projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 567c620) | patch
python3: Update to 3.8.4, refresh/rework patches, backport patches 12880/head
authorJeffery To <jeffery.to@gmail.com>
Sun, 19 Jul 2020 21:48:57 +0000 (05:48 +0800)
committerJeffery To <jeffery.to@gmail.com>
Mon, 20 Jul 2020 09:30:14 +0000 (17:30 +0800)
commit1a3cef77d465ea1a53e5c80f869908f359e98c5e
tree9e9aec35d2de295d6a28d1d3dde087be5a84841etree | snapshot
parent567c620bdc7d94039b623bd73edb3b4ab99c34f3commit | diff
python3: Update to 3.8.4, refresh/rework patches, backport patches

This version includes fixes for:
* CVE-2020-14422: Hash collisions in IPv4Interface and IPv6Interface
* CVE-2020-15523: Python uses invalid DLL path after calling Py_SetPath
  on Windows

This version also includes support for OpenSSL 1.1.x builds that use
'no-deprecated' and '--api=1.1.0'[1], and so this removes the previous
OpenSSL-related patches.

This also backports fixes for security issues, including:
* CVE-2019-20907: Infinite loop in the tarfile module

This also updates the setuptools and pip packages to 47.1.0 and 20.1.1,
respectively.

[1]: https://github.com/python/cpython/pull/20566

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
12 files changed:
lang/python/python3-version.mk diff | blob | history
lang/python/python3/Makefile diff | blob | history
lang/python/python3/patches-pip/001-pep517-pyc-fix.patch diff | blob | history
lang/python/python3/patches-setuptools/001-reproducible.patch diff | blob | history
lang/python/python3/patches-setuptools/002-sorted-requires.patch diff | blob | history
lang/python/python3/patches-setuptools/003-PKG-INFO-output-reproducible.patch diff | blob | history
lang/python/python3/patches-setuptools/004-site-patch.patch diff | blob | history
lang/python/python3/patches/020-ssl-module-emulate-tls-methods.patch [deleted file] blob | history
lang/python/python3/patches/021-openssl-deprecated.patch [deleted file] blob | history
lang/python/python3/patches/025-bpo-41288-Fix-a-crash-in-unpickling-invalid-NEWOBJ_EX-GH-21458.patch [new file with mode: 0644] blob
lang/python/python3/patches/026-bpo-39017-Avoid-infinite-loop-in-the-tarfile-module-GH-21454-GH-21483.patch [new file with mode: 0644] blob
lang/python/python3/patches/027-bpo-39603-Prevent-header-injection-in-http-methods-GH-18485.patch [new file with mode: 0644] blob
Mirror of packages feed