From: "Tim Orling" <ticotimo@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Tim Orling <timothy.t.orling@intel.com>,
Alexander Kanavin <alex.kanavin@gmail.com>,
Richard Purdie <richard.purdie@linuxfoundation.org>
Subject: [RFC PATCH 00/10][dunfell] python3 bugfix upgrades
Date: Mon, 21 Jun 2021 10:02:49 -0700 [thread overview]
Message-ID: <cover.1624294059.git.timothy.t.orling@intel.com> (raw)
Every dot release in the 3.8.y series is by definition a bugfix release.
We have been individually patching individual CVEs, when they could
instead have been handled by bumping the dot release.
The only CVE currently known to not be patched by this series is
CVE-2021-29921 which does not yet have an upstream fix in the 3.8.y
branch.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-29921
https://bugs.python.org/issue36384
Tested on qemux86-64 core-image-minimal with:
IMAGE_INSTALL_append = " python3"
# enable_gtk_in_qemu: |
DISTRO_FEATURES_append = "opengl"
PACKAGECONFIG_pn-qemu-system-native = "fdt alsa kvm virglrenderer glx gtk+"
# enable_ptest_and_testimage: |
IMAGE_CLASSES += " testimage"
DISTRO_FEAURES_append = " ptest"
EXTRA_IMAGE_FEATURES = "debug-tweaks ssh-server-dropbear"
TESTIMAGE_AUTO = "1"
TEST_SUITES = " ping ssh python ptest"
TEST_QEMUPARAMS += "-smp 4 -m 8192"
TEST_RUNQEMUPARAMS = "kvm gl-es gtk"
IMAGE_ROOTFS_SIZE ?= "8192"
IMAGE_ROOTFS_EXTRA_SPACE_append = "${@bb.utils.contains("DISTRO_FEATURES", "systemd", " + 4096", "", d)}"
IMAGE_INSTALL_append = " ptest-runner procps coreutils iproute2 sysstat python3-ptest"
The following changes since commit ac8181d9b9ad8360f7dba03aba8b00f008c6ebb4:
Revert "python3: fix CVE-2021-23336" (2021-06-19 13:11:58 -1000)
are available in the Git repository at:
git://push.openembedded.org/openembedded-core-contrib timo/dunfell/python3-3.8.10
Tim Orling (10):
python3: upgrade 3.8.2 -> 3.8.3
python3: upgrade 3.8.3 -> 3.8.4
python3: upgrade 3.8.4 -> 3.8.5
python3: upgrade 3.8.5 -> 3.8.6
python3: upgrade 3.8.6 -> 3.8.7
python3: upgrade 3.8.7 -> 3.8.8
python3: skip tests requiring tools-sdk
python3: upgrade 3.8.8 -> 3.8.9
python3: upgrade 3.8.9 -> 3.8.10
python3-ptest: add newly discovered missing rdeps
...20-8492-Fix-AbstractBasicAuthHandler.patch | 248 ------------------
...pes.test_find-skip-without-tools-sdk.patch | 33 +++
...le.py-correct-the-test-output-format.patch | 24 +-
.../python/python3/CVE-2019-20907.patch | 44 ----
.../python/python3/CVE-2020-14422.patch | 77 ------
.../python/python3/CVE-2020-26116.patch | 104 --------
.../python/python3/CVE-2020-27619.patch | 70 -----
.../python/python3/CVE-2021-3177.patch | 191 --------------
.../{python3_3.8.2.bb => python3_3.8.10.bb} | 20 +-
9 files changed, 54 insertions(+), 757 deletions(-)
delete mode 100644 meta/recipes-devtools/python/python3/0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch
create mode 100644 meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2019-20907.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-14422.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-26116.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-27619.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2021-3177.patch
rename meta/recipes-devtools/python/{python3_3.8.2.bb => python3_3.8.10.bb} (95%)
--
2.30.2
next reply other threads:[~2021-06-21 17:02 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-21 17:02 Tim Orling [this message]
2021-06-21 17:02 ` [RFC PATCH 01/10][dunfell] python3: upgrade 3.8.2 -> 3.8.3 Tim Orling
2021-06-21 17:02 ` [RFC PATCH 02/10][dunfell] python3: upgrade 3.8.3 -> 3.8.4 Tim Orling
2021-06-21 17:02 ` [RFC PATCH 03/10][dunfell] python3: upgrade 3.8.4 -> 3.8.5 Tim Orling
2021-06-21 17:02 ` [RFC PATCH 04/10][dunfell] python3: upgrade 3.8.5 -> 3.8.6 Tim Orling
2021-06-21 17:02 ` [RFC PATCH 05/10][dunfell] python3: upgrade 3.8.6 -> 3.8.7 Tim Orling
2021-06-21 17:02 ` [RFC PATCH 06/10][dunfell] python3: upgrade 3.8.7 -> 3.8.8 Tim Orling
2021-06-21 17:02 ` [RFC PATCH 07/10][dunfell] python3: skip tests requiring tools-sdk Tim Orling
2021-06-21 17:02 ` [RFC PATCH 08/10][dunfell] python3: upgrade 3.8.8 -> 3.8.9 Tim Orling
2021-06-21 17:02 ` [RFC PATCH 09/10][dunfell] python3: upgrade 3.8.9 -> 3.8.10 Tim Orling
2021-06-21 17:02 ` [RFC PATCH 10/10][dunfell] python3-ptest: add newly discovered missing rdeps Tim Orling
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1624294059.git.timothy.t.orling@intel.com \
--to=ticotimo@gmail.com \
--cc=alex.kanavin@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=richard.purdie@linuxfoundation.org \
--cc=timothy.t.orling@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.