openharmony/third_party_python
1
0
Fork 0
mirror of https://gitee.com/openharmony/third_party_python synced 2024-11-23 07:19:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
75 Commits 175 Branches 45 Tags 43 MiB
master
Commit Graph

29 Commits

Author SHA1 Message Date
Seth Michael Larson
985c8ad05a [3.11] gh-121285: Remove backtracking when parsing tarfile headers (GH-121286) 
* Remove backtracking when parsing tarfile headers
* Rewrite PAX header parsing to be stricter
* Optimize parsing of GNU extended sparse headers v0.0

(cherry picked from commit 34ddb64d088dd7ccc321f6103d23153256caa5d4)

Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Kirill Podoprigora <kirill.bast9@mail.ru>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Signed-off-by: luming <luming29@huawei.com>
 2024-10-14 19:59:13 +08:00
Jason R. Coombs
f3518981c3 [3.10] [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906) (GH-122925) 
* gh-122905: Sanitize names in zipfile.Path. (GH-122906)

Ported from zipp 3.19.1; ref jaraco/zippGH-119.

(cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932)

* [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906)

Ported from zipp 3.19.1; ref jaraco/zippGH-119.
(cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932)

(cherry picked from commit 795f2597a4be988e2bb19b69ff9958e981cb894e)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>

Signed-off-by: luming <luming29@huawei.com>
 2024-08-28 11:08:18 +08:00
luming
f21abd60e2 [Bug/Vuln]: CVE-2024-0397 
issueNo: https://gitee.com/openharmony/third_party_python/issues/IALCQQ
Signed-off-by: luming <luming29@huawei.com>
 2024-08-21 08:29:15 +08:00
luming
c690258bcf [Bug/Vuln]: CVE-2024-0397 
IssueNo: https://gitee.com/openharmony/third_party_python/issues/IAL2JIgi

Signed-off-by: luming <luming29@huawei.com>
 2024-08-20 22:16:28 +08:00
Łukasz Langa
9069acd1ac [CVE-2023-40217] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw 
Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake
and included protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.

The vulnerability is caused when a socket is connected, data is sent by the
malicious peer and stored in a buffer, and then the malicious peer closes the
socket within a small timing window before the other peers’ TLS handshake can
begin. After this sequence of events the closed socket will not immediately
attempt a TLS handshake due to not being connected but will also allow the
buffered data to be read as if a successful TLS handshake had occurred.

Co-Authored-By: Gregory P. Smith [Google LLC] <greg@krypto.org>

Signed-off-by: luming <luming29@huawei.com>
 2024-07-10 21:59:05 +08:00
Serhiy Storchaka
c3fdefb08f [CVE-2023-6597][3.11] gh-91133: tempfile.TemporaryDirectory: fix symlink bug in cleanup (GH-99930) (GH-112839) 
(cherry picked from commit 81c16cd94ec38d61aa478b9a452436dc3b1b524d)

Co-authored-by: Søren Løvborg <sorenl@unity3d.com>

Signed-off-by: luming <luming29@huawei.com>
 2024-07-10 21:49:14 +08:00
Serhiy Storchaka
b6736edd2e [CVE-2024-0450] gh-109858: Protect zipfile from "quoted-overlap" zipbomb (GH-110016) 
Raise BadZipFile when try to read an entry that overlaps with other entry or
central directory.
(cherry picked from commit 66363b9a7b9fe7c99eba3a185b74c5fdbf842eba)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

Signed-off-by: luming <luming29@huawei.com>
 2024-07-10 21:33:18 +08:00
luming
afd697d5af [Bug/Vulnerability] CVE-2023-41105 
issue: https://gitee.com/openharmony/third_party_python/issues/IA9IEH
Signed-off-by: luming <luming29@huawei.com>
 2024-07-01 11:28:40 +08:00
flying
68041e537a update python3.11.4 
Signed-off-by: flying <pengmengjie1@huawei.com>
 2024-06-18 14:50:14 +08:00
flying
0a53acf28f update python 
Signed-off-by: flying <pengmengjie1@huawei.com>
 2024-05-28 09:30:42 +08:00
openharmony_ci
3e50c19fd3
!53 【安全问题】:【漏洞】CVE-2023-6597 
Merge pull request !53 from HsuYao/CVE-2023-6597
 2024-04-19 08:40:37 +00:00
xwx1135370
e8181323c6 【安全问题】:【漏洞】CVE-2023-6597 
issue:https://gitee.com/openharmony/third_party_python/issues/I9H81U?from=project-issue

社区原始PR:02a9259c71

Signed-off-by: xwx1135370 <xuyao44@huawei.com>
 2024-04-17 09:34:24 +08:00
xwx1135370
37dbbd43e1 [安全问题]: 【漏洞】CVE-2024-0450 
issue:https://gitee.com/openharmony/third_party_python/issues/I9H80L?from=project-issue

社区原始PR:30fe5d853b

Signed-off-by: xwx1135370 <xuyao44@huawei.com>
 2024-04-16 18:57:55 +08:00
xwx1135370
06dbc764e1 Title: fix bug CVE-2023-24329 
Description: fix bug CVE-2023-24329

Issue: https://gitee.com/openharmony/third_party_python/issues/I6I7UL?from=project-issue

Signed-off-by: xwx1135370 <xuyao44@huawei.com>
 2023-03-24 10:20:10 +08:00
lsn1028
d5f15bb5db Descriptor: python-3.10 fix bug CVE-2021-3177 
issue:https://gitee.com/openharmony/third_party_python/issues/I65Q7F?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
 2022-12-30 11:42:01 +08:00
openharmony_ci
e7600bd442
!34 python-3.10漏洞升级 CVE-2021-28861 
Merge pull request !34 from lsn1028/lsn_python_1128_4
 2022-11-28 08:37:12 +00:00
lsn1028
60fc7c7945 CVE-2021-28861: Fix an open redirection vulnerability in http.server. 
Descriptor: python-3.10.2 fix bug CVE-2021-28861
issue:https://gitee.com/openharmony/third_party_python/issues/I6288G?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
 2022-11-28 11:09:37 +08:00
lsn1028
f832b9206e CVE-2015-20107: Make mailcap refuse to match unsafe filenames/types/params 
Descriptor: python-3.10.2 fix bug CVE-2015-20107
issue:https://gitee.com/openharmony/third_party_python/issues/I6288I?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
 2022-11-28 10:56:57 +08:00
openharmony_ci
1694710f08
!30 python-3.10漏洞升级 CVE-2022-45061 
Merge pull request !30 from lsn1028/lsn_python_1122_3
 2022-11-23 02:27:17 +00:00
openharmony_ci
75fd6b7e74
!31 python-3.10漏洞升级 CVE-2022-42919 
Merge pull request !31 from lsn1028/lsn_python_1122_4
 2022-11-22 12:17:46 +00:00
lsn1028
446ac8c140 CVE-2022-42919: Fix quadratic time idna decoding. 
Descriptor: python-3.10.2 fix bug CVE-2022-42919
issue:https://gitee.com/openharmony/third_party_python/issues/I62CMH?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
 2022-11-22 14:58:17 +08:00
lsn1028
7ee22286c9 CVE-2022-45061: Fix quadratic time idna decoding. 
Descriptor: python-3.10.2 fix bug CVE-2022-45061
issue:https://gitee.com/openharmony/third_party_python/issues/I62CMW?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
 2022-11-22 14:43:16 +08:00
lsn1028
337d60df8f CVE-2022-37454: Fix buffer overflows in _sha3 module 
Descriptor: python-3.10.2 fix bug CVE-2022-37454
issue:https://gitee.com/openharmony/third_party_python/issues/I62CI2?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
 2022-11-22 11:17:03 +08:00
lwx1153805
a10fcf39bc CVE-2020-10735: Prevent DoS by very large int() 
Descriptor: python fix bug CVE-2020-10735
issue:https://gitee.com/openharmony/third_party_python/issues/I5U0JW?from=project-issue

Signed-off-by: lwx1153805 <longshining2@huawei.com>
 2022-09-30 16:37:30 +08:00
openharmony_ci
db682142a9 Upgrade Python version 2022-07-04 19:10:09 +08:00
oumeng
8a4331a310 upgrade python version 
Signed-off-by: oumeng <oumeng@huawei.com>
 2022-06-30 19:15:46 +08:00
oumeng
6bbaaeefcb python version update from 3.9.2 to 3.9.11 
Signed-off-by: oumeng <oumeng@huawei.com>
 2022-06-23 14:42:02 +08:00
oumeng
3af129a1d0 updated Python version 
Signed-off-by: oumeng <oumeng@huawei.com>
 2022-04-18 17:08:38 +08:00
mamingshuai
d338d5c080 update OpenHarmony 2.0 Canary 2021-06-02 02:32:55 +08:00