openharmony/third_party_python
1
0
Fork 0
mirror of https://gitee.com/openharmony/third_party_python synced 2024-11-23 07:19:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
75 Commits 175 Branches 45 Tags 43 MiB
master
Commit Graph

75 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
openharmony_ci
7db96d56e5
!74 [安全问题]: CVE-2024-6232 
Merge pull request !74 from Luming/master
 2024-10-17 01:18:36 +00:00
Seth Michael Larson
985c8ad05a [3.11] gh-121285: Remove backtracking when parsing tarfile headers (GH-121286) 
* Remove backtracking when parsing tarfile headers
* Rewrite PAX header parsing to be stricter
* Optimize parsing of GNU extended sparse headers v0.0

(cherry picked from commit 34ddb64d088dd7ccc321f6103d23153256caa5d4)

Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Kirill Podoprigora <kirill.bast9@mail.ru>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Signed-off-by: luming <luming29@huawei.com>
 2024-10-14 19:59:13 +08:00
openharmony_ci
3509f36387
!68 【安全问题】 CVE-2024-8088 
Merge pull request !68 from Luming/master
 2024-08-29 15:54:09 +00:00
Jason R. Coombs
f3518981c3 [3.10] [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906) (GH-122925) 
* gh-122905: Sanitize names in zipfile.Path. (GH-122906)

Ported from zipp 3.19.1; ref jaraco/zippGH-119.

(cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932)

* [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906)

Ported from zipp 3.19.1; ref jaraco/zippGH-119.
(cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932)

(cherry picked from commit 795f2597a4be988e2bb19b69ff9958e981cb894e)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>

Signed-off-by: luming <luming29@huawei.com>
 2024-08-28 11:08:18 +08:00
openharmony_ci
2e5c732d4c
!67 [安全问题]: CVE-2024-4030 
Merge pull request !67 from Luming/master
 2024-08-21 06:38:47 +00:00
luming
f21abd60e2 [Bug/Vuln]: CVE-2024-0397 
issueNo: https://gitee.com/openharmony/third_party_python/issues/IALCQQ
Signed-off-by: luming <luming29@huawei.com>
 2024-08-21 08:29:15 +08:00
openharmony_ci
f17e4cc1e2
!66 [安全问题]: CVE-2024-0397 
Merge pull request !66 from Luming/master
 2024-08-21 00:24:02 +00:00
luming
c690258bcf [Bug/Vuln]: CVE-2024-0397 
IssueNo: https://gitee.com/openharmony/third_party_python/issues/IAL2JIgi

Signed-off-by: luming <luming29@huawei.com>
 2024-08-20 22:16:28 +08:00
openharmony_ci
c7b810a9be
!64 Python/fileutils.c diff update 
Merge pull request !64 from HsuYao/master
 2024-07-16 03:28:30 +00:00
xwx1135370
084de15af8 Python/fileutils.c patch update 
issue:https://gitee.com/openharmony/third_party_python/issues/IACDNR

Signed-off-by: xwx1135370 <xuyao44@huawei.com>
 2024-07-12 15:54:48 +08:00
openharmony_ci
67f55081a9
!63 [安全问题]: CVE-2024-0450/CVE-2023-6597/CVE-2023-40217 
Merge pull request !63 from Luming/master
 2024-07-11 08:21:24 +00:00
Łukasz Langa
9069acd1ac [CVE-2023-40217] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw 
Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake
and included protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.

The vulnerability is caused when a socket is connected, data is sent by the
malicious peer and stored in a buffer, and then the malicious peer closes the
socket within a small timing window before the other peers’ TLS handshake can
begin. After this sequence of events the closed socket will not immediately
attempt a TLS handshake due to not being connected but will also allow the
buffered data to be read as if a successful TLS handshake had occurred.

Co-Authored-By: Gregory P. Smith [Google LLC] <greg@krypto.org>

Signed-off-by: luming <luming29@huawei.com>
 2024-07-10 21:59:05 +08:00
Serhiy Storchaka
c3fdefb08f [CVE-2023-6597][3.11] gh-91133: tempfile.TemporaryDirectory: fix symlink bug in cleanup (GH-99930) (GH-112839) 
(cherry picked from commit 81c16cd94ec38d61aa478b9a452436dc3b1b524d)

Co-authored-by: Søren Løvborg <sorenl@unity3d.com>

Signed-off-by: luming <luming29@huawei.com>
 2024-07-10 21:49:14 +08:00
Serhiy Storchaka
b6736edd2e [CVE-2024-0450] gh-109858: Protect zipfile from "quoted-overlap" zipbomb (GH-110016) 
Raise BadZipFile when try to read an entry that overlaps with other entry or
central directory.
(cherry picked from commit 66363b9a7b9fe7c99eba3a185b74c5fdbf842eba)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

Signed-off-by: luming <luming29@huawei.com>
 2024-07-10 21:33:18 +08:00
openharmony_ci
d63203ba37
!61 [新需求]: Enable cross-compilation with MinGW-w64 
Merge pull request !61 from HsuYao/master
 2024-07-09 12:07:21 +00:00
openharmony_ci
d95b6d00e7
!60 [安全问题]: CVE-2023-41105 
Merge pull request !60 from Luming/master
 2024-07-05 08:32:19 +00:00
xwx1135370
5057639b3f X[新需求]: Enable cross-compilation with MinGW-w64 
issue: https://gitee.com/openharmony/third_party_python/issues/IA9LEK?from=project-issue

Signed-off-by: xwx1135370 <xuyao44@huawei.com>
 2024-07-03 10:50:11 +08:00
luming
afd697d5af [Bug/Vulnerability] CVE-2023-41105 
issue: https://gitee.com/openharmony/third_party_python/issues/IA9IEH
Signed-off-by: luming <luming29@huawei.com>
 2024-07-01 11:28:40 +08:00
openharmony_ci
1b8cea4ef2
!59 更新python3.11.4 
Merge pull request !59 from flying/master
 2024-07-01 01:55:41 +00:00
flying
68041e537a update python3.11.4 
Signed-off-by: flying <pengmengjie1@huawei.com>
 2024-06-18 14:50:14 +08:00
openharmony_ci
4a73927c3e
!58 python版本升级到3.11.4 
Merge pull request !58 from flying/master
 2024-06-13 06:16:42 +00:00
flying
bd6c2daf54
update README.OpenSource. 
Signed-off-by: flying <pengmengjie1@huawei.com>
 2024-06-13 02:13:14 +00:00
flying
0a53acf28f update python 
Signed-off-by: flying <pengmengjie1@huawei.com>
 2024-05-28 09:30:42 +08:00
openharmony_ci
2689cd31d3
!55 Cross-compilation capability for OHOS system support 
Merge pull request !55 from liujia178/I9GMT2
 2024-04-30 12:26:44 +00:00
liujia178
359116017b Cross-compilation capability for OHOS system support. 
Issue: https://gitee.com/openharmony/third_party_llvm-project/issues/I9GMT2

Signed-off-by: liujia178 <liujia178@huawei.com>
Change-Id: Ie6a4c36fa0227cc0adf46c7d351694d7b9ce6b9a
 2024-04-29 17:34:26 +08:00
openharmony_ci
3e50c19fd3
!53 【安全问题】:【漏洞】CVE-2023-6597 
Merge pull request !53 from HsuYao/CVE-2023-6597
 2024-04-19 08:40:37 +00:00
openharmony_ci
3d4153e021
!51 [安全问题]: 【漏洞】CVE-2024-0450 
Merge pull request !51 from HsuYao/master
 2024-04-19 08:31:46 +00:00
xwx1135370
e8181323c6 【安全问题】:【漏洞】CVE-2023-6597 
issue:https://gitee.com/openharmony/third_party_python/issues/I9H81U?from=project-issue

社区原始PR:02a9259c71

Signed-off-by: xwx1135370 <xuyao44@huawei.com>
 2024-04-17 09:34:24 +08:00
xwx1135370
37dbbd43e1 [安全问题]: 【漏洞】CVE-2024-0450 
issue:https://gitee.com/openharmony/third_party_python/issues/I9H80L?from=project-issue

社区原始PR:30fe5d853b

Signed-off-by: xwx1135370 <xuyao44@huawei.com>
 2024-04-16 18:57:55 +08:00
openharmony_ci
bc9c2db43a
!50 【轻量级 PR】:update bundle.json. 
Merge pull request !50 from yisi/N/A
 2024-03-14 10:14:48 +00:00
yisi
f3a447b51d
update bundle.json. 
Signed-off-by: yisi <1584489760@qq.com>
 2023-12-14 06:41:04 +00:00
openharmony_ci
324820d386
!49 Enable cross-compilation with MinGW-w64 on Linux 
Merge pull request !49 from hongbinj/cross-compile-mingw
 2023-07-14 03:07:45 +00:00
hongbinj
5462c7cb51 Enable cross-compilation with MinGW-w64 on Linux 
Issue: https://gitee.com/openharmony/third_party_python/issues/I7JN4B

Signed-off-by: hongbinj <jinhongbin2@huawei.com>
 2023-07-08 16:03:54 +08:00
openharmony_ci
a6b93bfc45
!47 【OpenHarmony-Master】 CVE-2023-24329 
Merge pull request !47 from lwx1153805/lsn_third_party_0324
 2023-04-07 08:41:31 +00:00
xwx1135370
06dbc764e1 Title: fix bug CVE-2023-24329 
Description: fix bug CVE-2023-24329

Issue: https://gitee.com/openharmony/third_party_python/issues/I6I7UL?from=project-issue

Signed-off-by: xwx1135370 <xuyao44@huawei.com>
 2023-03-24 10:20:10 +08:00
openharmony_ci
6970e49eac
!38 python-3.10漏洞升级 CVE-2021-3177 
Merge pull request !38 from lsn1028/lsn_python_I65Q7F
 2022-12-30 06:45:25 +00:00
lsn1028
d5f15bb5db Descriptor: python-3.10 fix bug CVE-2021-3177 
issue:https://gitee.com/openharmony/third_party_python/issues/I65Q7F?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
 2022-12-30 11:42:01 +08:00
openharmony_ci
e7600bd442
!34 python-3.10漏洞升级 CVE-2021-28861 
Merge pull request !34 from lsn1028/lsn_python_1128_4
 2022-11-28 08:37:12 +00:00
openharmony_ci
59807dae0a
!33 python-3.10漏洞升级 CVE-2015-20107 
Merge pull request !33 from lsn1028/lsn_python_1128_3
 2022-11-28 08:34:55 +00:00
openharmony_ci
30cf37f975
!32 python-3.10漏洞升级 CVE-2022-0391 
Merge pull request !32 from lsn1028/lsn_python_1128_1
 2022-11-28 08:18:30 +00:00
lsn1028
60fc7c7945 CVE-2021-28861: Fix an open redirection vulnerability in http.server. 
Descriptor: python-3.10.2 fix bug CVE-2021-28861
issue:https://gitee.com/openharmony/third_party_python/issues/I6288G?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
 2022-11-28 11:09:37 +08:00
lsn1028
f832b9206e CVE-2015-20107: Make mailcap refuse to match unsafe filenames/types/params 
Descriptor: python-3.10.2 fix bug CVE-2015-20107
issue:https://gitee.com/openharmony/third_party_python/issues/I6288I?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
 2022-11-28 10:56:57 +08:00
lsn1028
518025bf8b CVE-2022-0391: Mention urllib.parse changes in Whats new section. 
Descriptor: python-3.10.2 fix bug CVE-2022-0391
issue:https://gitee.com/openharmony/third_party_python/issues/I628CS?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
 2022-11-28 09:56:29 +08:00
openharmony_ci
1694710f08
!30 python-3.10漏洞升级 CVE-2022-45061 
Merge pull request !30 from lsn1028/lsn_python_1122_3
 2022-11-23 02:27:17 +00:00
openharmony_ci
75fd6b7e74
!31 python-3.10漏洞升级 CVE-2022-42919 
Merge pull request !31 from lsn1028/lsn_python_1122_4
 2022-11-22 12:17:46 +00:00
openharmony_ci
59557e335c
!28 python-3.10漏洞升级 CVE-2022-37454 
Merge pull request !28 from lsn1028/lsn_python_1122_1
 2022-11-22 12:17:08 +00:00
lsn1028
446ac8c140 CVE-2022-42919: Fix quadratic time idna decoding. 
Descriptor: python-3.10.2 fix bug CVE-2022-42919
issue:https://gitee.com/openharmony/third_party_python/issues/I62CMH?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
 2022-11-22 14:58:17 +08:00
lsn1028
7ee22286c9 CVE-2022-45061: Fix quadratic time idna decoding. 
Descriptor: python-3.10.2 fix bug CVE-2022-45061
issue:https://gitee.com/openharmony/third_party_python/issues/I62CMW?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
 2022-11-22 14:43:16 +08:00
lsn1028
337d60df8f CVE-2022-37454: Fix buffer overflows in _sha3 module 
Descriptor: python-3.10.2 fix bug CVE-2022-37454
issue:https://gitee.com/openharmony/third_party_python/issues/I62CI2?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
 2022-11-22 11:17:03 +08:00
openharmony_ci
4d5303825a
!27 新增python源码的编译构建说明文件 
Merge pull request !27 from lsn1028/lsn_1115
 2022-11-16 07:39:28 +00:00