Jason R. Coombs
f3518981c3
[3.10] [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906) (GH-122925)
...
* gh-122905: Sanitize names in zipfile.Path. (GH-122906)
Ported from zipp 3.19.1; ref jaraco/zippGH-119.
(cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932)
* [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906)
Ported from zipp 3.19.1; ref jaraco/zippGH-119.
(cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932)
(cherry picked from commit 795f2597a4be988e2bb19b69ff9958e981cb894e)
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
Signed-off-by: luming <luming29@huawei.com>
2024-08-28 11:08:18 +08:00
luming
f21abd60e2
[Bug/Vuln]: CVE-2024-0397
...
issueNo: https://gitee.com/openharmony/third_party_python/issues/IALCQQ
Signed-off-by: luming <luming29@huawei.com>
2024-08-21 08:29:15 +08:00
luming
c690258bcf
[Bug/Vuln]: CVE-2024-0397
...
IssueNo: https://gitee.com/openharmony/third_party_python/issues/IAL2JIgi
Signed-off-by: luming <luming29@huawei.com>
2024-08-20 22:16:28 +08:00
openharmony_ci
c7b810a9be
!64 Python/fileutils.c diff update
...
Merge pull request !64 from HsuYao/master
2024-07-16 03:28:30 +00:00
xwx1135370
084de15af8
Python/fileutils.c patch update
...
issue:https://gitee.com/openharmony/third_party_python/issues/IACDNR
Signed-off-by: xwx1135370 <xuyao44@huawei.com>
2024-07-12 15:54:48 +08:00
openharmony_ci
67f55081a9
!63 [安全问题]: CVE-2024-0450/CVE-2023-6597/CVE-2023-40217
...
Merge pull request !63 from Luming/master
2024-07-11 08:21:24 +00:00
Łukasz Langa
9069acd1ac
[CVE-2023-40217] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw
...
Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake
and included protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.
The vulnerability is caused when a socket is connected, data is sent by the
malicious peer and stored in a buffer, and then the malicious peer closes the
socket within a small timing window before the other peers’ TLS handshake can
begin. After this sequence of events the closed socket will not immediately
attempt a TLS handshake due to not being connected but will also allow the
buffered data to be read as if a successful TLS handshake had occurred.
Co-Authored-By: Gregory P. Smith [Google LLC] <greg@krypto.org>
Signed-off-by: luming <luming29@huawei.com>
2024-07-10 21:59:05 +08:00
Serhiy Storchaka
c3fdefb08f
[CVE-2023-6597][3.11] gh-91133: tempfile.TemporaryDirectory: fix symlink bug in cleanup (GH-99930) (GH-112839)
...
(cherry picked from commit 81c16cd94ec38d61aa478b9a452436dc3b1b524d)
Co-authored-by: Søren Løvborg <sorenl@unity3d.com>
Signed-off-by: luming <luming29@huawei.com>
2024-07-10 21:49:14 +08:00
Serhiy Storchaka
b6736edd2e
[CVE-2024-0450] gh-109858: Protect zipfile from "quoted-overlap" zipbomb (GH-110016)
...
Raise BadZipFile when try to read an entry that overlaps with other entry or
central directory.
(cherry picked from commit 66363b9a7b9fe7c99eba3a185b74c5fdbf842eba)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Signed-off-by: luming <luming29@huawei.com>
2024-07-10 21:33:18 +08:00
openharmony_ci
d63203ba37
!61 [新需求]: Enable cross-compilation with MinGW-w64
...
Merge pull request !61 from HsuYao/master
2024-07-09 12:07:21 +00:00
openharmony_ci
d95b6d00e7
!60 [安全问题]: CVE-2023-41105
...
Merge pull request !60 from Luming/master
2024-07-05 08:32:19 +00:00
xwx1135370
5057639b3f
X[新需求]: Enable cross-compilation with MinGW-w64
...
issue: https://gitee.com/openharmony/third_party_python/issues/IA9LEK?from=project-issue
Signed-off-by: xwx1135370 <xuyao44@huawei.com>
2024-07-03 10:50:11 +08:00
luming
afd697d5af
[Bug/Vulnerability] CVE-2023-41105
...
issue: https://gitee.com/openharmony/third_party_python/issues/IA9IEH
Signed-off-by: luming <luming29@huawei.com>
2024-07-01 11:28:40 +08:00
openharmony_ci
1b8cea4ef2
!59 更新python3.11.4
...
Merge pull request !59 from flying/master
2024-07-01 01:55:41 +00:00
flying
68041e537a
update python3.11.4
...
Signed-off-by: flying <pengmengjie1@huawei.com>
2024-06-18 14:50:14 +08:00
openharmony_ci
4a73927c3e
!58 python版本升级到3.11.4
...
Merge pull request !58 from flying/master
2024-06-13 06:16:42 +00:00
flying
bd6c2daf54
update README.OpenSource.
...
Signed-off-by: flying <pengmengjie1@huawei.com>
2024-06-13 02:13:14 +00:00
flying
0a53acf28f
update python
...
Signed-off-by: flying <pengmengjie1@huawei.com>
2024-05-28 09:30:42 +08:00
openharmony_ci
2689cd31d3
!55 Cross-compilation capability for OHOS system support
...
Merge pull request !55 from liujia178/I9GMT2
2024-04-30 12:26:44 +00:00
liujia178
359116017b
Cross-compilation capability for OHOS system support.
...
Issue: https://gitee.com/openharmony/third_party_llvm-project/issues/I9GMT2
Signed-off-by: liujia178 <liujia178@huawei.com>
Change-Id: Ie6a4c36fa0227cc0adf46c7d351694d7b9ce6b9a
2024-04-29 17:34:26 +08:00
openharmony_ci
3e50c19fd3
!53 【安全问题】:【漏洞】CVE-2023-6597
...
Merge pull request !53 from HsuYao/CVE-2023-6597
2024-04-19 08:40:37 +00:00
openharmony_ci
3d4153e021
!51 [安全问题]: 【漏洞】CVE-2024-0450
...
Merge pull request !51 from HsuYao/master
2024-04-19 08:31:46 +00:00
xwx1135370
e8181323c6
【安全问题】:【漏洞】CVE-2023-6597
...
issue:https://gitee.com/openharmony/third_party_python/issues/I9H81U?from=project-issue
社区原始PR:02a9259c71
Signed-off-by: xwx1135370 <xuyao44@huawei.com>
2024-04-17 09:34:24 +08:00
xwx1135370
37dbbd43e1
[安全问题]: 【漏洞】CVE-2024-0450
...
issue:https://gitee.com/openharmony/third_party_python/issues/I9H80L?from=project-issue
社区原始PR:30fe5d853b
Signed-off-by: xwx1135370 <xuyao44@huawei.com>
2024-04-16 18:57:55 +08:00
openharmony_ci
bc9c2db43a
!50 【轻量级 PR】:update bundle.json.
...
Merge pull request !50 from yisi/N/A
2024-03-14 10:14:48 +00:00
yisi
f3a447b51d
update bundle.json.
...
Signed-off-by: yisi <1584489760@qq.com>
2023-12-14 06:41:04 +00:00
openharmony_ci
324820d386
!49 Enable cross-compilation with MinGW-w64 on Linux
...
Merge pull request !49 from hongbinj/cross-compile-mingw
2023-07-14 03:07:45 +00:00
hongbinj
5462c7cb51
Enable cross-compilation with MinGW-w64 on Linux
...
Issue: https://gitee.com/openharmony/third_party_python/issues/I7JN4B
Signed-off-by: hongbinj <jinhongbin2@huawei.com>
2023-07-08 16:03:54 +08:00
openharmony_ci
a6b93bfc45
!47 【OpenHarmony-Master】 CVE-2023-24329
...
Merge pull request !47 from lwx1153805/lsn_third_party_0324
2023-04-07 08:41:31 +00:00
xwx1135370
06dbc764e1
Title: fix bug CVE-2023-24329
...
Description: fix bug CVE-2023-24329
Issue: https://gitee.com/openharmony/third_party_python/issues/I6I7UL?from=project-issue
Signed-off-by: xwx1135370 <xuyao44@huawei.com>
2023-03-24 10:20:10 +08:00
openharmony_ci
6970e49eac
!38 python-3.10漏洞升级 CVE-2021-3177
...
Merge pull request !38 from lsn1028/lsn_python_I65Q7F
2022-12-30 06:45:25 +00:00
lsn1028
d5f15bb5db
Descriptor: python-3.10 fix bug CVE-2021-3177
...
issue:https://gitee.com/openharmony/third_party_python/issues/I65Q7F?from=project-issue
Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-12-30 11:42:01 +08:00
openharmony_ci
e7600bd442
!34 python-3.10漏洞升级 CVE-2021-28861
...
Merge pull request !34 from lsn1028/lsn_python_1128_4
2022-11-28 08:37:12 +00:00
openharmony_ci
59807dae0a
!33 python-3.10漏洞升级 CVE-2015-20107
...
Merge pull request !33 from lsn1028/lsn_python_1128_3
2022-11-28 08:34:55 +00:00
openharmony_ci
30cf37f975
!32 python-3.10漏洞升级 CVE-2022-0391
...
Merge pull request !32 from lsn1028/lsn_python_1128_1
2022-11-28 08:18:30 +00:00
lsn1028
60fc7c7945
CVE-2021-28861: Fix an open redirection vulnerability in http.server.
...
Descriptor: python-3.10.2 fix bug CVE-2021-28861
issue:https://gitee.com/openharmony/third_party_python/issues/I6288G?from=project-issue
Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-11-28 11:09:37 +08:00
lsn1028
f832b9206e
CVE-2015-20107: Make mailcap refuse to match unsafe filenames/types/params
...
Descriptor: python-3.10.2 fix bug CVE-2015-20107
issue:https://gitee.com/openharmony/third_party_python/issues/I6288I?from=project-issue
Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-11-28 10:56:57 +08:00
lsn1028
518025bf8b
CVE-2022-0391: Mention urllib.parse changes in Whats new section.
...
Descriptor: python-3.10.2 fix bug CVE-2022-0391
issue:https://gitee.com/openharmony/third_party_python/issues/I628CS?from=project-issue
Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-11-28 09:56:29 +08:00
openharmony_ci
1694710f08
!30 python-3.10漏洞升级 CVE-2022-45061
...
Merge pull request !30 from lsn1028/lsn_python_1122_3
2022-11-23 02:27:17 +00:00
openharmony_ci
75fd6b7e74
!31 python-3.10漏洞升级 CVE-2022-42919
...
Merge pull request !31 from lsn1028/lsn_python_1122_4
2022-11-22 12:17:46 +00:00
openharmony_ci
59557e335c
!28 python-3.10漏洞升级 CVE-2022-37454
...
Merge pull request !28 from lsn1028/lsn_python_1122_1
2022-11-22 12:17:08 +00:00
lsn1028
446ac8c140
CVE-2022-42919: Fix quadratic time idna decoding.
...
Descriptor: python-3.10.2 fix bug CVE-2022-42919
issue:https://gitee.com/openharmony/third_party_python/issues/I62CMH?from=project-issue
Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-11-22 14:58:17 +08:00
lsn1028
7ee22286c9
CVE-2022-45061: Fix quadratic time idna decoding.
...
Descriptor: python-3.10.2 fix bug CVE-2022-45061
issue:https://gitee.com/openharmony/third_party_python/issues/I62CMW?from=project-issue
Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-11-22 14:43:16 +08:00
lsn1028
337d60df8f
CVE-2022-37454: Fix buffer overflows in _sha3 module
...
Descriptor: python-3.10.2 fix bug CVE-2022-37454
issue:https://gitee.com/openharmony/third_party_python/issues/I62CI2?from=project-issue
Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-11-22 11:17:03 +08:00
openharmony_ci
4d5303825a
!27 新增python源码的编译构建说明文件
...
Merge pull request !27 from lsn1028/lsn_1115
2022-11-16 07:39:28 +00:00
lsn1028
c497010a1e
Descriptor: add the description document about python building
...
issue: https://gitee.com/openharmony/third_party_python/issues/I615R5
Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-11-15 10:51:09 +08:00
openharmony_ci
14daaff21b
!25 python-3.10漏洞升级
...
Merge pull request !25 from lsn1028/0930_1
2022-10-24 02:07:10 +00:00
lwx1153805
a10fcf39bc
CVE-2020-10735: Prevent DoS by very large int()
...
Descriptor: python fix bug CVE-2020-10735
issue:https://gitee.com/openharmony/third_party_python/issues/I5U0JW?from=project-issue
Signed-off-by: lwx1153805 <longshining2@huawei.com>
2022-09-30 16:37:30 +08:00
openharmony_ci
25a28c6c37
!16 python版本的升级
...
Merge pull request !16 from oumen_gitee/oumeng_20220630_3.10.2
2022-07-04 13:39:23 +00:00
openharmony_ci
db682142a9
Upgrade Python version
2022-07-04 19:10:09 +08:00