Rebased two patches.
Changelog:
https://docs.python.org/release/3.11.4/whatsnew/changelog.html#python-3-11-4
Fixes the following security problems:
- gh-99889: Fixed a security in flaw in uu.decode() that could allow for
directory traversal based on the input if no out_file was specified.
- gh-104049: Do not expose the local on-disk location in directory
indexes produced by http.client.SimpleHTTPRequestHandler.
- gh-102153: urllib.parse.urlsplit() now strips leading C0 control and
space characters following the specification for URLs defined by WHATWG
in response to CVE-2023-24329. Patch by Illia Volochii.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
