[dunfell] python3: upgrade 3.8.13 -> 3.8.14

Message ID	20221011144008.2808909-1-tim.orling@konsulko.com
State	Accepted, archived
Commit	25fafd35a4698daa0d4abb814a91601e68223128
Headers	show Return-Path: <ticotimo@gmail.com> ip: 209.85.210.173, mailfrom: ticotimo@gmail.com) From: Tim Orling <ticotimo@gmail.com> To: openembedded-core@lists.openembedded.org Cc: Tim Orling <tim.orling@konsulko.com> Subject: [dunfell][PATCH] python3: upgrade 3.8.13 -> 3.8.14 Date: Tue, 11 Oct 2022 07:40:08 -0700 Message-Id: <20221011144008.2808909-1-tim.orling@konsulko.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[dunfell] python3: upgrade 3.8.13 -> 3.8.14 \| expand [dunfell] python3: upgrade 3.8.13 -> 3.8.14

Message ID

20221011144008.2808909-1-tim.orling@konsulko.com

State

Accepted, archived

Commit

25fafd35a4698daa0d4abb814a91601e68223128

Headers

From: Tim Orling <ticotimo@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Tim Orling <tim.orling@konsulko.com>
Subject: [dunfell][PATCH] python3: upgrade 3.8.13 -> 3.8.14
Date: Tue, 11 Oct 2022 07:40:08 -0700
Message-Id: <20221011144008.2808909-1-tim.orling@konsulko.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[dunfell] python3: upgrade 3.8.13 -> 3.8.14 | expand

Commit Message

Tim Orling Oct. 11, 2022, 2:40 p.m. UTC

Fixes:
  * CVE-2020-10735
    https://nvd.nist.gov/vuln/detail/CVE-2020-10735
  * CVE-2021-28861
    https://nvd.nist.gov/vuln/detail/CVE-2021-28861
  * CVE-2018-25032
    https://nvd.nist.gov/vuln/detail/CVE-2018-25032

Python 3.8.14
Release Date: Sept. 6, 2022

This is a security release of Python 3.8
Note: The release you're looking at is Python 3.8.14, a security bugfix
      release for the legacy 3.8 series. Python 3.10 is now the latest
      feature release series of Python 3.

Security content in this release
CVE-2020-10735: converting between int and str in bases other than
  2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base
  10 (decimal) now raises a ValueError if the number of digits in string
  form is above a limit to avoid potential denial of service attacks due
  to the algorithmic complexity.
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP
  server when an URI path starts with //.
gh-93065: Fix contextvars HAMT implementation to handle iteration over
  deep trees to avoid a potential crash of the interpreter.
gh-90355: Fix ensurepip environment isolation for the subprocess running
  pip.
gh-80254: Raise ProgrammingError instead of segfaulting on recursive usage
  of cursors in sqlite3 converters.

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
---
 .../python/{python3_3.8.13.bb => python3_3.8.14.bb}           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/python/{python3_3.8.13.bb => python3_3.8.14.bb} (99%)

diff --git a/meta/recipes-devtools/python/python3_3.8.13.bb b/meta/recipes-devtools/python/python3_3.8.14.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.8.13.bb
rename to meta/recipes-devtools/python/python3_3.8.14.bb
index d7f6e9155de..35e9233d5d2 100644
--- a/meta/recipes-devtools/python/python3_3.8.13.bb
+++ b/meta/recipes-devtools/python/python3_3.8.14.bb
@@ -42,8 +42,8 @@  SRC_URI_append_class-native = " \
            file://0001-Don-t-search-system-for-headers-libraries.patch \
            "
 
-SRC_URI[md5sum] = "c4b7100dcaace9d33ab1fda9a3a038d6"
-SRC_URI[sha256sum] = "6f309077012040aa39fe8f0c61db8c0fa1c45136763299d375c9e5756f09cf57"
+SRC_URI[md5sum] = "78710eed185b71f4198d354502ff62c9"
+SRC_URI[sha256sum] = "5d77e278271ba803e9909a41a4f3baca006181c93ada682a5e5fe8dc4a24c5f3"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"

[dunfell] python3: upgrade 3.8.13 -> 3.8.14

Commit Message

Patch