projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 24729c8)
package/python-py: security bump to version 1.10.0
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Mon, 5 Apr 2021 17:30:27 +0000 (19:30 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Tue, 6 Apr 2021 07:33:50 +0000 (09:33 +0200)
Fix CVE-2020-29651: A denial of service via regular expression in the
py.path.svnwc component of py (aka python-py) through 1.9.0 could be
used by attackers to cause a compute-time denial of service attack by
supplying malicious input to the blame functionality.

Add py/_vendored_packages/iniconfig-1.1.1.dist-info/LICENSE (MIT) which
has been added with
https://github.com/pytest-dev/py/commit/94cf44fd41d957eb50773d3e4fb54e931836779e

https://github.com/pytest-dev/py/blob/1.10.0/CHANGELOG.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/python-py/python-py.hash patch | blob | history
package/python-py/python-py.mk patch | blob | history

diff --git a/package/python-py/python-py.hash b/package/python-py/python-py.hash
index 98e16fd97ba895e9c89ce55821f269701cb63f01..2d9928f3768d40b4c1570dc6e6d158811d4a4fd6 100644 (file)
--- a/package/python-py/python-py.hash
+++ b/package/python-py/python-py.hash
@@ -1,5 +1,6 @@
 # md5, sha256 from https://pypi.org/pypi/py/json
-md5  b80db4e61eef724f49feb4d20b649e62  py-1.9.0.tar.gz
-sha256  9ca6883ce56b4e8da7e79ac18787889fa5206c79dcc67fb065376cd2fe03f342  py-1.9.0.tar.gz
+md5  5f108bfe00d5468cbdb8071051f86a55  py-1.10.0.tar.gz
+sha256  21b81bda15b66ef5e1a777a21c4dcd9c20ad3efd0b3f817e7a809035269e1bd3  py-1.10.0.tar.gz
 # Locally computed sha256 checksums
 sha256  2af680c39ef493fb82830356d1d3df1acb5a06033cba2dec7a19e21caa77a866  LICENSE
+sha256  2af680c39ef493fb82830356d1d3df1acb5a06033cba2dec7a19e21caa77a866  py/_vendored_packages/iniconfig-1.1.1.dist-info/LICENSE
diff --git a/package/python-py/python-py.mk b/package/python-py/python-py.mk
index 2e9d18ab1adf8609b505234dd45c7fb6fc1aeb2b..d8cb6fa544f28c092fc7ac9ba715977b83dff2b7 100644 (file)
--- a/package/python-py/python-py.mk
+++ b/package/python-py/python-py.mk
@@ -4,13 +4,13 @@
 #
 ################################################################################
 
-PYTHON_PY_VERSION = 1.9.0
+PYTHON_PY_VERSION = 1.10.0
 PYTHON_PY_SOURCE = py-$(PYTHON_PY_VERSION).tar.gz
-PYTHON_PY_SITE = https://files.pythonhosted.org/packages/97/a6/ab9183fe08f69a53d06ac0ee8432bc0ffbb3989c575cc69b73a0229a9a99
+PYTHON_PY_SITE = https://files.pythonhosted.org/packages/0d/8c/50e9f3999419bb7d9639c37e83fa9cdcf0f601a9d407162d6c37ad60be71
 PYTHON_PY_DEPENDENCIES = host-python-setuptools-scm
 PYTHON_PY_SETUP_TYPE = setuptools
 PYTHON_PY_LICENSE = MIT
-PYTHON_PY_LICENSE_FILES = LICENSE
+PYTHON_PY_LICENSE_FILES = LICENSE py/_vendored_packages/iniconfig-1.1.1.dist-info/LICENSE
 PYTHON_PY_CPE_ID_VENDOR = pytest
 PYTHON_PY_CPE_ID_PRODUCT = py