From: "Steve Sakoman" <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 09/14] python3: upgrade 3.8.6 -> 3.8.7
Date: Mon, 28 Jun 2021 05:05:26 -1000 [thread overview]
Message-ID: <a90dde9b1800acf364fa272177945e0a4cbf6560.1624892565.git.steve@sakoman.com> (raw)
In-Reply-To: <cover.1624892565.git.steve@sakoman.com>
From: Tim Orling <timothy.t.orling@intel.com>
Release Date: Dec. 21, 2020
Note: The release you're looking at is Python 3.8.7, a bugfix release for the
legacy 3.8 series. Python 3.9 is now the latest feature release series of
Python 3.
* Drop patch for CVE-2020-27619 fixed in 3.8.7
References:
https://nvd.nist.gov/vuln/detail/CVE-2020-27619
https://www.python.org/downloads/release/python-387/
https://docs.python.org/release/3.8.7/whatsnew/changelog.html
Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../python/python3/CVE-2020-27619.patch | 70 -------------------
.../{python3_3.8.6.bb => python3_3.8.7.bb} | 5 +-
2 files changed, 2 insertions(+), 73 deletions(-)
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-27619.patch
rename meta/recipes-devtools/python/{python3_3.8.6.bb => python3_3.8.7.bb} (98%)
diff --git a/meta/recipes-devtools/python/python3/CVE-2020-27619.patch b/meta/recipes-devtools/python/python3/CVE-2020-27619.patch
deleted file mode 100644
index bafa1cb999..0000000000
--- a/meta/recipes-devtools/python/python3/CVE-2020-27619.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 6c6c256df3636ff6f6136820afaefa5a10a3ac33 Mon Sep 17 00:00:00 2001
-From: "Miss Skeleton (bot)" <31488909+miss-islington@users.noreply.github.com>
-Date: Tue, 6 Oct 2020 05:38:54 -0700
-Subject: [PATCH] bpo-41944: No longer call eval() on content received via HTTP
- in the CJK codec tests (GH-22566) (GH-22577)
-
-(cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8)
-
-Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
-
-Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
-
-Upstream-Status: Backport [https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33]
-CVE: CVE-2020-27619
-Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
----
- Lib/test/multibytecodec_support.py | 22 +++++++------------
- .../2020-10-05-17-43-46.bpo-41944.rf1dYb.rst | 1 +
- 2 files changed, 9 insertions(+), 14 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
-
-diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py
-index cca8af67d6d1d..f76c0153f5ecf 100644
---- a/Lib/test/multibytecodec_support.py
-+++ b/Lib/test/multibytecodec_support.py
-@@ -305,29 +305,23 @@ def test_mapping_file(self):
- self._test_mapping_file_plain()
-
- def _test_mapping_file_plain(self):
-- unichrs = lambda s: ''.join(map(chr, map(eval, s.split('+'))))
-+ def unichrs(s):
-+ return ''.join(chr(int(x, 16)) for x in s.split('+'))
-+
- urt_wa = {}
-
- with self.open_mapping_file() as f:
- for line in f:
- if not line:
- break
-- data = line.split('#')[0].strip().split()
-+ data = line.split('#')[0].split()
- if len(data) != 2:
- continue
-
-- csetval = eval(data[0])
-- if csetval <= 0x7F:
-- csetch = bytes([csetval & 0xff])
-- elif csetval >= 0x1000000:
-- csetch = bytes([(csetval >> 24), ((csetval >> 16) & 0xff),
-- ((csetval >> 8) & 0xff), (csetval & 0xff)])
-- elif csetval >= 0x10000:
-- csetch = bytes([(csetval >> 16), ((csetval >> 8) & 0xff),
-- (csetval & 0xff)])
-- elif csetval >= 0x100:
-- csetch = bytes([(csetval >> 8), (csetval & 0xff)])
-- else:
-+ if data[0][:2] != '0x':
-+ self.fail(f"Invalid line: {line!r}")
-+ csetch = bytes.fromhex(data[0][2:])
-+ if len(csetch) == 1 and 0x80 <= csetch[0]:
- continue
-
- unich = unichrs(data[1])
-diff --git a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
-new file mode 100644
-index 0000000000000..4f9782f1c85af
---- /dev/null
-+++ b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
-@@ -0,0 +1 @@
-+Tests for CJK codecs no longer call ``eval()`` on content received via HTTP.
diff --git a/meta/recipes-devtools/python/python3_3.8.6.bb b/meta/recipes-devtools/python/python3_3.8.7.bb
similarity index 98%
rename from meta/recipes-devtools/python/python3_3.8.6.bb
rename to meta/recipes-devtools/python/python3_3.8.7.bb
index bf33fce891..11a69ea808 100644
--- a/meta/recipes-devtools/python/python3_3.8.6.bb
+++ b/meta/recipes-devtools/python/python3_3.8.7.bb
@@ -33,7 +33,6 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://0001-configure.ac-fix-LIBPL.patch \
file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \
file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \
- file://CVE-2020-27619.patch \
file://CVE-2021-3177.patch \
"
@@ -43,8 +42,8 @@ SRC_URI_append_class-native = " \
file://0001-Don-t-search-system-for-headers-libraries.patch \
"
-SRC_URI[md5sum] = "69e73c49eeb1a853cefd26d18c9d069d"
-SRC_URI[sha256sum] = "a9e0b79d27aa056eb9cce8d63a427b5f9bab1465dee3f942dcfdb25a82f4ab8a"
+SRC_URI[md5sum] = "60fe018fffc7f33818e6c340d29e2db9"
+SRC_URI[sha256sum] = "ddcc1df16bb5b87aa42ec5d20a5b902f2d088caa269b28e01590f97a798ec50a"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
--
2.25.1
next prev parent reply other threads:[~2021-06-28 15:06 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-28 15:05 [OE-core][dunfell 00/14] Patch review Steve Sakoman
2021-06-28 15:05 ` [OE-core][dunfell 01/14] uninative: Upgrade to 3.2 (gcc11 support) Steve Sakoman
2021-06-28 15:05 ` [OE-core][dunfell 02/14] expat: fix CVE-2013-0340 Steve Sakoman
2021-06-28 15:05 ` [OE-core][dunfell 03/14] libxml2: Fix CVE-2021-3518 Steve Sakoman
2021-06-28 15:05 ` [OE-core][dunfell 04/14] libx11: Fix CVE-2021-31535 Steve Sakoman
2021-06-28 15:05 ` [OE-core][dunfell 05/14] python3: upgrade 3.8.2 -> 3.8.3 Steve Sakoman
2021-06-28 15:05 ` [OE-core][dunfell 06/14] python3: upgrade 3.8.3 -> 3.8.4 Steve Sakoman
2021-06-28 15:05 ` [OE-core][dunfell 07/14] python3: upgrade 3.8.4 -> 3.8.5 Steve Sakoman
2021-06-28 15:05 ` [OE-core][dunfell 08/14] python3: upgrade 3.8.5 -> 3.8.6 Steve Sakoman
2021-06-28 15:05 ` Steve Sakoman [this message]
2021-06-28 15:05 ` [OE-core][dunfell 10/14] python3: upgrade 3.8.7 -> 3.8.8 Steve Sakoman
2021-06-28 15:05 ` [OE-core][dunfell 11/14] powertop: fix aclocal error too many loops Steve Sakoman
2021-06-28 15:05 ` [OE-core][dunfell 12/14] python3: upgrade 3.8.8 -> 3.8.9 Steve Sakoman
2021-06-28 15:05 ` [OE-core][dunfell 13/14] python3: upgrade 3.8.9 -> 3.8.10 Steve Sakoman
2021-06-28 15:05 ` [OE-core][dunfell 14/14] python3-ptest: add newly discovered missing rdeps Steve Sakoman
2021-06-29 0:13 ` [dunfell 00/14] Patch review Minjae Kim
2021-06-29 14:09 ` [OE-core] " Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a90dde9b1800acf364fa272177945e0a4cbf6560.1624892565.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.