* [Buildroot] [git commit branch/2021.02.x] package/python3: security bump to version 3.9.7
@ 2021-09-10 9:59 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2021-09-10 9:59 UTC (permalink / raw)
To: buildroot
[-- Attachment #1: Type: text/plain, Size: 2670 bytes --]
commit: https://git.buildroot.net/buildroot/commit/?id=79bfe255e915d621deb1294d64bb1cbc32c5bdff
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.02.x
Fixes the following security issues:
- bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to
avoid a potential race condition.
- bpo-41180: Add auditing events to the marshal module, and stop raising
code.__init__ events for every unmarshalled code object. Directly
instantiated code objects will continue to raise an event, and audit event
handlers should inspect or collect the raw marshal data. This reduces a
significant performance overhead when loading from .pyc files.
- bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to
get the fix for the CVE-2013-0340 âBillion Laughsâ vulnerability. This
copy is most used on Windows and macOS.
- bpo-43124: Made the internal putcmd function in smtplib sanitize input for
presence of \r and \n characters to avoid (unlikely) command injection.
https://www.python.org/downloads/release/python-397/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c8bf903e7acbedf54c1dd66d5fad6fa624329c80)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/python3/python3.hash | 6 +++---
package/python3/python3.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/python3/python3.hash b/package/python3/python3.hash
index 36e89a0678..444dbd982a 100644
--- a/package/python3/python3.hash
+++ b/package/python3/python3.hash
@@ -1,5 +1,5 @@
-# From https://www.python.org/downloads/release/python-396/
-md5 ecc29a7688f86e550d29dba2ee66cf80 Python-3.9.6.tar.xz
+# From https://www.python.org/downloads/release/python-397/
+md5 fddb060b483bc01850a3f412eea1d954 Python-3.9.7.tar.xz
# Locally computed
-sha256 397920af33efc5b97f2e0b57e91923512ef89fc5b3c1d21dbfc8c4828ce0108a Python-3.9.6.tar.xz
+sha256 f8145616e68c00041d1a6399b76387390388f8359581abc24432bb969b5e3c57 Python-3.9.7.tar.xz
sha256 599826df92bfdcd2702eac691072498bb096c55af04ee984cf90f70ed77b5a70 LICENSE
diff --git a/package/python3/python3.mk b/package/python3/python3.mk
index c289d41dea..0fab0dd9ba 100644
--- a/package/python3/python3.mk
+++ b/package/python3/python3.mk
@@ -5,7 +5,7 @@
################################################################################
PYTHON3_VERSION_MAJOR = 3.9
-PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).6
+PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).7
PYTHON3_SOURCE = Python-$(PYTHON3_VERSION).tar.xz
PYTHON3_SITE = https://python.org/ftp/python/$(PYTHON3_VERSION)
PYTHON3_LICENSE = Python-2.0, others
[-- Attachment #2: Type: text/plain, Size: 156 bytes --]
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-09-10 10:02 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-10 9:59 [Buildroot] [git commit branch/2021.02.x] package/python3: security bump to version 3.9.7 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.