* [PATCHv2] python3: update to version 3.5.5 to fix security issues
@ 2018-03-11 22:18 Derek Straka
2018-03-15 16:25 ` Alexander Kanavin
0 siblings, 1 reply; 11+ messages in thread
From: Derek Straka @ 2018-03-11 22:18 UTC (permalink / raw)
To: openembedded-core
License-Update: checksum change is due to bump in copyright year
Resolves CVE-2017-1000158 and other potential security issues
See https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-5-final
Signed-off-by: Derek Straka <derek@asterius.io>
---
meta/recipes-devtools/python/{python3_3.5.4.bb => python3_3.5.5.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-devtools/python/{python3_3.5.4.bb => python3_3.5.5.bb} (98%)
diff --git a/meta/recipes-devtools/python/python3_3.5.4.bb b/meta/recipes-devtools/python/python3_3.5.5.bb
similarity index 98%
rename from meta/recipes-devtools/python/python3_3.5.4.bb
rename to meta/recipes-devtools/python/python3_3.5.5.bb
index a94d009..8150dd6 100644
--- a/meta/recipes-devtools/python/python3_3.5.4.bb
+++ b/meta/recipes-devtools/python/python3_3.5.5.bb
@@ -38,10 +38,10 @@ SRC_URI += "\
file://0001-Issue-21272-Use-_sysconfigdata.py-to-initialize-dist.patch \
file://pass-missing-libraries-to-Extension-for-mul.patch \
"
-SRC_URI[md5sum] = "fb2780baa260b4e51cbea814f111f303"
-SRC_URI[sha256sum] = "94d93bfabb3b109f8a10365a325f920f9ec98c6e2380bf228f9700a14054c84c"
+SRC_URI[md5sum] = "f3763edf9824d5d3a15f5f646083b6e0"
+SRC_URI[sha256sum] = "063d2c3b0402d6191b90731e0f735c64830e7522348aeb7ed382a83165d45009"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f741e51de91d4eeea5930b9c3c7fa69d"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=b6ec515b22618f55fa07276b897bacea"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
--
2.7.4
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCHv2] python3: update to version 3.5.5 to fix security issues
2018-03-11 22:18 [PATCHv2] python3: update to version 3.5.5 to fix security issues Derek Straka
@ 2018-03-15 16:25 ` Alexander Kanavin
2018-03-15 16:37 ` Derek Straka
2018-03-15 16:41 ` Burton, Ross
0 siblings, 2 replies; 11+ messages in thread
From: Alexander Kanavin @ 2018-03-15 16:25 UTC (permalink / raw)
To: Derek Straka, openembedded-core
On 03/12/2018 12:18 AM, Derek Straka wrote:
> License-Update: checksum change is due to bump in copyright year
>
> Resolves CVE-2017-1000158 and other potential security issues
>
> See https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-5-final
>
> Signed-off-by: Derek Straka <derek@asterius.io>
> ---
> meta/recipes-devtools/python/{python3_3.5.4.bb => python3_3.5.5.bb} | 6 +++---
python3-native should be updated at the same time, please do so.
Alex
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCHv2] python3: update to version 3.5.5 to fix security issues
2018-03-15 16:37 ` Derek Straka
@ 2018-03-15 16:31 ` Alexander Kanavin
2018-03-15 17:00 ` Derek Straka
2018-03-15 17:06 ` Alexander Kanavin
1 sibling, 1 reply; 11+ messages in thread
From: Alexander Kanavin @ 2018-03-15 16:31 UTC (permalink / raw)
To: Derek Straka; +Cc: openembedded-core
On 03/15/2018 06:37 PM, Derek Straka wrote:
> Definitely. I just didn't do the git add. I'll send out the v2
> shortly. Thanks for catching that!
The change is already in master, so you need to rebase.
Alex
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCHv2] python3: update to version 3.5.5 to fix security issues
2018-03-15 16:25 ` Alexander Kanavin
@ 2018-03-15 16:37 ` Derek Straka
2018-03-15 16:31 ` Alexander Kanavin
2018-03-15 17:06 ` Alexander Kanavin
2018-03-15 16:41 ` Burton, Ross
1 sibling, 2 replies; 11+ messages in thread
From: Derek Straka @ 2018-03-15 16:37 UTC (permalink / raw)
To: Alexander Kanavin; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 723 bytes --]
Definitely. I just didn't do the git add. I'll send out the v2 shortly.
Thanks for catching that!
On Thu, Mar 15, 2018 at 12:25 PM, Alexander Kanavin <
alexander.kanavin@linux.intel.com> wrote:
> On 03/12/2018 12:18 AM, Derek Straka wrote:
>
>> License-Update: checksum change is due to bump in copyright year
>>
>> Resolves CVE-2017-1000158 and other potential security issues
>>
>> See https://docs.python.org/3.5/whatsnew/changelog.html#python-
>> 3-5-5-final
>>
>> Signed-off-by: Derek Straka <derek@asterius.io>
>> ---
>> meta/recipes-devtools/python/{python3_3.5.4.bb => python3_3.5.5.bb} |
>> 6 +++---
>>
>
> python3-native should be updated at the same time, please do so.
>
> Alex
>
[-- Attachment #2: Type: text/html, Size: 1500 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCHv2] python3: update to version 3.5.5 to fix security issues
2018-03-15 16:25 ` Alexander Kanavin
2018-03-15 16:37 ` Derek Straka
@ 2018-03-15 16:41 ` Burton, Ross
1 sibling, 0 replies; 11+ messages in thread
From: Burton, Ross @ 2018-03-15 16:41 UTC (permalink / raw)
To: Alexander Kanavin; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 897 bytes --]
Whoops, didn't notice that on my review. Thanks for spotting Alex.
Ross
On 15 March 2018 at 16:25, Alexander Kanavin <
alexander.kanavin@linux.intel.com> wrote:
> On 03/12/2018 12:18 AM, Derek Straka wrote:
>
>> License-Update: checksum change is due to bump in copyright year
>>
>> Resolves CVE-2017-1000158 and other potential security issues
>>
>> See https://docs.python.org/3.5/whatsnew/changelog.html#python-
>> 3-5-5-final
>>
>> Signed-off-by: Derek Straka <derek@asterius.io>
>> ---
>> meta/recipes-devtools/python/{python3_3.5.4.bb => python3_3.5.5.bb} |
>> 6 +++---
>>
>
> python3-native should be updated at the same time, please do so.
>
> Alex
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
[-- Attachment #2: Type: text/html, Size: 1978 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCHv2] python3: update to version 3.5.5 to fix security issues
2018-03-15 16:31 ` Alexander Kanavin
@ 2018-03-15 17:00 ` Derek Straka
2018-03-15 17:02 ` Burton, Ross
0 siblings, 1 reply; 11+ messages in thread
From: Derek Straka @ 2018-03-15 17:00 UTC (permalink / raw)
To: Alexander Kanavin; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 480 bytes --]
I'll stop failing eventually... I'm surprised I didn't get a bounce from
the patch test script. In any case, I sent the native version.
On Thu, Mar 15, 2018 at 12:31 PM, Alexander Kanavin <
alexander.kanavin@linux.intel.com> wrote:
> On 03/15/2018 06:37 PM, Derek Straka wrote:
>
>> Definitely. I just didn't do the git add. I'll send out the v2
>> shortly. Thanks for catching that!
>>
>
> The change is already in master, so you need to rebase.
>
> Alex
>
[-- Attachment #2: Type: text/html, Size: 949 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCHv2] python3: update to version 3.5.5 to fix security issues
2018-03-15 17:00 ` Derek Straka
@ 2018-03-15 17:02 ` Burton, Ross
0 siblings, 0 replies; 11+ messages in thread
From: Burton, Ross @ 2018-03-15 17:02 UTC (permalink / raw)
To: Derek Straka; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 295 bytes --]
On 15 March 2018 at 17:00, Derek Straka <derek@asterius.io> wrote:
> I'll stop failing eventually... I'm surprised I didn't get a bounce from
> the patch test script. In any case, I sent the native version.
>
>
Git does the right thing and does the merge, so the patch applies.
Ross
[-- Attachment #2: Type: text/html, Size: 735 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCHv2] python3: update to version 3.5.5 to fix security issues
2018-03-15 16:37 ` Derek Straka
2018-03-15 16:31 ` Alexander Kanavin
@ 2018-03-15 17:06 ` Alexander Kanavin
2018-03-15 17:16 ` Derek Straka
1 sibling, 1 reply; 11+ messages in thread
From: Alexander Kanavin @ 2018-03-15 17:06 UTC (permalink / raw)
To: Derek Straka; +Cc: openembedded-core
On 03/15/2018 06:37 PM, Derek Straka wrote:
> Definitely. I just didn't do the git add. I'll send out the v2
> shortly. Thanks for catching that!
While we're on the subject of python upgrades, I'd like to ask, what
kind of plan do you have for 3.6/3.7? Is anything in progress? When you
have some kind of patch ready, we can test it on the autobuilder to iron
out the issues, and have it ready for when oe-core master reopens for
version updates.
(I also think that at this point it makes sense to go straight to 3.7
and test with various pre-release versions)
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCHv2] python3: update to version 3.5.5 to fix security issues
2018-03-15 17:06 ` Alexander Kanavin
@ 2018-03-15 17:16 ` Derek Straka
2018-03-16 5:06 ` Tim Orling
0 siblings, 1 reply; 11+ messages in thread
From: Derek Straka @ 2018-03-15 17:16 UTC (permalink / raw)
To: Alexander Kanavin; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 922 bytes --]
I'm about half through the 3.6 updates. I was hoping to get time in the
next two weeks to finish it up. I can just look at going to 3.7 if that's
preferred. I don't have a personal preference at this point.
On Thu, Mar 15, 2018 at 1:06 PM, Alexander Kanavin <
alexander.kanavin@linux.intel.com> wrote:
> On 03/15/2018 06:37 PM, Derek Straka wrote:
>
>> Definitely. I just didn't do the git add. I'll send out the v2
>> shortly. Thanks for catching that!
>>
>
> While we're on the subject of python upgrades, I'd like to ask, what kind
> of plan do you have for 3.6/3.7? Is anything in progress? When you have
> some kind of patch ready, we can test it on the autobuilder to iron out the
> issues, and have it ready for when oe-core master reopens for version
> updates.
>
> (I also think that at this point it makes sense to go straight to 3.7 and
> test with various pre-release versions)
>
[-- Attachment #2: Type: text/html, Size: 1403 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCHv2] python3: update to version 3.5.5 to fix security issues
2018-03-15 17:16 ` Derek Straka
@ 2018-03-16 5:06 ` Tim Orling
2018-03-16 10:44 ` Alexander Kanavin
0 siblings, 1 reply; 11+ messages in thread
From: Tim Orling @ 2018-03-16 5:06 UTC (permalink / raw)
To: Derek Straka; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 1842 bytes --]
I looked into 3.6 as well, but the sheer number of patches we apply is a
pain point to rebase.
I am inclined to vote for 3.6 first and pick up 3.7 when it matures a bit
and is more widely supported. I have fears of rather massive failures in
our python ecosystem (especially in meta-python). Perhaps backward
compatibility will be there, but I need to be convinced. If 3.7 is widely
the _default_ in traditional distros we support, then I will sing a
different tune. Also, I hope to have a ptest strategy for python by the end
of 2.6, which would dramatically increase my comfort level.
—Tim
On Thu, Mar 15, 2018 at 10:17 AM Derek Straka <derek@asterius.io> wrote:
> I'm about half through the 3.6 updates. I was hoping to get time in the
> next two weeks to finish it up. I can just look at going to 3.7 if that's
> preferred. I don't have a personal preference at this point.
>
> On Thu, Mar 15, 2018 at 1:06 PM, Alexander Kanavin <
> alexander.kanavin@linux.intel.com> wrote:
>
>> On 03/15/2018 06:37 PM, Derek Straka wrote:
>>
>>> Definitely. I just didn't do the git add. I'll send out the v2
>>> shortly. Thanks for catching that!
>>>
>>
>> While we're on the subject of python upgrades, I'd like to ask, what kind
>> of plan do you have for 3.6/3.7? Is anything in progress? When you have
>> some kind of patch ready, we can test it on the autobuilder to iron out the
>> issues, and have it ready for when oe-core master reopens for version
>> updates.
>>
>> (I also think that at this point it makes sense to go straight to 3.7 and
>> test with various pre-release versions)
>>
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
[-- Attachment #2: Type: text/html, Size: 2690 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCHv2] python3: update to version 3.5.5 to fix security issues
2018-03-16 5:06 ` Tim Orling
@ 2018-03-16 10:44 ` Alexander Kanavin
0 siblings, 0 replies; 11+ messages in thread
From: Alexander Kanavin @ 2018-03-16 10:44 UTC (permalink / raw)
To: Tim Orling, Derek Straka; +Cc: openembedded-core
On 03/16/2018 07:06 AM, Tim Orling wrote:
> I looked into 3.6 as well, but the sheer number of patches we apply is a
> pain point to rebase.
>
> I am inclined to vote for 3.6 first and pick up 3.7 when it matures a
> bit and is more widely supported. I have fears of rather massive
> failures in our python ecosystem (especially in meta-python). Perhaps
> backward compatibility will be there, but I need to be convinced. If 3.7
> is widely the _default_ in traditional distros we support, then I will
> sing a different tune. Also, I hope to have a ptest strategy for python
> by the end of 2.6, which would dramatically increase my comfort level.
Perhaps we can provide both and default to 3.6? Eventually we will have
to transition to 3.7, and I think it might be easier if it's widely
available in oe-core, even if it has known (or unknown) issues and is
off by default. We can then periodically test 3.7 on the AB etc, to
assess where things are.
Alex
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2018-03-16 10:51 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-11 22:18 [PATCHv2] python3: update to version 3.5.5 to fix security issues Derek Straka
2018-03-15 16:25 ` Alexander Kanavin
2018-03-15 16:37 ` Derek Straka
2018-03-15 16:31 ` Alexander Kanavin
2018-03-15 17:00 ` Derek Straka
2018-03-15 17:02 ` Burton, Ross
2018-03-15 17:06 ` Alexander Kanavin
2018-03-15 17:16 ` Derek Straka
2018-03-16 5:06 ` Tim Orling
2018-03-16 10:44 ` Alexander Kanavin
2018-03-15 16:41 ` Burton, Ross
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.