc+c +-----END PGP SIGNATURE----- diff --git a/python38.changes b/python38.changes index 3e9fa1e..94e02e7 100644 --- a/python38.changes +++ b/python38.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Wed Oct 19 07:12:23 UTC 2022 - Matej Cepl + +- Update to 3.8.15: + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. (originally + filed as CVE-2022-37460, later withdrawn) + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. + - Update bundled libexpat to 2.4.9 + - Fixes a potential buffer overrun in msilib. + ------------------------------------------------------------------- Sun Sep 11 09:07:38 UTC 2022 - Matej Cepl diff --git a/python38.spec b/python38.spec index 3377b97..4708b23 100644 --- a/python38.spec +++ b/python38.spec @@ -92,7 +92,7 @@ %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.8.14 +Version: 3.8.15 Release: 0 Summary: Python 3 Interpreter License: Python-2.0