Message ID | 20240826210228.57853-1-peter@korsgaard.com |
---|---|
State | Accepted |
Headers | show |
Series | package/python3: security bump to version 3.12.5 | expand |
On Mon, 26 Aug 2024 23:02:28 +0200 Peter Korsgaard <peter@korsgaard.com> wrote: > Fixes the following security issues: > > - gh-121957: Fixed missing audit events around interactive use of Python, > now also properly firing for python -i, as well as for python -m asyncio. > The event in question is cpython.run_stdin. > > https://github.com/python/cpython/issues/121957 > > For more details, see the changelog: > > https://docs.python.org/release/3.12.5/whatsnew/changelog.html#python-3-12-5 > > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> > --- > package/python3/python3.hash | 6 +++--- > package/python3/python3.mk | 2 +- > 2 files changed, 4 insertions(+), 4 deletions(-) Applied to master, thanks. Thomas
diff --git a/package/python3/python3.hash b/package/python3/python3.hash index 598164dca6..d680a96810 100644 --- a/package/python3/python3.hash +++ b/package/python3/python3.hash @@ -1,5 +1,5 @@ -# From https://www.python.org/downloads/release/python-3123/ -md5 d68f25193eec491eb54bc2ea664a05bd Python-3.12.4.tar.xz +# From https://www.python.org/downloads/release/python-3125/ +md5 02c7d269e077f4034963bba6befdc715 Python-3.12.5.tar.xz # Locally computed -sha256 f6d419a6d8743ab26700801b4908d26d97e8b986e14f95de31b32de2b0e79554 Python-3.12.4.tar.xz +sha256 fa8a2e12c5e620b09f53e65bcd87550d2e5a1e2e04bf8ba991dcc55113876397 Python-3.12.5.tar.xz sha256 3b2f81fe21d181c499c59a256c8e1968455d6689d269aa85373bfb6af41da3bf LICENSE diff --git a/package/python3/python3.mk b/package/python3/python3.mk index 7d6c9fe93f..b31e6df141 100644 --- a/package/python3/python3.mk +++ b/package/python3/python3.mk @@ -5,7 +5,7 @@ ################################################################################ PYTHON3_VERSION_MAJOR = 3.12 -PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).4 +PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).5 PYTHON3_SOURCE = Python-$(PYTHON3_VERSION).tar.xz PYTHON3_SITE = https://python.org/ftp/python/$(PYTHON3_VERSION) PYTHON3_LICENSE = Python-2.0, others
Fixes the following security issues: - gh-121957: Fixed missing audit events around interactive use of Python, now also properly firing for python -i, as well as for python -m asyncio. The event in question is cpython.run_stdin. https://github.com/python/cpython/issues/121957 For more details, see the changelog: https://docs.python.org/release/3.12.5/whatsnew/changelog.html#python-3-12-5 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- package/python3/python3.hash | 6 +++--- package/python3/python3.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)