]> git.ipfire.org Git - thirdparty/Python/cpython.git/commitdiff
projects / thirdparty / Python / cpython.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 101a1be)
bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and...
authorSteve Dower <steve.dower@python.org>
Mon, 7 Mar 2022 20:11:25 +0000 (20:11 +0000)
committerGitHub <noreply@github.com>
Mon, 7 Mar 2022 20:11:25 +0000 (20:11 +0000)
Misc/NEWS.d/next/Windows/2022-03-07-17-46-40.bpo-44549.SPrGS9.rst [new file with mode: 0644] patch | blob
PCbuild/get_externals.bat patch | blob | blame | history
PCbuild/python.props patch | blob | blame | history
PCbuild/readme.txt patch | blob | blame | history

diff --git a/Misc/NEWS.d/next/Windows/2022-03-07-17-46-40.bpo-44549.SPrGS9.rst b/Misc/NEWS.d/next/Windows/2022-03-07-17-46-40.bpo-44549.SPrGS9.rst
new file mode 100644 (file)
index 0000000..0f1ef9a
--- /dev/null
+++ b/Misc/NEWS.d/next/Windows/2022-03-07-17-46-40.bpo-44549.SPrGS9.rst
@@ -0,0 +1,2 @@
+Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and
+CVE-2019-12900
diff --git a/PCbuild/get_externals.bat b/PCbuild/get_externals.bat
index accc464f7c2049425b16825187bd26cd936b0a3a..462e0db361d0985ba3f8bf4c78a2e6cb07d6ee08 100644 (file)
--- a/PCbuild/get_externals.bat
+++ b/PCbuild/get_externals.bat
@@ -51,7 +51,7 @@ if NOT DEFINED PYTHON (
 echo.Fetching external libraries...
 
 set libraries=
-set libraries=%libraries%                                       bzip2-1.0.6
+set libraries=%libraries%                                       bzip2-1.0.8
 if NOT "%IncludeLibffiSrc%"=="false" set libraries=%libraries%  libffi-3.3.0
 if NOT "%IncludeSSLSrc%"=="false" set libraries=%libraries%     openssl-1.1.1m
 set libraries=%libraries%                                       sqlite-3.37.2.0
diff --git a/PCbuild/python.props b/PCbuild/python.props
index 99d448fc1da95b7e4a5e8a8998a7d4ae1568aaa6..eddb65879d3ab48b5cc39733ed8b7733c4f27bf1 100644 (file)
--- a/PCbuild/python.props
+++ b/PCbuild/python.props
@@ -58,7 +58,7 @@
     <ExternalsDir Condition="$(ExternalsDir) == ''">$([System.IO.Path]::GetFullPath(`$(PySourcePath)externals`))</ExternalsDir>
     <ExternalsDir Condition="!HasTrailingSlash($(ExternalsDir))">$(ExternalsDir)\</ExternalsDir>
     <sqlite3Dir>$(ExternalsDir)sqlite-3.37.2.0\</sqlite3Dir>
-    <bz2Dir>$(ExternalsDir)bzip2-1.0.6\</bz2Dir>
+    <bz2Dir>$(ExternalsDir)bzip2-1.0.8\</bz2Dir>
     <lzmaDir>$(ExternalsDir)xz-5.2.2\</lzmaDir>
     <libffiDir>$(ExternalsDir)libffi-3.3.0\</libffiDir>
     <libffiOutDir>$(ExternalsDir)libffi-3.3.0\$(ArchName)\</libffiOutDir>
diff --git a/PCbuild/readme.txt b/PCbuild/readme.txt
index b53696f00835e5ff298cec59c6a292c9e28da666..e8a973c16789523086f3755e4e841939cfd67bc1 100644 (file)
--- a/PCbuild/readme.txt
+++ b/PCbuild/readme.txt
@@ -158,7 +158,7 @@ interpreter, but they do implement several major features.  See the
 about getting the source for building these libraries.  The sub-projects
 are:
 _bz2
-    Python wrapper for version 1.0.6 of the libbzip2 compression library
+    Python wrapper for version 1.0.8 of the libbzip2 compression library
     Homepage:
         http://www.bzip.org/
 _lzma
Mirror of https://github.com/python/cpython.git