buildroot.busybox.net archive mirror
 help / color / mirror / Atom feed
* [Buildroot] [git commit] package/python-pip: security bump to version 21.2.4
@ 2021-09-22 19:16 Arnout Vandecappelle
  0 siblings, 0 replies; only message in thread
From: Arnout Vandecappelle @ 2021-09-22 19:16 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=3491f34d9ed97ac5980ff4a450367914b6985ff1
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

- SECURITY: Stop splitting on unicode separators in git references,
  which could be maliciously used to install a different revision on the
  repository. (#9827)
- Update hash of LICENSE.txt (update in year)
- Update indentation in hash file (two spaces)

https://pip.pypa.io/en/stable/news/#v21-2-4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
---
 package/python-pip/python-pip.hash | 6 +++---
 package/python-pip/python-pip.mk   | 4 ++--
 package/python3-pip/python3-pip.mk | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/package/python-pip/python-pip.hash b/package/python-pip/python-pip.hash
index 58bc239154..69214110f8 100644
--- a/package/python-pip/python-pip.hash
+++ b/package/python-pip/python-pip.hash
@@ -1,5 +1,5 @@
 # md5, sha256 from https://pypi.org/pypi/pip/json
-md5	7d42ba49b809604f0df3d55df1c3fd86  pip-20.0.2.tar.gz
-sha256	7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f  pip-20.0.2.tar.gz
+md5  efbdb4201a5e6383fb4d12e26f78f355  pip-21.2.4.tar.gz
+sha256  0eb8a1516c3d138ae8689c0c1a60fde7143310832f9dc77e11d8a4bc62de193b  pip-21.2.4.tar.gz
 # Locally computed sha256 checksums
-sha256	5ba21fbb0964f936ad7d15362d1ed6d4931cc8c8f9ff2d4d91190e109be74431  LICENSE.txt
+sha256  23a7361c2b1581028bc623b9da2bd24997abcaa4781ace6ad444a37944f8dae1  LICENSE.txt
diff --git a/package/python-pip/python-pip.mk b/package/python-pip/python-pip.mk
index 71f76e2842..ba7134e235 100644
--- a/package/python-pip/python-pip.mk
+++ b/package/python-pip/python-pip.mk
@@ -5,9 +5,9 @@
 ################################################################################
 
 # Please keep in sync with package/python3-pip/python3-pip.mk
-PYTHON_PIP_VERSION = 20.0.2
+PYTHON_PIP_VERSION = 21.2.4
 PYTHON_PIP_SOURCE = pip-$(PYTHON_PIP_VERSION).tar.gz
-PYTHON_PIP_SITE = https://files.pythonhosted.org/packages/8e/76/66066b7bc71817238924c7e4b448abdb17eb0c92d645769c223f9ace478f
+PYTHON_PIP_SITE = https://files.pythonhosted.org/packages/52/e1/06c018197d8151383f66ebf6979d951995cf495629fc54149491f5d157d0
 PYTHON_PIP_SETUP_TYPE = setuptools
 PYTHON_PIP_LICENSE = MIT
 PYTHON_PIP_LICENSE_FILES = LICENSE.txt
diff --git a/package/python3-pip/python3-pip.mk b/package/python3-pip/python3-pip.mk
index 58e3c06c39..5e20b06865 100644
--- a/package/python3-pip/python3-pip.mk
+++ b/package/python3-pip/python3-pip.mk
@@ -5,9 +5,9 @@
 ################################################################################
 
 # Please keep in sync with package/python-pip/python-pip.mk
-PYTHON3_PIP_VERSION = 20.0.2
+PYTHON3_PIP_VERSION = 21.2.4
 PYTHON3_PIP_SOURCE = pip-$(PYTHON_PIP_VERSION).tar.gz
-PYTHON3_PIP_SITE = https://files.pythonhosted.org/packages/8e/76/66066b7bc71817238924c7e4b448abdb17eb0c92d645769c223f9ace478f
+PYTHON3_PIP_SITE = https://files.pythonhosted.org/packages/52/e1/06c018197d8151383f66ebf6979d951995cf495629fc54149491f5d157d0
 PYTHON3_PIP_SETUP_TYPE = setuptools
 PYTHON3_PIP_LICENSE = MIT
 PYTHON3_PIP_LICENSE_FILES = LICENSE.txt
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2021-09-22 19:30 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-22 19:16 [Buildroot] [git commit] package/python-pip: security bump to version 21.2.4 Arnout Vandecappelle

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).