Release notes: https://www.python.org/downloads/release/python-31110/
Fixes CVE-2024-4032, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592,
CVE-2024-8088 and CVE-2023-27043.
The fixes for bundled libexpat are irrelevant for us because external expat
is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version fixes an out-of-bound reads in the MLSD command, so upgrading is recommended.
It also improves compatibility with various systems.
Update the COPYING hash because of a change in copyright year
Signed-off-by: Michael Fischer <mf@go-sys.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5271e90a6a2cc7633f3f917391865d2f9df54142)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also add a missing article one line above.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Arnout: fix additional typo]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 4390361bb517db2e9764b512304f3de41458c666)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream curl commit f057de5a1a950 ("libcurl.pc: add `Requires.private`,
`Requires` for static linking") deals with proper pkg-config
configuration since version 8.9.0.
Our local libcurl.pc modification we added back in commit 61d322c3d2
(package/cURL: fix static link whith openSSL) is no longer needed.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[yann.morin.1998@free.fr: this is not a "revert", reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a5cef5339bd26f9d161d080d352d4adfe7627434)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2023-7256: Clean up sock_initaddress() and its callers to avoid
double frees in some cases.
CVE-2024-8006: Fix pcap_findalldevs_ex() not to crash if passed a
file:// URL with a path to a directory that cannot be opened.
Changelog: bbcbc9174d/CHANGES
Signed-off-by: Akhilesh Nema <nemaakhilesh@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0982498c6735a2d90b5540370d17e48c31c962bc)
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 89d39fc7a3 "initscripts: new package" moved the inittab
packaged for Busybox init from system/skeleton/etc to package/busybox.
The manual, however, still points to the old location, so let's fix it.
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 99b1685fd8db8e63c37edac4e544f62ead245b90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6dc6a747fd44ab908f430c0895e6f6cbd03412e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7bd00d5506e8572f316a9b742b78039e0743d86b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0fa6bd5a964e8b8cd9d3728b0bb72d088d380a71)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a52fd38060f092edbb7f558217770e136899d19f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9e3fdb87f0e2a03e32c3a91875434f7b722a17d4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2e3c0ab1b7bbe8bb5a5abb493fc81e166593ac8f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9c604ef86f32ccb71e050cd92b2ab72659f9474c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0ab62e5d257bd36ca8fe5f570d18f6619fa11fbe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 064f879d960986f2e82ee0439b29cf487fcf85c9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4a8aafecf026a099e4b55d10a38b9dfd9b576e60)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1772ad2f5f34e28bf845c45ce355e888cdea9f63)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 98f7a32d05ba509461cc58103c359d3b67f00ef5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 28c56bc26f2c8b4cbeb8124178b349b1bf5b6f57)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 68316831e478417066ff7515774ef0aeda2bb6a3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c62de54852239da4e74fc1a3d23e60cdfd296751)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 670f6a4bf5a457eaa95340a68a976fb94b89306f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c89a111f06c2584b3f9994b8ead7c5a9caad7295)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit db6a029a50a36adb86549b22f556b4f66e072417)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
