[Buildroot] [git commit branch/2020.02.x] package/python3: security bump to version 3.8.7
Peter Korsgaard
peter at korsgaard.com
Tue Jan 5 22:25:11 UTC 2021
commit: https://git.buildroot.net/buildroot/commit/?id=a0b9dc672b369eaa230fa6ed992d7363b38ad28d
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2020.02.x
Release notes:
https://www.python.org/downloads/release/python-387/
Changelog:
https://docs.python.org/release/3.8.7/whatsnew/changelog.html
Fixes the following security issues:
- bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when
processing malformed Apple Property List files in binary format.
- bpo-42051: The plistlib module no longer accepts entity declarations in
XML plist files to avoid XML vulnerabilities. This should not affect
users as entity declarations are not used in regular plist files.
- bpo-40791: Add volatile to the accumulator variable in
hmac.compare_digest, making constant-time-defeating optimizations less
likely.
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/python3/python3.hash | 6 +++---
package/python3/python3.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/python3/python3.hash b/package/python3/python3.hash
index 4c03293dd1..d829fb9713 100644
--- a/package/python3/python3.hash
+++ b/package/python3/python3.hash
@@ -1,5 +1,5 @@
-# From https://www.python.org/downloads/release/python-386/
-md5 69e73c49eeb1a853cefd26d18c9d069d Python-3.8.6.tar.xz
+# From https://www.python.org/downloads/release/python-387/
+md5 60fe018fffc7f33818e6c340d29e2db9 Python-3.8.7.tar.xz
# Locally computed
-sha256 a9e0b79d27aa056eb9cce8d63a427b5f9bab1465dee3f942dcfdb25a82f4ab8a Python-3.8.6.tar.xz
+sha256 ddcc1df16bb5b87aa42ec5d20a5b902f2d088caa269b28e01590f97a798ec50a Python-3.8.7.tar.xz
sha256 1dceef1677a39befa8bf0285ab2db441ba117520bb2de839547ace006a17750d LICENSE
diff --git a/package/python3/python3.mk b/package/python3/python3.mk
index 1a2edc6471..6675f84042 100644
--- a/package/python3/python3.mk
+++ b/package/python3/python3.mk
@@ -5,7 +5,7 @@
################################################################################
PYTHON3_VERSION_MAJOR = 3.8
-PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).6
+PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).7
PYTHON3_SOURCE = Python-$(PYTHON3_VERSION).tar.xz
PYTHON3_SITE = https://python.org/ftp/python/$(PYTHON3_VERSION)
PYTHON3_LICENSE = Python-2.0, others
More information about the buildroot
mailing list