Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python310 for openSUSE:Factory
checked in at 2023-06-30 19:58:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python310 (Old)
and /work/SRC/openSUSE:Factory/.python310.new.13546 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python310"
Fri Jun 30 19:58:24 2023 rev:33 rq:1095863 version:3.10.12
Changes:
--------
--- /work/SRC/openSUSE:Factory/python310/python310.changes 2023-06-22
23:24:56.369668004 +0200
+++ /work/SRC/openSUSE:Factory/.python310.new.13546/python310.changes
2023-06-30 19:58:40.461572851 +0200
@@ -1,0 +2,31 @@
+Wed Jun 28 16:57:46 UTC 2023 - Matej Cepl <mc...@suse.com>
+
+- Update to 3.10.12:
+ - gh-103142: The version of OpenSSL used in Windows and
+ Mac installers has been upgraded to 1.1.1u to address
+ CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
+ as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
+ fixed previously in 1.1.1t (gh-101727).
+ - gh-102153: urllib.parse.urlsplit() now strips leading C0
+ control and space characters following the specification for
+ URLs defined by WHATWG in response to CVE-2023-24329
+ (bsc#1208471).
+ - gh-99889: Fixed a security in flaw in uu.decode() that could
+ allow for directory traversal based on the input if no
+ out_file was specified.
+ - gh-104049: Do not expose the local on-disk
+ location in directory indexes produced by
+ http.client.SimpleHTTPRequestHandler.
+ - gh-103935: trace.__main__ now uses io.open_code() for files
+ to be executed instead of raw open().
+ - gh-102953: The extraction methods in tarfile, and
+ shutil.unpack_archive(), have a new filter argument that
+ allows limiting tar features than may be surprising or
+ dangerous, such as creating files outside the destination
+ directory. See Extraction filters for details (fixing
+ CVE-2007-4559, bsc#1203750).
+- Remove upstreamed patches:
+ - CVE-2023-24329-blank-URL-bypass.patch
+ - CVE-2007-4559-filter-tarfile_extractall.patch
+
+-------------------------------------------------------------------
Old:
----
CVE-2007-4559-filter-tarfile_extractall.patch
CVE-2023-24329-blank-URL-bypass.patch
Python-3.10.11.tar.xz
Python-3.10.11.tar.xz.asc
New:
----
Python-3.10.12.tar.xz
Python-3.10.12.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python310.spec ++++++
--- /var/tmp/diff_new_pack.L8cSWb/_old 2023-06-30 19:58:41.625579774 +0200
+++ /var/tmp/diff_new_pack.L8cSWb/_new 2023-06-30 19:58:41.629579798 +0200
@@ -103,7 +103,7 @@
%define dynlib()
%{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
-Version: 3.10.11
+Version: 3.10.12
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@@ -166,13 +166,6 @@
# PATCH-FIX-UPSTREAM bpo-46811 gh#python/cpython#7da97f61816f mc...@suse.com
# NOTE: SUSE version of expat 2.4.4 is patched in SUSE for CVE-2022-25236
Patch36: support-expat-CVE-2022-25236-patched.patch
-# PATCH-FIX-UPSTREAM CVE-2023-24329-blank-URL-bypass.patch bsc#1208471
mc...@suse.com
-# blocklist bypass via the urllib.parse component when supplying
-# a URL that starts with blank characters
-Patch37: CVE-2023-24329-blank-URL-bypass.patch
-# PATCH-FIX-UPSTREAM CVE-2007-4559-filter-tarfile_extractall.patch bsc#1203750
mc...@suse.com
-# PEP 706 â Filter for tarfile.extractall
-Patch38: CVE-2007-4559-filter-tarfile_extractall.patch
# PATCH-FIX-UPSTREAM bpo-37596-make-set-marshalling.patch bsc#1211765
mc...@suse.com
# Make `set` and `frozenset` marshalling deterministic
Patch39: bpo-37596-make-set-marshalling.patch
@@ -447,8 +440,6 @@
%endif
%patch35 -p1
%patch36 -p1
-%patch37 -p1
-%patch38 -p1
%patch39 -p1
# drop Autoconf version requirement
++++++ Python-3.10.11.tar.xz -> Python-3.10.12.tar.xz ++++++
/work/SRC/openSUSE:Factory/python310/Python-3.10.11.tar.xz
/work/SRC/openSUSE:Factory/.python310.new.13546/Python-3.10.12.tar.xz differ:
char 27, line 1
