From e0b07d96a83b9b6bdb1746ecb301c347c4f92fae Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Thu, 24 Nov 2022 07:02:27 +0000 Subject: system/python3: [CVE] Update to 3.11.0 Includes one yet-unreleased CVE fix from Git. Removes an unrecognized configure option. --- system/python3/APKBUILD | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'system/python3/APKBUILD') diff --git a/system/python3/APKBUILD b/system/python3/APKBUILD index 8d9ad55c4..a9cdba51d 100644 --- a/system/python3/APKBUILD +++ b/system/python3/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Sheila Aman # Maintainer: A. Wilcox pkgname=python3 -pkgver=3.10.4 +pkgver=3.11.0 _basever="${pkgver%.*}" pkgrel=0 pkgdesc="A high-level scripting language" @@ -38,8 +38,9 @@ makedepends="expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev xz-dev sqlite-dev libffi-dev tcl-dev linux-headers !python3" source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz musl-find_library.patch + musl-has-login_tty.patch fix-xattrs-glibc.patch - CVE-2015-20107.patch + CVE-2022-45061.patch " builddir="$srcdir/Python-$pkgver" @@ -63,6 +64,11 @@ builddir="$srcdir/Python-$pkgver" # - CVE-2019-16935 # 3.6.10-r0: # - CVE-2019-18348 +# 3.11.0-r0: +# - CVE-2020-10735 +# - CVE-2022-37454 +# - CVE-2022-42919 +# - CVE-2022-45061 prepare() { default_prepare @@ -91,8 +97,7 @@ build() { --with-computed-gotos \ --with-dbmliborder=ndbm \ --with-system-expat \ - --with-system-ffi \ - --with-threads + --with-system-ffi # set thread stack size to 1MB so we don't segfault before we hit # sys.getrecursionlimit() @@ -186,7 +191,8 @@ tests() { "$subpkgdir"/usr/lib/python$_basever/ } -sha512sums="6c9aeecddc55c7896b2e8527fca131c7b2b6127d56ce1a001ccedfebf590334e0c0bb7c517ed3cf1da3c1910e002552b56aa7e03eeb672f42ff0bd8150799113 Python-3.10.4.tar.xz +sha512sums="314eef88ae0d68760f34d7a32f238fd2ecb27c50963baa7357c42ad8159026ec50229a0b31d83c39710a472904a06422afc082f9658a90a1dc83ccb74c08039d Python-3.11.0.tar.xz ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch +75c60afecba2e57f11d58c20aadc611ebbb5c68e05b14415c5cf2f7aa75e103986764ca22f76e6a58b2c08e2ff3acffdbf6d85d2c8c4589743a0b949a4c90687 musl-has-login_tty.patch 4b4696d139e53aad184b72461478821335aadedc4811ec9e96cdea9a4f7ef19ebf0aac8c6afae6345f33c79fbd3ae2c63021de36044a2803d0dc8894fa291cf5 fix-xattrs-glibc.patch -a33454a727304360c2370153a695511a41fda6c526104ebffaadae01bbf1f433869e9f9f817b7cd1b8291062719ec35808ca1aa84398a8ace9901f5b16591359 CVE-2015-20107.patch" +039982b5f35d5aa412596dba81b0666fdf979e6c120aefa3ae29333fbaa56f6f6ad69db513dcd93e06a66522405058be2e39e56350816abcb9febd8f5778036f CVE-2022-45061.patch" -- cgit v1.2.3-70-g09d2