[Buildroot] [git commit branch/2023.05.x] package/python3: security bump version to 3.11.4
Peter Korsgaard
peter at korsgaard.com
Thu Jul 6 09:24:45 UTC 2023
commit: https://git.buildroot.net/buildroot/commit/?id=442e7cab3a9881e082279cb48cb8df6905bdb6e5
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2023.05.x
Rebased two patches.
Changelog:
https://docs.python.org/release/3.11.4/whatsnew/changelog.html#python-3-11-4
Fixes the following security problems:
- gh-99889: Fixed a security in flaw in uu.decode() that could allow for
directory traversal based on the input if no out_file was specified.
- gh-104049: Do not expose the local on-disk location in directory
indexes produced by http.client.SimpleHTTPRequestHandler.
- gh-102153: urllib.parse.urlsplit() now strips leading C0 control and
space characters following the specification for URLs defined by WHATWG
in response to CVE-2023-24329. Patch by Illia Volochii.
Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit b7b11d7e94e316632fcc8ec49831e7b372cc055a)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
.../python3/0012-Add-an-option-to-disable-lib2to3.patch | 8 +++++---
.../0014-Add-an-option-to-disable-the-tk-module.patch | 15 +++++++++------
package/python3/python3.hash | 2 +-
package/python3/python3.mk | 2 +-
4 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/package/python3/0012-Add-an-option-to-disable-lib2to3.patch b/package/python3/0012-Add-an-option-to-disable-lib2to3.patch
index 0085d5a63f..228b86a90b 100644
--- a/package/python3/0012-Add-an-option-to-disable-lib2to3.patch
+++ b/package/python3/0012-Add-an-option-to-disable-lib2to3.patch
@@ -12,6 +12,8 @@ Signed-off-by: Samuel Martin <s.martin49 at gmail.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov at gmail.com>
[ Adam Duskett: ported to Python 3.10.0 ]
Signed-off-by: Adam Duskett <aduskett at gmail.com>
+[ Bernd Kuhls: ported to Python 3.11.4]
+Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
---
Makefile.pre.in | 17 ++++++++++++-----
configure.ac | 6 ++++++
@@ -48,9 +50,9 @@ index 403380e181..f5d0573067 100644
- lib2to3/tests/data \
- lib2to3/tests/data/fixers \
- lib2to3/tests/data/fixers/myfixes \
- test test/audiodata \
- test/capath test/cjkencodings \
- test/data test/decimaltestdata \
+ test \
+ test/audiodata \
+ test/capath \
@@ -2013,6 +2010,14 @@ ifeq (@PYDOC@,yes)
LIBSUBDIRS += pydoc_data
endif
diff --git a/package/python3/0014-Add-an-option-to-disable-the-tk-module.patch b/package/python3/0014-Add-an-option-to-disable-the-tk-module.patch
index 04f7e34435..b89e1d27bc 100644
--- a/package/python3/0014-Add-an-option-to-disable-the-tk-module.patch
+++ b/package/python3/0014-Add-an-option-to-disable-the-tk-module.patch
@@ -9,6 +9,8 @@ Signed-off-by: Samuel Martin <s.martin49 at gmail.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov at gmail.com>
[ Adam Duskett: ported to Python 3.10.0 ]
Signed-off-by: Adam Duskett <aduskett at gmail.com>
+[ Bernd Kuhls: ported to Python 3.11.4]
+Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
---
Makefile.pre.in | 10 +++++++---
configure.ac | 9 +++++++++
@@ -26,14 +28,15 @@ index 9f4cdf14cf..4f83911200 100644
tomllib \
turtledemo \
unittest \
-@@ -2001,8 +2000,6 @@ TESTSUBDIRS= ctypes/test \
- test/tracedmodules \
- test/xmltestdata test/xmltestdata/c14n-20 \
+@@ -2038,9 +2038,6 @@
+ test/xmltestdata \
+ test/xmltestdata/c14n-20 \
test/ziptestdata \
-- tkinter/test tkinter/test/test_tkinter \
+- tkinter/test \
+- tkinter/test/test_tkinter \
- tkinter/test/test_ttk \
- unittest/test unittest/test/testmock
-
+ unittest/test \
+ unittest/test/testmock
ifeq (@PYDOC@,yes)
@@ -2021,6 +2018,13 @@ ifeq (@SQLITE3@,yes)
LIBSUBDIRS += sqlite3
diff --git a/package/python3/python3.hash b/package/python3/python3.hash
index b04ee7fa2c..6c43e01a44 100644
--- a/package/python3/python3.hash
+++ b/package/python3/python3.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 8a5db99c961a7ecf27c75956189c9602c968751f11dbeae2b900dbff1c085b5e Python-3.11.3.tar.xz
+sha256 2f0e409df2ab57aa9fc4cbddfb976af44e4e55bf6f619eee6bc5c2297264a7f6 Python-3.11.4.tar.xz
sha256 3b2f81fe21d181c499c59a256c8e1968455d6689d269aa85373bfb6af41da3bf LICENSE
diff --git a/package/python3/python3.mk b/package/python3/python3.mk
index ece5cad93e..bdb7cfd22f 100644
--- a/package/python3/python3.mk
+++ b/package/python3/python3.mk
@@ -5,7 +5,7 @@
################################################################################
PYTHON3_VERSION_MAJOR = 3.11
-PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).3
+PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).4
PYTHON3_SOURCE = Python-$(PYTHON3_VERSION).tar.xz
PYTHON3_SITE = https://python.org/ftp/python/$(PYTHON3_VERSION)
PYTHON3_LICENSE = Python-2.0, others
More information about the buildroot
mailing list