[Buildroot] [git commit branch/2021.02.x] package/python-twisted: security bump to version 22.2.0

From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org
Subject: [Buildroot] [git commit branch/2021.02.x] package/python-twisted: security bump to version 22.2.0
Date: Sun, 27 Mar 2022 22:36:01 +0200	[thread overview]
Message-ID: <20220327202704.26C8285EB7@busybox.osuosl.org> (raw)

commit: https://git.buildroot.net/buildroot/commit/?id=14d329ee1c52563d46165dadd06e923444a01594
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.02.x

Fix CVE-2022-21716: Twisted is an event-based framework for internet
applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH
client and server implement is able to accept an infinite amount of data
for the peer's SSH version identifier. This ends up with a buffer using
all the available memory. The attach is a simple as `nc -rv localhost 22
< /dev/zero`. A patch is available in version 22.2.0. There are
currently no known workarounds.

https://github.com/twisted/twisted/releases/tag/twisted-22.2.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 92a3ca0932155498747c46d6f902a939d55c39f4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/python-twisted/python-twisted.hash | 4 ++--
 package/python-twisted/python-twisted.mk   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/python-twisted/python-twisted.hash b/package/python-twisted/python-twisted.hash
index 8f0935e4f0..63da0125b8 100644
--- a/package/python-twisted/python-twisted.hash
+++ b/package/python-twisted/python-twisted.hash
@@ -1,5 +1,5 @@
 # md5, sha256 from https://pypi.org/pypi/twisted/json
-md5  c818cb1ab241dc249517442e5a0e0412  Twisted-22.1.0.tar.gz
-sha256  b7971ec9805b0f80e1dcb1a3721d7bfad636d5f909de687430ce373979d67b61  Twisted-22.1.0.tar.gz
+md5  fd252d0b895ca2ab81b5b1454073d890  Twisted-22.2.0.tar.gz
+sha256  57f32b1f6838facb8c004c89467840367ad38e9e535f8252091345dba500b4f2  Twisted-22.2.0.tar.gz
 # Locally computed sha256
 sha256  686f6426a775450eb3afd00bc3a5c2621f305ddb9c8478ee9bf28a368ef2dece  LICENSE
diff --git a/package/python-twisted/python-twisted.mk b/package/python-twisted/python-twisted.mk
index 8e867cfb58..e5d643ec05 100644
--- a/package/python-twisted/python-twisted.mk
+++ b/package/python-twisted/python-twisted.mk
@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-PYTHON_TWISTED_VERSION = 22.1.0
+PYTHON_TWISTED_VERSION = 22.2.0
 PYTHON_TWISTED_SOURCE = Twisted-$(PYTHON_TWISTED_VERSION).tar.gz
-PYTHON_TWISTED_SITE = https://files.pythonhosted.org/packages/77/b8/8108806ebf2b33654989fd1511281dc94a49fa7e03326d84fe5498ecfae4
+PYTHON_TWISTED_SITE = https://files.pythonhosted.org/packages/40/8b/56e8870d412c550b3ff2d6714ee212c7e80a6634f4e720c3a26a983e7b46
 PYTHON_TWISTED_SETUP_TYPE = setuptools
 PYTHON_TWISTED_LICENSE = MIT
 PYTHON_TWISTED_LICENSE_FILES = LICENSE
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
