From patchwork Fri Nov 1 13:40:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Korsgaard X-Patchwork-Id: 1188032 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=korsgaard.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="EaK9y1Zg"; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 474Ncl5Fhhz9sP4 for ; Sat, 2 Nov 2019 00:40:55 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id F1D2F87D6D; Fri, 1 Nov 2019 13:40:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jlEfolhZAshC; Fri, 1 Nov 2019 13:40:51 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id A64AD87D5D; Fri, 1 Nov 2019 13:40:51 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 172571BF846 for ; Fri, 1 Nov 2019 13:40:50 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 135A520412 for ; Fri, 1 Nov 2019 13:40:50 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o5tom+aAip0m for ; Fri, 1 Nov 2019 13:40:48 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) by silver.osuosl.org (Postfix) with ESMTPS id 55F8A203C3 for ; Fri, 1 Nov 2019 13:40:48 +0000 (UTC) Received: by mail-wr1-f54.google.com with SMTP id l10so9721153wrb.2 for ; Fri, 01 Nov 2019 06:40:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=0hR2zP7yQ31Zs18qswKdBRin4HUYiVzrETfqVNO8m+o=; b=EaK9y1ZgtHGipnIkws/5YBRL8nJLZp5oejFQheBcDaxqXSsaRPcIr5MEAnp7JdgpeI wVnqW16WxgEUc1ZlQT80/UzjHtZHqk6UNLAfGirwPsfD48pAPEw1Lj2PuYxoaquG6AJ4 yXRx3cxcCT+suEAFSYwrHmQGauS7uu+KgWTMhxa3YSQ4ZcuU3Xm9iR2vRnlRcpBe+G4J UFATRh3YDPVT/0nHjonHS9cc5g8Ycy/3i7F+7KlP5vQs558nZIrsy9epNYr2paPGK1Op BOnOQZn54/vZANepUKrw74p1VLVDTMN5V/tOQksS2SasJUJhtNyJWaHKM1US8rXaF28O kqAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; bh=0hR2zP7yQ31Zs18qswKdBRin4HUYiVzrETfqVNO8m+o=; b=EFt7AnWGU5wij1CcU+Rf7WIk6kIRF99ngEdMQ2siU0FSUjRUrz80/gLPR1St68nifx KAKqgtRmGBqZrzYckJVPeEapsnxE50qxmrEApMEkLus0imtsEDJmN5zwTjsFCuDnieNp Tm994KuPdkHKVXdVUiYH5swLl8Nq3K/uKk0+pkHArryhRtOiYWwlsfi3JeEOGIOzupOT 1r68r61/tNNBhwky8pXByehubb2lq/vXFyLpPJppZaPsL/OFXayjuOwvmVefYyyvDy4g k6VbgI0LBR8J2Alt86zbu4x1BJ9yzdsv6jnOJXwzi2iDiUr7fPpMFe6t3ikzGjSZxR7A VHlA== X-Gm-Message-State: APjAAAVzcOZx52LIZA7umzPU7qkO3OiiKnWrmI4Y83GvtKlmbBAQ236a nlYdLEKP0++jPyEZIxTRRK2GNT7dRNk= X-Google-Smtp-Source: APXvYqwomL1bZu8oag+cdW1FZQBhmNf/t+SkC6uwgcjG3lxug+p1jrARJCm8Dk58TJEa94St0vCQsA== X-Received: by 2002:adf:dd10:: with SMTP id a16mr11260598wrm.213.1572615646265; Fri, 01 Nov 2019 06:40:46 -0700 (PDT) Received: from dell.be.48ers.dk ([81.18.188.213]) by smtp.gmail.com with ESMTPSA id u10sm8871020wmj.0.2019.11.01.06.40.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Nov 2019 06:40:45 -0700 (PDT) Received: from peko by dell.be.48ers.dk with local (Exim 4.92) (envelope-from ) id 1iQXAE-0007Fh-1x; Fri, 01 Nov 2019 14:40:30 +0100 From: Peter Korsgaard To: buildroot@buildroot.org Date: Fri, 1 Nov 2019 14:40:22 +0100 Message-Id: <20191101134023.27832-1-peter@korsgaard.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [Buildroot] [PATCH-2019.02.x] package/python3: security bump to version 3.7.5 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas Petazzoni , Peter Korsgaard , Asaf Kahlon , Adam Duskett Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Fixes the following security vulnerabilities: - bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. (Contributed by Dong-hee Na in bpo-38243.) - bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903. - bpo-37764: Fixes email._header_value_parser.get_unstructured going into an infinite loop for a specific case in which the email header does not have trailing whitespace, and the case in which it contains an invalid encoded word. Patch by Ashwin Ramaswami. - bpo-37461: Fix an infinite loop when parsing specially crafted email headers. Patch by Abhilash Raj. - bpo-34155: Fix parsing of invalid email addresses with more than one @ (e.g. a@b@c.com.) to not return the part before 2nd @ as valid email address. Patch by maxking & jpic. Additionally, the release contains a number of non-security related fixes. For details, see the changelog: https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-5-final Signed-off-by: Peter Korsgaard --- package/python3/python3.hash | 6 +++--- package/python3/python3.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package/python3/python3.hash b/package/python3/python3.hash index 4a82e1dd9c..a138724ff8 100644 --- a/package/python3/python3.hash +++ b/package/python3/python3.hash @@ -1,5 +1,5 @@ -# From https://www.python.org/downloads/release/python-374/ -md5 d33e4aae66097051c2eca45ee3604803 Python-3.7.4.tar.xz +# From https://www.python.org/downloads/release/python-375/ +md5 08ed8030b1183107c48f2092e79a87e2 Python-3.7.5.tar.xz # Locally computed -sha256 fb799134b868199930b75f26678f18932214042639cd52b16da7fd134cd9b13f Python-3.7.4.tar.xz +sha256 e85a76ea9f3d6c485ec1780fca4e500725a4a7bbc63c78ebc44170de9b619d94 Python-3.7.5.tar.xz sha256 a77d71d6be6f9032e6b6e5d2cf6da68f9eeab9036edfbc043633c8979cd5e82c LICENSE diff --git a/package/python3/python3.mk b/package/python3/python3.mk index 8e6a0296ed..8d042954df 100644 --- a/package/python3/python3.mk +++ b/package/python3/python3.mk @@ -5,7 +5,7 @@ ################################################################################ PYTHON3_VERSION_MAJOR = 3.7 -PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).4 +PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).5 PYTHON3_SOURCE = Python-$(PYTHON3_VERSION).tar.xz PYTHON3_SITE = https://python.org/ftp/python/$(PYTHON3_VERSION) PYTHON3_LICENSE = Python-2.0, others