* [Buildroot] [PATCH 1/1] package/python3: security bump to version 3.10.7
@ 2022-09-13 12:07 Lang Daniel via buildroot
2022-09-13 12:39 ` Peter Korsgaard
2022-09-18 21:16 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Lang Daniel via buildroot @ 2022-09-13 12:07 UTC (permalink / raw)
To: buildroot; +Cc: Thomas Petazzoni, Asaf Kahlon
Fix CVE-2020-10735
https://github.com/python/cpython/blob/v3.10.7/Misc/NEWS.d/3.10.7.rst
Signed-off-by: Daniel Lang <d.lang@abatec.at>
---
...b-crypt-uClibc-ng-doesn-t-set-errno-when-encryptio.patch | 6 ++++--
package/python3/python3.hash | 2 +-
package/python3/python3.mk | 2 +-
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/package/python3/0032-lib-crypt-uClibc-ng-doesn-t-set-errno-when-encryptio.patch b/package/python3/0032-lib-crypt-uClibc-ng-doesn-t-set-errno-when-encryptio.patch
index 880277eb1d..0458283c18 100644
--- a/package/python3/0032-lib-crypt-uClibc-ng-doesn-t-set-errno-when-encryptio.patch
+++ b/package/python3/0032-lib-crypt-uClibc-ng-doesn-t-set-errno-when-encryptio.patch
@@ -16,6 +16,8 @@ https://gitlab.com/buildroot.org/buildroot/-/jobs/830981979
[2] https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libcrypt/crypt.c?h=v1.0.36#n29
Signed-off-by: Romain Naour <romain.naour@gmail.com>
+[Daniel: updated for 3.10.7]
+Signed-off-by: Daniel Lang <d.lang@abatec.at>
---
Lib/crypt.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
@@ -28,10 +30,10 @@ index 33dbc46bb3..4692a5270c 100644
result = crypt('', salt)
except OSError as e:
# Not all libc libraries support all encryption methods.
-- if e.errno == errno.EINVAL:
+- if e.errno in {errno.EINVAL, errno.EPERM, errno.ENOSYS}:
+ # Not all libc libraries set errno when encryption method is not
+ # available.
-+ if e.errno == errno.EINVAL or e.errno == 0:
++ if e.errno in {errno.EINVAL, errno.EPERM, errno.ENOSYS} or e.errno == 0:
return False
raise
if result and len(result) == method.total_size:
diff --git a/package/python3/python3.hash b/package/python3/python3.hash
index 596f3e7c18..c625e7a8ea 100644
--- a/package/python3/python3.hash
+++ b/package/python3/python3.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 f795ff87d11d4b0c7c33bc8851b0c28648d8a4583aa2100a98c22b4326b6d3f3 Python-3.10.6.tar.xz
+sha256 6eed8415b7516fb2f260906db5d48dd4c06acc0cb24a7d6cc15296a604dcdc48 Python-3.10.7.tar.xz
sha256 f03e17cd594c2085f66a454e695c7ebe5b4d3c0eff534f4f194abc2fd164621b LICENSE
diff --git a/package/python3/python3.mk b/package/python3/python3.mk
index e34e7d1750..b7df26781a 100644
--- a/package/python3/python3.mk
+++ b/package/python3/python3.mk
@@ -5,7 +5,7 @@
################################################################################
PYTHON3_VERSION_MAJOR = 3.10
-PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).6
+PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).7
PYTHON3_SOURCE = Python-$(PYTHON3_VERSION).tar.xz
PYTHON3_SITE = https://python.org/ftp/python/$(PYTHON3_VERSION)
PYTHON3_LICENSE = Python-2.0, others
--
2.25.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/python3: security bump to version 3.10.7
2022-09-13 12:07 [Buildroot] [PATCH 1/1] package/python3: security bump to version 3.10.7 Lang Daniel via buildroot
@ 2022-09-13 12:39 ` Peter Korsgaard
2022-09-18 21:16 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-09-13 12:39 UTC (permalink / raw)
To: Lang Daniel via buildroot; +Cc: Lang Daniel, Asaf Kahlon, Thomas Petazzoni
>>>>> "Lang" == Lang Daniel via buildroot <buildroot@buildroot.org> writes:
> Fix CVE-2020-10735
> https://github.com/python/cpython/blob/v3.10.7/Misc/NEWS.d/3.10.7.rst
> Signed-off-by: Daniel Lang <d.lang@abatec.at>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/python3: security bump to version 3.10.7
2022-09-13 12:07 [Buildroot] [PATCH 1/1] package/python3: security bump to version 3.10.7 Lang Daniel via buildroot
2022-09-13 12:39 ` Peter Korsgaard
@ 2022-09-18 21:16 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-09-18 21:16 UTC (permalink / raw)
To: Lang Daniel via buildroot; +Cc: Lang Daniel, Asaf Kahlon, Thomas Petazzoni
>>>>> "Lang" == Lang Daniel via buildroot <buildroot@buildroot.org> writes:
> Fix CVE-2020-10735
> https://github.com/python/cpython/blob/v3.10.7/Misc/NEWS.d/3.10.7.rst
> Signed-off-by: Daniel Lang <d.lang@abatec.at>
Committed to 2022.02.x, 2022.05.x and 2022.08.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-09-18 21:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-13 12:07 [Buildroot] [PATCH 1/1] package/python3: security bump to version 3.10.7 Lang Daniel via buildroot
2022-09-13 12:39 ` Peter Korsgaard
2022-09-18 21:16 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.