Mon Sep 9 00:53:17 UTC 2024

patches/packages/python3-3.9.20-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Bundled libexpat was updated to 2.6.3. Fix quadratic complexity in parsing "-quoted cookie values with backslashes by http.cookies. Fixed various false positives and false negatives in IPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private, IPv6Address.is_global. Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIs with path starting with multiple slashes and no authority. Remove backtracking from tarfile header parsing for hdrcharset, PAX, and GNU sparse headers. email.utils.getaddresses() and email.utils.parseaddr() now return ('', '') 2-tuples in more situations where invalid email addresses are encountered instead of potentially inaccurate values. Add optional strict parameter to these two functions: use strict=False to get the old behavior, accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False) can be used to check if the strict paramater is available. Sanitize names in zipfile.Path to avoid infinite loops (gh-122905) without breaking contents using legitimate characters. Email headers with embedded newlines are now quoted on output. The generator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. For more information, see: https://pythoninsider.blogspot.com/2024/09/python-3130rc2-3126-31110-31015-3920.html https://www.cve.org/CVERecord?id=CVE-2024-28757 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://www.cve.org/CVERecord?id=CVE-2015-2104 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://www.cve.org/CVERecord?id=CVE-2024-6923 (* Security fix *)
2024-12-26 09:58:59 +01:00 · 2024-09-09 00:53:17 +00:00 · 2024-09-09 00:53:17 +00:00 · 8039a5b124
commit 8039a5b124
parent 382f07b69c
4 changed files with 107 additions and 23 deletions
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@ -11,9 +11,55 @@
      <description>Tracking Slackware development in git.</description>
      <language>en-us</language>
      <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Sat,  7 Sep 2024 18:16:12 GMT</pubDate>
-      <lastBuildDate>Sun,  8 Sep 2024 11:30:38 GMT</lastBuildDate>
+      <pubDate>Mon,  9 Sep 2024 00:53:17 GMT</pubDate>
+      <lastBuildDate>Mon,  9 Sep 2024 11:30:30 GMT</lastBuildDate>
      <generator>maintain_current_git.sh v 1.17</generator>
+      <item>
+         <title>Mon,  9 Sep 2024 00:53:17 GMT</title>
+         <pubDate>Mon,  9 Sep 2024 00:53:17 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20240909005317</link>
+         <guid isPermaLink="false">20240909005317</guid>
+         <description>
+           <![CDATA[<pre>
+patches/packages/python3-3.9.20-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  Bundled libexpat was updated to 2.6.3.
+  Fix quadratic complexity in parsing "-quoted cookie values with backslashes
+  by http.cookies.
+  Fixed various false positives and false negatives in IPv4Address.is_private,
+  IPv4Address.is_global, IPv6Address.is_private, IPv6Address.is_global.
+  Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIs with
+  path starting with multiple slashes and no authority.
+  Remove backtracking from tarfile header parsing for hdrcharset, PAX, and
+  GNU sparse headers.
+  email.utils.getaddresses() and email.utils.parseaddr() now return ('', '')
+  2-tuples in more situations where invalid email addresses are encountered
+  instead of potentially inaccurate values. Add optional strict parameter to
+  these two functions: use strict=False to get the old behavior, accept
+  malformed inputs. getattr(email.utils, 'supports_strict_parsing', False) can
+  be used to check if the strict paramater is available.
+  Sanitize names in zipfile.Path to avoid infinite loops (gh-122905) without
+  breaking contents using legitimate characters.
+  Email headers with embedded newlines are now quoted on output. The generator
+  will now refuse to serialize (write) headers that are unsafely folded or
+  delimited; see verify_generated_headers.
+  For more information, see:
+    https://pythoninsider.blogspot.com/2024/09/python-3130rc2-3126-31110-31015-3920.html
+    https://www.cve.org/CVERecord?id=CVE-2024-28757
+    https://www.cve.org/CVERecord?id=CVE-2024-45490
+    https://www.cve.org/CVERecord?id=CVE-2024-45491
+    https://www.cve.org/CVERecord?id=CVE-2024-45492
+    https://www.cve.org/CVERecord?id=CVE-2024-7592
+    https://www.cve.org/CVERecord?id=CVE-2024-4032
+    https://www.cve.org/CVERecord?id=CVE-2015-2104
+    https://www.cve.org/CVERecord?id=CVE-2024-6232
+    https://www.cve.org/CVERecord?id=CVE-2023-27043
+    https://www.cve.org/CVERecord?id=CVE-2024-8088
+    https://www.cve.org/CVERecord?id=CVE-2024-6923
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
      <item>
         <title>Sat,  7 Sep 2024 18:16:12 GMT</title>
         <pubDate>Sat,  7 Sep 2024 18:16:12 GMT</pubDate>
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -1,3 +1,41 @@
+Mon Sep  9 00:53:17 UTC 2024
+patches/packages/python3-3.9.20-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  Bundled libexpat was updated to 2.6.3.
+  Fix quadratic complexity in parsing "-quoted cookie values with backslashes
+  by http.cookies.
+  Fixed various false positives and false negatives in IPv4Address.is_private,
+  IPv4Address.is_global, IPv6Address.is_private, IPv6Address.is_global.
+  Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIs with
+  path starting with multiple slashes and no authority.
+  Remove backtracking from tarfile header parsing for hdrcharset, PAX, and
+  GNU sparse headers.
+  email.utils.getaddresses() and email.utils.parseaddr() now return ('', '')
+  2-tuples in more situations where invalid email addresses are encountered
+  instead of potentially inaccurate values. Add optional strict parameter to
+  these two functions: use strict=False to get the old behavior, accept
+  malformed inputs. getattr(email.utils, 'supports_strict_parsing', False) can
+  be used to check if the strict paramater is available.
+  Sanitize names in zipfile.Path to avoid infinite loops (gh-122905) without
+  breaking contents using legitimate characters.
+  Email headers with embedded newlines are now quoted on output. The generator
+  will now refuse to serialize (write) headers that are unsafely folded or
+  delimited; see verify_generated_headers.
+  For more information, see:
+    https://pythoninsider.blogspot.com/2024/09/python-3130rc2-3126-31110-31015-3920.html
+    https://www.cve.org/CVERecord?id=CVE-2024-28757
+    https://www.cve.org/CVERecord?id=CVE-2024-45490
+    https://www.cve.org/CVERecord?id=CVE-2024-45491
+    https://www.cve.org/CVERecord?id=CVE-2024-45492
+    https://www.cve.org/CVERecord?id=CVE-2024-7592
+    https://www.cve.org/CVERecord?id=CVE-2024-4032
+    https://www.cve.org/CVERecord?id=CVE-2015-2104
+    https://www.cve.org/CVERecord?id=CVE-2024-6232
+    https://www.cve.org/CVERecord?id=CVE-2023-27043
+    https://www.cve.org/CVERecord?id=CVE-2024-8088
+    https://www.cve.org/CVERecord?id=CVE-2024-6923
+  (* Security fix *)
+--------------------------+
 Sat Sep  7 18:16:12 UTC 2024
 patches/packages/glibc-zoneinfo-2024b-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
@ -1,20 +1,20 @@
-Sat Sep  7 18:19:05 UTC 2024
+Mon Sep  9 00:57:06 UTC 2024

 Here is the file list for this directory.  If you are using a 
 mirror site and find missing or extra files in the disk 
 subdirectories, please have the archive administrator refresh
 the mirror.

-drwxr-xr-x  12 root root      4096 2024-09-07 18:16 .
+drwxr-xr-x  12 root root      4096 2024-09-09 00:53 .
 -rw-r--r--   1 root root      5767 2022-02-02 22:44 ./ANNOUNCE.15.0
 -rw-r--r--   1 root root     16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
-rw-r--r--   1 root root   1256124 2024-09-06 19:26 ./CHECKSUMS.md5
-rw-r--r--   1 root root       195 2024-09-06 19:26 ./CHECKSUMS.md5.asc
+-rw-r--r--   1 root root   1256124 2024-09-07 18:19 ./CHECKSUMS.md5
+-rw-r--r--   1 root root       195 2024-09-07 18:19 ./CHECKSUMS.md5.asc
 -rw-r--r--   1 root root     17976 1994-06-10 02:28 ./COPYING
 -rw-r--r--   1 root root     35147 2007-06-30 04:21 ./COPYING3
 -rw-r--r--   1 root root     19573 2016-06-23 20:08 ./COPYRIGHT.TXT
 -rw-r--r--   1 root root       616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
-rw-r--r--   1 root root   2155266 2024-09-07 18:16 ./ChangeLog.txt
+-rw-r--r--   1 root root   2157412 2024-09-09 00:53 ./ChangeLog.txt
 drwxr-xr-x   3 root root      4096 2013-03-20 22:17 ./EFI
 drwxr-xr-x   2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rw-r--r--   1 root root   1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@ -25,7 +25,7 @@ drwxr-xr-x   2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rwxr-xr-x   1 root root      2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
 -rw-r--r--   1 root root     10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
 -rw-r--r--   1 root root      1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
-rw-r--r--   1 root root   1646333 2024-09-06 19:25 ./FILELIST.TXT
+-rw-r--r--   1 root root   1646333 2024-09-07 18:19 ./FILELIST.TXT
 -rw-r--r--   1 root root      1572 2012-08-29 18:27 ./GPG-KEY
 -rw-r--r--   1 root root    864745 2022-02-02 08:25 ./PACKAGES.TXT
 -rw-r--r--   1 root root      8034 2022-02-02 03:36 ./README.TXT
@ -832,13 +832,13 @@ drwxr-xr-x   2 root root      4096 2022-12-17 19:52 ./pasture/source/samba
 -rw-r--r--   1 root root      7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default
 -rw-r--r--   1 root root      7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig
 -rw-r--r--   1 root root       536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz
-drwxr-xr-x   4 root root      4096 2024-09-07 18:19 ./patches
-rw-r--r--   1 root root    134549 2024-09-07 18:19 ./patches/CHECKSUMS.md5
-rw-r--r--   1 root root       195 2024-09-07 18:19 ./patches/CHECKSUMS.md5.asc
-rw-r--r--   1 root root    185671 2024-09-07 18:18 ./patches/FILE_LIST
-rw-r--r--   1 root root  18212409 2024-09-07 18:18 ./patches/MANIFEST.bz2
-rw-r--r--   1 root root     93545 2024-09-07 18:19 ./patches/PACKAGES.TXT
-drwxr-xr-x   7 root root     32768 2024-09-07 18:18 ./patches/packages
+drwxr-xr-x   4 root root      4096 2024-09-09 00:57 ./patches
+-rw-r--r--   1 root root    134549 2024-09-09 00:57 ./patches/CHECKSUMS.md5
+-rw-r--r--   1 root root       195 2024-09-09 00:57 ./patches/CHECKSUMS.md5.asc
+-rw-r--r--   1 root root    185671 2024-09-09 00:57 ./patches/FILE_LIST
+-rw-r--r--   1 root root  18216362 2024-09-09 00:57 ./patches/MANIFEST.bz2
+-rw-r--r--   1 root root     93545 2024-09-09 00:57 ./patches/PACKAGES.TXT
+drwxr-xr-x   7 root root     32768 2024-09-09 00:56 ./patches/packages
 -rw-r--r--   1 root root       360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root   2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc
@ -1189,9 +1189,9 @@ drwxr-xr-x   2 root root      4096 2024-06-08 19:45 ./patches/packages/old-linux
 -rw-r--r--   1 root root       371 2023-12-20 20:35 ./patches/packages/proftpd-1.3.8b-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root   1392708 2023-12-20 20:35 ./patches/packages/proftpd-1.3.8b-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2023-12-20 20:35 ./patches/packages/proftpd-1.3.8b-x86_64-1_slack15.0.txz.asc
-rw-r--r--   1 root root       664 2024-03-20 19:45 ./patches/packages/python3-3.9.19-x86_64-1_slack15.0.txt
-rw-r--r--   1 root root  19164220 2024-03-20 19:45 ./patches/packages/python3-3.9.19-x86_64-1_slack15.0.txz
-rw-r--r--   1 root root       195 2024-03-20 19:45 ./patches/packages/python3-3.9.19-x86_64-1_slack15.0.txz.asc
+-rw-r--r--   1 root root       664 2024-09-08 18:22 ./patches/packages/python3-3.9.20-x86_64-1_slack15.0.txt
+-rw-r--r--   1 root root  19179024 2024-09-08 18:22 ./patches/packages/python3-3.9.20-x86_64-1_slack15.0.txz
+-rw-r--r--   1 root root       195 2024-09-08 18:22 ./patches/packages/python3-3.9.20-x86_64-1_slack15.0.txz.asc
 -rw-r--r--   1 root root       260 2022-03-20 22:36 ./patches/packages/qt5-5.15.3_20220318_e507d3e5-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root  99025556 2022-03-20 22:36 ./patches/packages/qt5-5.15.3_20220318_e507d3e5-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2022-03-20 22:36 ./patches/packages/qt5-5.15.3_20220318_e507d3e5-x86_64-1_slack15.0.txz.asc
@ -1297,7 +1297,7 @@ drwxr-xr-x   2 root root      4096 2024-06-08 19:45 ./patches/packages/old-linux
 -rw-r--r--   1 root root       463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root    459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc
-drwxr-xr-x 125 root root      4096 2024-09-07 18:10 ./patches/source
+drwxr-xr-x 125 root root      4096 2024-09-08 18:33 ./patches/source
 drwxr-xr-x   2 root root      4096 2023-09-26 19:22 ./patches/source/Cython
 -rw-r--r--   1 root root   1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz
 -rwxr-xr-x   1 root root      3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild
@ -2336,11 +2336,11 @@ drwxr-xr-x   2 root root      4096 2017-04-20 21:08 ./patches/source/proftpd/etc
 -rw-r--r--   1 root root  13966952 2023-12-20 04:42 ./patches/source/proftpd/proftpd-1.3.8b.tar.xz
 -rwxr-xr-x   1 root root      4774 2023-12-20 20:34 ./patches/source/proftpd/proftpd.SlackBuild
 -rw-r--r--   1 root root       826 2018-02-27 06:13 ./patches/source/proftpd/slack-desc
-drwxr-xr-x   2 root root      4096 2024-03-20 19:43 ./patches/source/python3
-rw-r--r--   1 root root  19682840 2024-03-19 16:16 ./patches/source/python3/Python-3.9.19.tar.xz
-rw-r--r--   1 root root       833 2024-03-19 16:16 ./patches/source/python3/Python-3.9.19.tar.xz.asc
+drwxr-xr-x   2 root root      4096 2024-09-08 18:20 ./patches/source/python3
+-rw-r--r--   1 root root  19648968 2024-09-06 19:46 ./patches/source/python3/Python-3.9.20.tar.xz
+-rw-r--r--   1 root root       833 2024-09-07 10:25 ./patches/source/python3/Python-3.9.20.tar.xz.asc
 -rw-r--r--   1 root root       890 2017-01-12 20:00 ./patches/source/python3/README
-rw-r--r--   1 root root   2551396 2024-03-19 16:13 ./patches/source/python3/python-3.9.19-docs-text.tar.bz2
+-rw-r--r--   1 root root   2553492 2024-09-06 19:50 ./patches/source/python3/python-3.9.20-docs-text.tar.bz2
 -rw-r--r--   1 root root       372 2021-11-20 19:27 ./patches/source/python3/python.sysconfig.py.x86_64.diff.gz
 -rwxr-xr-x   1 root root      6380 2023-06-08 19:59 ./patches/source/python3/python3.SlackBuild
 -rw-r--r--   1 root root       495 2020-10-24 22:31 ./patches/source/python3/python3.distutils.x86_64.diff.gz
--- a/patches/packages/python3-3.9.20-x86_64-1_slack15.0.txt
+++ b/patches/packages/python3-3.9.20-x86_64-1_slack15.0.txt