system/python3: bump to 3.6.10 and patch CVE-2019-18348 (#232)

author: Max Rees <maxcrees@me.com> 2020-03-16 19:40:54 -0500
committer: Max Rees <maxcrees@me.com> 2020-03-19 22:21:24 -0500
commit: 789547051d191f170ba4a2712d2060a42fe2fed8 (patch)
tree: f47f47ada9d312193cb588ae1865355b2e4bb416 /system/python3/APKBUILD
parent: 44858d9784799f0a00b6d0384143e191d3c53744 (diff)
download: packages-789547051d191f170ba4a2712d2060a42fe2fed8.tar.gz
packages-789547051d191f170ba4a2712d2060a42fe2fed8.tar.bz2
packages-789547051d191f170ba4a2712d2060a42fe2fed8.tar.xz
packages-789547051d191f170ba4a2712d2060a42fe2fed8.zip
1 files changed, 9 insertions, 6 deletions
diff --git a/system/python3/APKBUILD b/system/python3/APKBUILD
index b8c72f3a7..e875d3941 100644
--- a/system/python3/APKBUILD
+++ b/system/python3/APKBUILD
@@ -1,7 +1,7 @@
 # Contributor: Kiyoshi Aman <adelie@aerdan.vulpine.house>
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=python3
-pkgver=3.6.9
+pkgver=3.6.10
 _basever="${pkgver%.*}"
 pkgrel=2
 pkgdesc="A high-level scripting language"
@@ -40,8 +40,7 @@ makedepends="expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev xz-dev
 source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
 	musl-find_library.patch
 	fix-xattrs-glibc.patch
-	CVE-2019-16056.patch
-	CVE-2019-16935.patch
+	CVE-2019-18348.patch
 	"
 builddir="$srcdir/Python-$pkgver"
 
@@ -63,6 +62,8 @@ builddir="$srcdir/Python-$pkgver"
 #     - CVE-2019-16056
 #   3.6.9-r2:
 #     - CVE-2019-16935
+#   3.6.10-r0:
+#     - CVE-2019-18348
 
 prepare() {
 	default_prepare
@@ -153,11 +154,14 @@ EOF
 }
 
 package() {
+	export XDG_CACHE_HOME="$(mktemp -d)"
 	make -j1 DESTDIR="$pkgdir" EXTRA_CFLAGS="$CFLAGS" install maninstall
 	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
 	# those are provided by python3-tkinter
 	rm -r "$pkgdir"/usr/bin/idle* "$pkgdir"/usr/lib/python*/idlelib \
 		"$pkgdir"/usr/lib/python*/tkinter
+
+	rm -rf "$XDG_CACHE_HOME"
 }
 
 dev() {
@@ -189,8 +193,7 @@ wininst() {
 		"$subpkgdir"/usr/lib/python$_basever/distutils/command
 }
 
-sha512sums="05de9c6f44d96a52bfce10ede4312de892573edaf8bece65926d19973a3a800d65eed7a857af945f69efcfb25efa3788e7a54016b03d80b611eb51c3ea074819  Python-3.6.9.tar.xz
+sha512sums="26147099e1f1a0ffc85febad26e18e991f019599a150887ea0b925e34663fad8e03b3c2a941e2770c1a63960695e173ef32709572c9361e7f2cb862ccf75b28a  Python-3.6.10.tar.xz
 ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2  musl-find_library.patch
 37b6ee5d0d5de43799316aa111423ba5a666c17dc7f81b04c330f59c1d1565540eac4c585abe2199bbed52ebe7426001edb1c53bd0a17486a2a8e052d0f494ad  fix-xattrs-glibc.patch
-1f1eb61355eb7832bef8e9c3915895cc3b2966a30c809371430b4416260452cd39c48ba593b2259574867bd1e8fea98efbc45c4b0bd95aeb0690c8514b380ea0  CVE-2019-16056.patch
-7f94d887c81f79d90afd4a9621547c13cbdd0232250f62a686b26a63160a4d286a6db9b342d06b9b63af64f994835b489c37bab499a2093c3c2585dc7a04d8a1  CVE-2019-16935.patch"
+7a15409165feb60358455b711f978b7b1c4dea9ad53aa7b5be07c1f70262988e592e7a630f83125f37051bbed14d14b66d2acd775234a163ff5b048621b9a59c  CVE-2019-18348.patch"
author	Max Rees <maxcrees@me.com>	2020-03-16 19:40:54 -0500
committer	Max Rees <maxcrees@me.com>	2020-03-19 22:21:24 -0500
commit	789547051d191f170ba4a2712d2060a42fe2fed8 (patch)
tree	f47f47ada9d312193cb588ae1865355b2e4bb416 /system/python3/APKBUILD
parent	44858d9784799f0a00b6d0384143e191d3c53744 (diff)
download	packages-789547051d191f170ba4a2712d2060a42fe2fed8.tar.gz packages-789547051d191f170ba4a2712d2060a42fe2fed8.tar.bz2 packages-789547051d191f170ba4a2712d2060a42fe2fed8.tar.xz packages-789547051d191f170ba4a2712d2060a42fe2fed8.zip