FreeBSD: VID-d86becfe-05a4-11ee-9d4a-080027eda32c (CVE-2023-0466): Python -- multiple vulnerabilities

Python reports: gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727). gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329. gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with shell=True. gh-103935: trace.__main__ now uses io.open_code() for files to be executed instead of raw open(). gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. gh-102126: Fixed a deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. gh-100892: Fixed a crash due to a race while iterating over thread states in clearing threading.local.