From 3491f34d9ed97ac5980ff4a450367914b6985ff1 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sun, 19 Sep 2021 21:37:11 +0200 Subject: [PATCH] package/python-pip: security bump to version 21.2.4 - SECURITY: Stop splitting on unicode separators in git references, which could be maliciously used to install a different revision on the repository. (#9827) - Update hash of LICENSE.txt (update in year) - Update indentation in hash file (two spaces) https://pip.pypa.io/en/stable/news/#v21-2-4 Signed-off-by: Fabrice Fontaine Signed-off-by: Arnout Vandecappelle (Essensium/Mind) --- package/python-pip/python-pip.hash | 6 +++--- package/python-pip/python-pip.mk | 4 ++-- package/python3-pip/python3-pip.mk | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package/python-pip/python-pip.hash b/package/python-pip/python-pip.hash index 58bc239154..69214110f8 100644 --- a/package/python-pip/python-pip.hash +++ b/package/python-pip/python-pip.hash @@ -1,5 +1,5 @@ # md5, sha256 from https://pypi.org/pypi/pip/json -md5 7d42ba49b809604f0df3d55df1c3fd86 pip-20.0.2.tar.gz -sha256 7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f pip-20.0.2.tar.gz +md5 efbdb4201a5e6383fb4d12e26f78f355 pip-21.2.4.tar.gz +sha256 0eb8a1516c3d138ae8689c0c1a60fde7143310832f9dc77e11d8a4bc62de193b pip-21.2.4.tar.gz # Locally computed sha256 checksums -sha256 5ba21fbb0964f936ad7d15362d1ed6d4931cc8c8f9ff2d4d91190e109be74431 LICENSE.txt +sha256 23a7361c2b1581028bc623b9da2bd24997abcaa4781ace6ad444a37944f8dae1 LICENSE.txt diff --git a/package/python-pip/python-pip.mk b/package/python-pip/python-pip.mk index 71f76e2842..ba7134e235 100644 --- a/package/python-pip/python-pip.mk +++ b/package/python-pip/python-pip.mk @@ -5,9 +5,9 @@ ################################################################################ # Please keep in sync with package/python3-pip/python3-pip.mk -PYTHON_PIP_VERSION = 20.0.2 +PYTHON_PIP_VERSION = 21.2.4 PYTHON_PIP_SOURCE = pip-$(PYTHON_PIP_VERSION).tar.gz -PYTHON_PIP_SITE = https://files.pythonhosted.org/packages/8e/76/66066b7bc71817238924c7e4b448abdb17eb0c92d645769c223f9ace478f +PYTHON_PIP_SITE = https://files.pythonhosted.org/packages/52/e1/06c018197d8151383f66ebf6979d951995cf495629fc54149491f5d157d0 PYTHON_PIP_SETUP_TYPE = setuptools PYTHON_PIP_LICENSE = MIT PYTHON_PIP_LICENSE_FILES = LICENSE.txt diff --git a/package/python3-pip/python3-pip.mk b/package/python3-pip/python3-pip.mk index 58e3c06c39..5e20b06865 100644 --- a/package/python3-pip/python3-pip.mk +++ b/package/python3-pip/python3-pip.mk @@ -5,9 +5,9 @@ ################################################################################ # Please keep in sync with package/python-pip/python-pip.mk -PYTHON3_PIP_VERSION = 20.0.2 +PYTHON3_PIP_VERSION = 21.2.4 PYTHON3_PIP_SOURCE = pip-$(PYTHON_PIP_VERSION).tar.gz -PYTHON3_PIP_SITE = https://files.pythonhosted.org/packages/8e/76/66066b7bc71817238924c7e4b448abdb17eb0c92d645769c223f9ace478f +PYTHON3_PIP_SITE = https://files.pythonhosted.org/packages/52/e1/06c018197d8151383f66ebf6979d951995cf495629fc54149491f5d157d0 PYTHON3_PIP_SETUP_TYPE = setuptools PYTHON3_PIP_LICENSE = MIT PYTHON3_PIP_LICENSE_FILES = LICENSE.txt -- 2.30.2