Commit Graph

70 Commits

Author SHA1 Message Date
Jason R. Coombs
f3518981c3 [3.10] [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906) (GH-122925)
* gh-122905: Sanitize names in zipfile.Path. (GH-122906)

Ported from zipp 3.19.1; ref jaraco/zippGH-119.

(cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932)

* [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906)

Ported from zipp 3.19.1; ref jaraco/zippGH-119.
(cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932)

(cherry picked from commit 795f2597a4be988e2bb19b69ff9958e981cb894e)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>

Signed-off-by: luming <luming29@huawei.com>
2024-08-28 11:08:18 +08:00
luming
f21abd60e2 [Bug/Vuln]: CVE-2024-0397
issueNo: https://gitee.com/openharmony/third_party_python/issues/IALCQQ
Signed-off-by: luming <luming29@huawei.com>
2024-08-21 08:29:15 +08:00
luming
c690258bcf [Bug/Vuln]: CVE-2024-0397
IssueNo: https://gitee.com/openharmony/third_party_python/issues/IAL2JIgi

Signed-off-by: luming <luming29@huawei.com>
2024-08-20 22:16:28 +08:00
openharmony_ci
c7b810a9be
!64 Python/fileutils.c diff update
Merge pull request !64 from HsuYao/master
2024-07-16 03:28:30 +00:00
xwx1135370
084de15af8 Python/fileutils.c patch update
issue:https://gitee.com/openharmony/third_party_python/issues/IACDNR

Signed-off-by: xwx1135370 <xuyao44@huawei.com>
2024-07-12 15:54:48 +08:00
openharmony_ci
67f55081a9
!63 [安全问题]: CVE-2024-0450/CVE-2023-6597/CVE-2023-40217
Merge pull request !63 from Luming/master
2024-07-11 08:21:24 +00:00
Łukasz Langa
9069acd1ac [CVE-2023-40217] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw
Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake
and included protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.

The vulnerability is caused when a socket is connected, data is sent by the
malicious peer and stored in a buffer, and then the malicious peer closes the
socket within a small timing window before the other peers’ TLS handshake can
begin. After this sequence of events the closed socket will not immediately
attempt a TLS handshake due to not being connected but will also allow the
buffered data to be read as if a successful TLS handshake had occurred.

Co-Authored-By: Gregory P. Smith [Google LLC] <greg@krypto.org>

Signed-off-by: luming <luming29@huawei.com>
2024-07-10 21:59:05 +08:00
Serhiy Storchaka
c3fdefb08f [CVE-2023-6597][3.11] gh-91133: tempfile.TemporaryDirectory: fix symlink bug in cleanup (GH-99930) (GH-112839)
(cherry picked from commit 81c16cd94ec38d61aa478b9a452436dc3b1b524d)

Co-authored-by: Søren Løvborg <sorenl@unity3d.com>

Signed-off-by: luming <luming29@huawei.com>
2024-07-10 21:49:14 +08:00
Serhiy Storchaka
b6736edd2e [CVE-2024-0450] gh-109858: Protect zipfile from "quoted-overlap" zipbomb (GH-110016)
Raise BadZipFile when try to read an entry that overlaps with other entry or
central directory.
(cherry picked from commit 66363b9a7b9fe7c99eba3a185b74c5fdbf842eba)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

Signed-off-by: luming <luming29@huawei.com>
2024-07-10 21:33:18 +08:00
openharmony_ci
d63203ba37
!61 [新需求]: Enable cross-compilation with MinGW-w64
Merge pull request !61 from HsuYao/master
2024-07-09 12:07:21 +00:00
openharmony_ci
d95b6d00e7
!60 [安全问题]: CVE-2023-41105
Merge pull request !60 from Luming/master
2024-07-05 08:32:19 +00:00
xwx1135370
5057639b3f X[新需求]: Enable cross-compilation with MinGW-w64
issue: https://gitee.com/openharmony/third_party_python/issues/IA9LEK?from=project-issue

Signed-off-by: xwx1135370 <xuyao44@huawei.com>
2024-07-03 10:50:11 +08:00
luming
afd697d5af [Bug/Vulnerability] CVE-2023-41105
issue: https://gitee.com/openharmony/third_party_python/issues/IA9IEH
Signed-off-by: luming <luming29@huawei.com>
2024-07-01 11:28:40 +08:00
openharmony_ci
1b8cea4ef2
!59 更新python3.11.4
Merge pull request !59 from flying/master
2024-07-01 01:55:41 +00:00
flying
68041e537a update python3.11.4
Signed-off-by: flying <pengmengjie1@huawei.com>
2024-06-18 14:50:14 +08:00
openharmony_ci
4a73927c3e
!58 python版本升级到3.11.4
Merge pull request !58 from flying/master
2024-06-13 06:16:42 +00:00
flying
bd6c2daf54
update README.OpenSource.
Signed-off-by: flying <pengmengjie1@huawei.com>
2024-06-13 02:13:14 +00:00
flying
0a53acf28f update python
Signed-off-by: flying <pengmengjie1@huawei.com>
2024-05-28 09:30:42 +08:00
openharmony_ci
2689cd31d3
!55 Cross-compilation capability for OHOS system support
Merge pull request !55 from liujia178/I9GMT2
2024-04-30 12:26:44 +00:00
liujia178
359116017b Cross-compilation capability for OHOS system support.
Issue: https://gitee.com/openharmony/third_party_llvm-project/issues/I9GMT2

Signed-off-by: liujia178 <liujia178@huawei.com>
Change-Id: Ie6a4c36fa0227cc0adf46c7d351694d7b9ce6b9a
2024-04-29 17:34:26 +08:00
openharmony_ci
3e50c19fd3
!53 【安全问题】:【漏洞】CVE-2023-6597
Merge pull request !53 from HsuYao/CVE-2023-6597
2024-04-19 08:40:37 +00:00
openharmony_ci
3d4153e021
!51 [安全问题]: 【漏洞】CVE-2024-0450
Merge pull request !51 from HsuYao/master
2024-04-19 08:31:46 +00:00
xwx1135370
e8181323c6 【安全问题】:【漏洞】CVE-2023-6597
issue:https://gitee.com/openharmony/third_party_python/issues/I9H81U?from=project-issue

社区原始PR:02a9259c71

Signed-off-by: xwx1135370 <xuyao44@huawei.com>
2024-04-17 09:34:24 +08:00
xwx1135370
37dbbd43e1 [安全问题]: 【漏洞】CVE-2024-0450
issue:https://gitee.com/openharmony/third_party_python/issues/I9H80L?from=project-issue

社区原始PR:30fe5d853b

Signed-off-by: xwx1135370 <xuyao44@huawei.com>
2024-04-16 18:57:55 +08:00
openharmony_ci
bc9c2db43a
!50 【轻量级 PR】:update bundle.json.
Merge pull request !50 from yisi/N/A
2024-03-14 10:14:48 +00:00
yisi
f3a447b51d
update bundle.json.
Signed-off-by: yisi <1584489760@qq.com>
2023-12-14 06:41:04 +00:00
openharmony_ci
324820d386
!49 Enable cross-compilation with MinGW-w64 on Linux
Merge pull request !49 from hongbinj/cross-compile-mingw
2023-07-14 03:07:45 +00:00
hongbinj
5462c7cb51 Enable cross-compilation with MinGW-w64 on Linux
Issue: https://gitee.com/openharmony/third_party_python/issues/I7JN4B

Signed-off-by: hongbinj <jinhongbin2@huawei.com>
2023-07-08 16:03:54 +08:00
openharmony_ci
a6b93bfc45
!47 【OpenHarmony-Master】 CVE-2023-24329
Merge pull request !47 from lwx1153805/lsn_third_party_0324
2023-04-07 08:41:31 +00:00
xwx1135370
06dbc764e1 Title: fix bug CVE-2023-24329
Description: fix bug CVE-2023-24329

Issue: https://gitee.com/openharmony/third_party_python/issues/I6I7UL?from=project-issue

Signed-off-by: xwx1135370 <xuyao44@huawei.com>
2023-03-24 10:20:10 +08:00
openharmony_ci
6970e49eac
!38 python-3.10漏洞升级 CVE-2021-3177
Merge pull request !38 from lsn1028/lsn_python_I65Q7F
2022-12-30 06:45:25 +00:00
lsn1028
d5f15bb5db Descriptor: python-3.10 fix bug CVE-2021-3177
issue:https://gitee.com/openharmony/third_party_python/issues/I65Q7F?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-12-30 11:42:01 +08:00
openharmony_ci
e7600bd442
!34 python-3.10漏洞升级 CVE-2021-28861
Merge pull request !34 from lsn1028/lsn_python_1128_4
2022-11-28 08:37:12 +00:00
openharmony_ci
59807dae0a
!33 python-3.10漏洞升级 CVE-2015-20107
Merge pull request !33 from lsn1028/lsn_python_1128_3
2022-11-28 08:34:55 +00:00
openharmony_ci
30cf37f975
!32 python-3.10漏洞升级 CVE-2022-0391
Merge pull request !32 from lsn1028/lsn_python_1128_1
2022-11-28 08:18:30 +00:00
lsn1028
60fc7c7945 CVE-2021-28861: Fix an open redirection vulnerability in http.server.
Descriptor: python-3.10.2 fix bug CVE-2021-28861
issue:https://gitee.com/openharmony/third_party_python/issues/I6288G?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-11-28 11:09:37 +08:00
lsn1028
f832b9206e CVE-2015-20107: Make mailcap refuse to match unsafe filenames/types/params
Descriptor: python-3.10.2 fix bug CVE-2015-20107
issue:https://gitee.com/openharmony/third_party_python/issues/I6288I?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-11-28 10:56:57 +08:00
lsn1028
518025bf8b CVE-2022-0391: Mention urllib.parse changes in Whats new section.
Descriptor: python-3.10.2 fix bug CVE-2022-0391
issue:https://gitee.com/openharmony/third_party_python/issues/I628CS?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-11-28 09:56:29 +08:00
openharmony_ci
1694710f08
!30 python-3.10漏洞升级 CVE-2022-45061
Merge pull request !30 from lsn1028/lsn_python_1122_3
2022-11-23 02:27:17 +00:00
openharmony_ci
75fd6b7e74
!31 python-3.10漏洞升级 CVE-2022-42919
Merge pull request !31 from lsn1028/lsn_python_1122_4
2022-11-22 12:17:46 +00:00
openharmony_ci
59557e335c
!28 python-3.10漏洞升级 CVE-2022-37454
Merge pull request !28 from lsn1028/lsn_python_1122_1
2022-11-22 12:17:08 +00:00
lsn1028
446ac8c140 CVE-2022-42919: Fix quadratic time idna decoding.
Descriptor: python-3.10.2 fix bug CVE-2022-42919
issue:https://gitee.com/openharmony/third_party_python/issues/I62CMH?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-11-22 14:58:17 +08:00
lsn1028
7ee22286c9 CVE-2022-45061: Fix quadratic time idna decoding.
Descriptor: python-3.10.2 fix bug CVE-2022-45061
issue:https://gitee.com/openharmony/third_party_python/issues/I62CMW?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-11-22 14:43:16 +08:00
lsn1028
337d60df8f CVE-2022-37454: Fix buffer overflows in _sha3 module
Descriptor: python-3.10.2 fix bug CVE-2022-37454
issue:https://gitee.com/openharmony/third_party_python/issues/I62CI2?from=project-issue

Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-11-22 11:17:03 +08:00
openharmony_ci
4d5303825a
!27 新增python源码的编译构建说明文件
Merge pull request !27 from lsn1028/lsn_1115
2022-11-16 07:39:28 +00:00
lsn1028
c497010a1e Descriptor: add the description document about python building
issue: https://gitee.com/openharmony/third_party_python/issues/I615R5

Signed-off-by: lsn1028 <longshining2@huawei.com>
2022-11-15 10:51:09 +08:00
openharmony_ci
14daaff21b
!25 python-3.10漏洞升级
Merge pull request !25 from lsn1028/0930_1
2022-10-24 02:07:10 +00:00
lwx1153805
a10fcf39bc CVE-2020-10735: Prevent DoS by very large int()
Descriptor: python fix bug CVE-2020-10735
issue:https://gitee.com/openharmony/third_party_python/issues/I5U0JW?from=project-issue

Signed-off-by: lwx1153805 <longshining2@huawei.com>
2022-09-30 16:37:30 +08:00
openharmony_ci
25a28c6c37
!16 python版本的升级
Merge pull request !16 from oumen_gitee/oumeng_20220630_3.10.2
2022-07-04 13:39:23 +00:00
openharmony_ci
db682142a9 Upgrade Python version 2022-07-04 19:10:09 +08:00