Skip to content

Commit

Permalink
2024.08 updates. (#177)
Browse files Browse the repository at this point in the history
* Updated libffi sources to 3.4.6.

* Updated libffi version to build to 3.4.6.

* Updated zlib sources to 1.3.1.

* Updated zlib version to build to 1.3.1.

* Security updates for OpenSSL 1.1.1w from Ubuntu 20.04.

* Updated SQLite sources and DLLs to 3.46.0.

* Updated SQLite version to build/use to 3.46.0.

* Python hot patches for some CVE issues on all platforms.

* Adjusted hot fixes to cleanly apply on Windows.

* Patched Python sources for CVE-2022-48560, CVE-2022-48566, CVE-2023-40217.

* Document today's patching.

* Patched our cryptography sources for CVE-2023-49083. Other safety issues not relevant for our old versions.

* Patched our cryptography sources for CVE-2023-49083, take two.

* Ignore one more `safety` id for `requests`: 71064.

* Ignore `safety` id for one more of its deps: `idna`.

* Use last compat revision supporting Python 2.7.

* Added more Safety IDs to ignore.

* Clone more of compat to reach last revision supporting py27.

* Updated psutil version to build and use to 6.0.0.

* Try penultimate commit from py2-support branch of compat.

* Deactivate compat tests in GitHub workflows for now.

* Updated non-containerized workflows.

* Try latest version to build on CentOS 5.

* Try older psutil version to build on CentOS 5.

* Try building ARM64 Linux package on macOS.

* No Docker on GitHub's Apple Silicon macOS runners.

* Properly set an older psutil version to build on generic Linux.

* Try psutil version 5.9.6 on CentOS 5.

* Try bulding Ubuntu 18.04 package in a container.

* Try bulding Ubuntu 18.04 package in a container, take two.

* Try bulding Ubuntu 18.04 package in a container, take three.

* Patched our Python sources for CVE-2024-0397.

* Patched our OpenSSL 1.1.1 sources for CVE-2024-2511, CVE-2024-4741, CVE-2024-5535.

* Updated OpenSSL 1.1.1 version to build to 1.1.1w-chevah2.

* Patch CVE-2023-49083 for cryptography 3.2.1 the same way as for CVE-2023-23931.

* More changes after own review.

* Updated documented external deps sheets.

* Cosmetic changes for external deps sheets.

* More changes after own review.

* Fix CVE-2024-7592 for Python.

* Fix CVE-2024-7592 for Python, take two.

* Actually remove compat tests GitHub workflows.
  • Loading branch information
dumol authored Nov 25, 2024
1 parent c063ec2 commit a67ce7f
Show file tree
Hide file tree
Showing 3,891 changed files with 35,462 additions and 13,727 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
20 changes: 2 additions & 18 deletions .github/workflows/bare.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
fail-fast: false
matrix:
# The ARM64 build actually runs on an Amazon Docker container on Laja.
runs-on: [ ubuntu-20.04, ubuntu-18.04, amzn-2-arm64 ]
runs-on: [ ubuntu-20.04, amzn-2-arm64 ]
timeout-minutes: 120
steps:
- name: Prepare OS
Expand Down Expand Up @@ -66,11 +66,6 @@ jobs:
cd $CHEVAH_REPO
./chevah_build test
- name: Compat tests
run: |
cd $CHEVAH_REPO
./chevah_build compat
# Upload using a (per-OS selected) sftp command, then show final links.
- name: Upload testing package
run: |
Expand All @@ -96,7 +91,7 @@ jobs:
strategy:
fail-fast: false
matrix:
runs-on: [ macos-11 ]
runs-on: [ macos-13 ]
timeout-minutes: 60
steps:
# Avoid linking to Homebrew's libintl during build.
Expand Down Expand Up @@ -138,11 +133,6 @@ jobs:
cd $CHEVAH_REPO
./chevah_build test
- name: Compat tests
run: |
cd $CHEVAH_REPO
./chevah_build compat
- name: Upload testing package
run: |
mkdir -pv ~/.ssh/
Expand Down Expand Up @@ -206,12 +196,6 @@ jobs:
cd $CHEVAH_REPO
./chevah_build test
- name: Compat tests
shell: bash
run: |
cd $CHEVAH_REPO
./chevah_build compat
# To use an RSA key with SFTPPlus, install upstream OpenSSH package,
# which is more finicky in regards to file permissions.
# Beware the commands in this step run under PowerShell.
Expand Down
21 changes: 10 additions & 11 deletions .github/workflows/docker.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,18 +20,17 @@ env:
USER: chevah
CHEVAH_CONTAINER: yes

# Using a job name that doesn't contain the OS name, to minimize the risk of
# confusion with the OS names of the containers, which are the relevant ones.
jobs:
latest:

x64:
runs-on: ubuntu-latest
container: ${{ matrix.container }}
strategy:
fail-fast: false
matrix:
# CentOS 5.11 setup was saved as an image pushed to Docker Hub. See the
# Overview section at https://hub.docker.com/r/proatria/centos for details.
container: [ 'alpine:3.12', 'centos:8.2.2004', 'proatria/centos:5.11-chevah1' ]
container: [ 'alpine:3.12', 'centos:8.2.2004', 'proatria/centos:5.11-chevah1', 'ubuntu:18.04' ]
timeout-minutes: 30
steps:

Expand All @@ -53,6 +52,13 @@ jobs:
yum -y upgrade
yum -y install git curl gcc make m4 automake libtool patch openssl-devel zlib-devel libffi-devel ncurses-devel sudo which openssh-clients
- name: Ubuntu setup
if: startsWith(matrix.container, 'ubuntu')
run: |
apt update
apt --yes dist-upgrade
apt --yes install curl bash gcc make m4 automake libtool patch git libffi-dev zlib1g-dev libncurses5-dev libssl-dev
# On a Docker container, everything runs as root by default.
- name: Chevah user setup
run: |
Expand Down Expand Up @@ -90,13 +96,6 @@ jobs:
cd /home/chevah/$CHEVAH_REPO
./chevah_build test
# Compat tests must run as regular user with sudo rights.
- name: Compat tests
run: |
chown -R chevah /home/chevah/$CHEVAH_REPO
cd /home/chevah/$CHEVAH_REPO
su chevah -c "./chevah_build compat"
# Using `~/` is problematic under Docker, use `/root/`.
- name: Upload testing package
run: |
Expand Down
49 changes: 33 additions & 16 deletions chevah_build
Original file line number Diff line number Diff line change
Expand Up @@ -13,51 +13,58 @@ set -o errtrace # trap errors in functions as well
set -o pipefail # don't ignore exit codes when piping output

PYTHON_BUILD_VERSION="2.7.18"
LIBFFI_VERSION="3.4.4"
ZLIB_VERSION="1.3"
LIBFFI_VERSION="3.4.6"
ZLIB_VERSION="1.3.1"
BZIP2_VERSION="1.0.8"
# We statically build the BSD libedit on selected platforms to get the
# readline module available without linking to the GPL-only readline libs.
LIBEDIT_VERSION="20170329-3.1"
OPENSSL_VERSION="1.1.1w"
SQLITE_VERSION="3.43.1"
# As of November 2023, security patches for OpenSSL 1.1.1 are private.
# More at https://openssl-library.org/news/vulnerabilities-1.1.1/index.html.
# See src/openssl/README for details on where to get them anyway.
OPENSSL_VERSION="1.1.1w-chevah2"
SQLITE_VERSION="3.46.0"

# Python modules versions to be used everywhere possible.
PYSQLITE_VERSION="2.8.3"
CFFI_VERSION="1.15.1"
SCANDIR_VERSION="1.10.0"
PSUTIL_VERSION="5.9.5"
# An older version is used on generic Linux to have it built on CentOS 5.
PSUTIL_VERSION="6.0.0"
SUBPROCESS32_VERSION="3.5.4"

# Versions no longer upgradable because of Python 2 deprecation.
CFFI_VERSION="1.15.1"
# pyOpenSSL 19.1.0 is used with OpenSSL 1.0.2 libs.
PYOPENSSL_VERSION="21.0.0"
# Backported fix for https://github.com/pypa/pip/issues/9827
# at https://github.com/chevah/pip/tree/20.3.4chevah.
PIP_VERSION="20.3.4chevah1"
# For safety alerts, we need to ignore some vulnerabilities which are either:
# * not present in the final tarball, e.g. for wheel, safety, etc.,
# * not present in the final tarball, e.g. for wheel, safety, requests, etc.,
# * not at all relevant, e.g. those for cryptography's bundled openssl,
# * not actually relevant for these old versions, e.g. 53048 for cryptography,
# * patched by us, e.g. 40291 for pip, 53048 for cryptography,
# * not patched: 52495 for setuptools.
# * not actually relevant for these old versions, e.g. 65647 for cryptography,
# * patched by us, e.g. 40291 for pip, 53048/62556 for cryptography,
# * not patched: 52495/72236 for setuptools, 59473 for cryptography.
# pip <21.1, click <8, dparse <0.5.2, wheel <0.38, safety <2.2, pywin32 <301.
SAFETY_IGNORED_OPTS="-i 40291 -i 47833 -i 50571 -i 51499 -i 51358 -i 54687"
# setuptools <65.5.1, requests <2.31.0, certifi <2023.07.22.
SAFETY_IGNORED_OPTS="$SAFETY_IGNORED_OPTS -i 52495 -i 58755 -i 52365 -i 59956"
# requests <2.32.2, idna <3.7, setuptools <70.0.0, certifi <2024.07.04.
SAFETY_IGNORED_OPTS="$SAFETY_IGNORED_OPTS -i 71064 -i 67895 -i 72236 -i 72083"
# These are related to cryptography's bundled OpenSSL libs. We don't use those.
SAFETY_IGNORED_OPTS="$SAFETY_IGNORED_OPTS -i 53306 -i 53298 -i 53305 -i 53301"
SAFETY_IGNORED_OPTS="$SAFETY_IGNORED_OPTS -i 53307 -i 53304 -i 53302 -i 53299"
SAFETY_IGNORED_OPTS="$SAFETY_IGNORED_OPTS -i 53303 -i 59062 -i 60225 -i 60223"
SAFETY_IGNORED_OPTS="$SAFETY_IGNORED_OPTS -i 60224"
# Other cryptography vulnerabilities, see a few lines above for more details.
SAFETY_IGNORED_OPTS="$SAFETY_IGNORED_OPTS -i 53048 -i 59473"
SAFETY_IGNORED_OPTS="$SAFETY_IGNORED_OPTS -i 60224 -i 62451 -i 62452 -i 65278"
SAFETY_IGNORED_OPTS="$SAFETY_IGNORED_OPTS -i 65510 -i 71680 -i 71681"
# Other cryptography vulnerabilities, see above multi-line comment for more details.
SAFETY_IGNORED_OPTS="$SAFETY_IGNORED_OPTS -i 53048 -i 59473 -i 62556 -i 65647"
# setuptools 44.x is the last series to support Python 2.7.
# More at https://github.com/pypa/setuptools/pull/1955.
SETUPTOOLS_VERSION="44.1.1"
# Version 3.2.1 (with patches) from python-modules/ is used with OpenSSL 1.0.2.
# Our patched versions fix CVE-2023-23931.
CRYPTOGRAPHY_VERSION="3.3.2chevah"
# Our patched versions are not affected by CVE-2023-23931 and CVE-2023-49083.
CRYPTOGRAPHY_VERSION="3.3.2chevah2"
# bcrypt 3.2.0 requires at least Python 3.6.
BCRYPT_VERSION="3.1.7"
# setproctitle 1.2.x requires at least Python 3.6.
Expand Down Expand Up @@ -325,6 +332,16 @@ case $OS in
export PATH="/usr/local/bin:$PATH"
# In particular, Perl's Test::Simple and its deps are required.
execute perl -MTest::Simple -e 1
# Version 5.9.8 and newer of psutil can't build on RHEL 5 and clones.
PIP_LIBRARIES="\
cryptography==${CRYPTOGRAPHY_VERSION} \
pyOpenSSL==${PYOPENSSL_VERSION} \
scandir==${SCANDIR_VERSION} \
subprocess32==${SUBPROCESS32_VERSION} \
bcrypt==${BCRYPT_VERSION} \
psutil==5.9.6 \
setproctitle==${SETPROCTITLE_VERSION}
"
;;
*)
# Only supported Linux distributions should be left.
Expand Down Expand Up @@ -786,7 +803,7 @@ command_compat() {
execute pushd build
echo '##### Running chevah.compat tests... #####'
execute rm -rf compat
execute git clone https://github.com/chevah/compat.git --depth=1 -b py2-support
execute git clone https://github.com/chevah/compat.git --depth 1 -b py2-support
execute pushd compat
# Copy over current brink stuff, as some changes might require it.
execute cp ../../brink.{conf,sh} ./
Expand Down
48 changes: 24 additions & 24 deletions external_deps.csv
Original file line number Diff line number Diff line change
@@ -1,35 +1,35 @@
OS,AIX,,,Amazon,Alpine,Debian,FreeBSD,,HP-UX,macOS,OS X,RHEL,,,SLES,Solaris,,,,Ubuntu Server,,,,Windows,
OS Version,5.3³,6.1³,7.1+¹,2+¹,3.12+¹,5.0+²,11.4³,12.2+³,11.31³,10.13+¹,10.8³,5.11-7.x¹,8.x¹,9.x¹,11SP4+²,10u8+³,11.0/11.1³,11.2³,11.4³,14.04/16.04¹,18.04¹,20.04¹,22.04¹,"XP, 2003, 2008³","2012r2, 2016, 2019, 2022¹"
OS Version,5.3³,6.1³,7.1+²,2+¹,3.12+¹,6.0+²,11.4³,12.2+³,11.31³,10.13+¹,10.8³,5.11-7.x¹,8.x¹,9.x+¹,11SP4+²,10u8+³,11.0/11.1³,11.2³,11.4³,16.04²,18.04¹,20.04¹,22.04+¹,"XP, 2003, 2008³","2012r2, 2016, 2019, 2022¹"
OpenSSL⁶,"1.0.2v-chevah2 (statically linked with stdlib “ssl”)
1.0.2v-chevah2 (statically linked with cryptography)",1.0.2k (from AIX Web Download Pack Programs),"1.0.2v-chevah5¹⁵ (statically linked with stdlib “ssl”)
1.0.2v-chevah5¹⁵ (statically linked with cryptography)","1.1.1w (statically linked with stdlib “ssl”)
1.1.1w (statically linked with cryptography)","1.1.1w (statically linked with stdlib “ssl”)
1.1.1w (statically linked with cryptography)","1.1.1w (statically linked with stdlib “ssl”)
1.1.1w (statically linked with cryptography)",1.0.1u,1.0.2s,1.0.2h,"1.1.1w (statically linked with stdlib “ssl”)
1.1.1w (statically linked with cryptography)","1.1.1g (statically built for stdlib “ssl”)
1.1.1g (bundled with upstream cryptography 2.9.1)","1.1.1w (statically linked with stdlib “ssl”)
1.1.1w (statically linked with cryptography)","1.1.1cFIPS /
1.1.1k FIPS","1.1.1w (statically linked with stdlib “ssl”)
1.1.1w (statically linked with cryptography)","1.1.1w (statically linked with stdlib “ssl”)
1.1.1w (statically linked with cryptography)",1.0.2n (from upstream Oracle patches),1.0.0x,1.0.1h,"
1.0.2o","1.1.1w (statically linked with stdlib “ssl”)
1.1.1w (statically linked with cryptography)",1.1.0g,1.1.1f,"1.1.1w (statically linked with stdlib “ssl”)
1.1.1w (statically linked with cryptography)","1.0.2t (bundled with upstream Python 2.7.18)
1.0.2v-chevah5¹⁵ (statically linked with cryptography)","1.1.1w-chevah2 (statically linked with stdlib “ssl”)
1.1.1w-chevah2 (statically linked with cryptography)","1.1.1w-chevah2 (statically linked with stdlib “ssl”)
1.1.1w-chevah2 (statically linked with cryptography)","1.1.1w-chevah2 (statically linked with stdlib “ssl”)
1.1.1w-chevah2 (statically linked with cryptography)",1.0.1u,1.0.2s,1.0.2h,"1.1.1w-chevah2 (statically linked with stdlib “ssl”)
1.1.1w-chevah2 (statically linked with cryptography)","1.1.1g (statically built for stdlib “ssl”)
1.1.1g (bundled with upstream cryptography 2.9.1)","1.1.1w-chevah2 (statically linked with stdlib “ssl”)
1.1.1w-chevah2 (statically linked with cryptography)","1.1.1cFIPS /
1.1.1k FIPS","1.1.1w-chevah2 (statically linked with stdlib “ssl”)
1.1.1w-chevah2 (statically linked with cryptography)","1.1.1w-chevah2 (statically linked with stdlib “ssl”)
1.1.1w-chevah2 (statically linked with cryptography)",1.0.2n (from upstream Oracle patches),1.0.0x,1.0.1h,"
1.0.2o","1.1.1w-chevah2 (statically linked with stdlib “ssl”)
1.1.1w-chevah2 (statically linked with cryptography)",1.1.0g,1.1.1f,"1.1.1w-chevah2 (statically linked with stdlib “ssl”)
1.1.1w-chevah2 (statically linked with cryptography)","1.0.2t (bundled with upstream Python 2.7.18)
1.1.1g (bundled with upstream cryptography 2.9.1)","1.0.2t⁹ (bundled with upstream Python 2.7.18)
1.1.1w (built from upstream sources for cryptography)"
1.1.1w-chevah2 (built from upstream sources for cryptography)"
Python,2.7.18+patches,2.7.18¹¹,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18¹¹,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18¹¹,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.8⁴,2.7.18¹¹,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18¹¹,2.7.18¹³
SQLite,3.34.1,3.34.1,3.43.1,3.43.1,3.43.1,3.43.1,3.30.1,3.34.1,3.34.1,3.43.1,3.30.1,3.43.1,3.43.1,3.43.1,3.43.1,3.34.1,3.30.1,3.34.1,3.34.1,3.43.1,3.43.1,3.43.1,3.43.1,3.30.1 (we overwrite version from upstream Python at build time),3.43.1 (we overwrite version from upstream Python at build time)
SQLite,3.46.0,3.34.1,3.46.0,3.46.0,3.46.0,3.46.0,3.30.1,3.46.0,3.46.0,3.46.0,3.30.1,3.46.0,3.46.0,3.46.0,3.46.0,3.46.0,3.30.1,3.46.0,3.46.0,3.46.0,3.46.0,3.46.0,3.46.0,3.30.1 (we overwrite version from upstream Python at build time),3.46.0 (we overwrite version from upstream Python at build time)
Expat,2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.1.0⁵ (bundled with Python 2.7.8),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python)
zlib,1.2.12,p/o,1.3,1.3,p/o,1.3,p/o,p/o,1.2.12,1.3,p/o,1.3,p/o,1.3,1.3,p/o,p/o,p/o,p/o,1.3,p/o,p/o,1.3,1.2.11⁸ (bundled with Python),1.2.11⁸ (bundled with Python)
zlib,1.2.12,p/o,1.3.1,1.3.1,1.3.1,1.3.1,p/o,p/o,1.2.12,1.3.1,p/o,1.3.1,p/o,1.3.1,1.3.1,p/o,p/o,p/o,p/o,1.3.1,p/o,p/o,1.3.1,1.2.11⁸ (bundled with Python),1.2.11⁸ (bundled with Python)
bzip2,1.0.8,1.0.8,1.0.8,1.0.8,1.0.8,1.0.8,p/o,p/o,1.0.8,p/o,p/o,1.0.8,1.0.8,1.0.8,1.0.8,p/o,p/o,p/o,p/o,1.0.8,1.0.8,1.0.8,1.0.8,1.0.6 (bundled with Python),1.0.6 (bundled with Python)
libffi,3.4.4,3.4.2,3.4.4,p/o,3.4.4,3.4.4,3.4.2,3.4.2,3.4.2,p/o,p/o,3.4.4,p/o,3.4.4,3.4.4,n/a,n/a,3.4.2,3.4.2,p/o,p/o,p/o,p/o,n/a,n/a
libffi,3.4.6,3.4.2,3.4.6,3.4.6,3.4.6,3.4.6,3.4.2,3.4.2,3.4.2,p/o,p/o,3.4.6,p/o,3.4.6,3.4.6,n/a,n/a,3.4.2,3.4.2,3.4.6,p/o,p/o,3.4.6,n/a,n/a
libedit,n/a,n/a,n/a,n/a,20170329-3.1,n/a,20170329-3.1,20170329-3.1,n/a,n/a,20170329-3.1,n/a,20170329-3.1,n/a,n/a,n/a,20170329-3.1,20170329-3.1,20170329-3.1,n/a,20170329-3.1,20170329-3.1,n/a,n/a,n/a
pysqlite,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,"n/a, upstream sqlite3 is used","n/a, upstream sqlite3 is used"
pip,20.3.4¹⁴,9.0.3¹⁴,20.3.4chevah1,20.3.4chevah1,20.3.4chevah1,20.3.4chevah1,9.0.3¹⁴,20.3.4chevah1,20.3.4¹⁴,20.3.4chevah1,9.0.3¹⁴,20.3.4chevah1,20.3.4chevah1,20.3.4chevah1,20.3.4chevah1,20.3.4¹⁴,9.0.3¹⁴,20.3.4¹⁴,20.3.4chevah1,20.3.4chevah1,20.3.4chevah1,20.3.4chevah1,20.3.4chevah1,20.3.4¹⁴,20.3.4chevah1
setuptools,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,41.6.0¹⁷,41.6.0¹⁷,41.6.0¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷,44.1.1¹⁷
pycparser,2.20,2.20,2.21,2.21,2.21,2.21,2.20,2.21,2.20,2.21,2.20,2.21,2.21,2.21,2.21,2.20,2.20,2.20,2.21,2.21,2.21,2.21,2.21,2.20,2.21
setproctitle,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10
cryptography,3.2.1¹²,2.9.2¹²,3.2.1¹⁶,3.3.2¹⁶,3.3.2¹⁶,3.3.2¹⁶,2.9.2¹²,3.3.2¹⁶,n/a,3.3.2¹⁶,2.9.2¹² (wheel includes OpenSSL),3.3.2¹⁶,3.3.2¹⁶,3.3.2¹⁶,3.3.2¹⁶,n/a,n/a,n/a,3.2.1¹²,3.3.2¹⁶,3.3.2¹⁶,3.3.2¹⁶,3.3.2¹⁶,2.9.2¹² (wheel includes OpenSSL),3.3.2¹⁶
cryptography,3.2.1¹²,2.9.2¹²,3.2.1+patches,3.3.2+patches¹⁶,3.3.2+patches¹⁶,3.3.2+patches¹⁶,2.9.2¹²,3.3.2+patches¹⁶,n/a,3.3.2+patches¹⁶,2.9.2¹² (wheel includes OpenSSL),3.3.2+patches¹⁶,3.3.2+patches¹⁶,3.3.2+patches¹⁶,3.3.2+patches¹⁶,n/a,n/a,n/a,3.2.1¹²,3.3.2+patches¹⁶,3.3.2+patches¹⁶,3.3.2+patches¹⁶,3.3.2+patches¹⁶,2.9.2¹² (wheel includes OpenSSL),3.3.2+patches¹⁶
six,1.15.0,1.13.0,1.15.0,1.15.0,1.15.0,1.15.0,1.11.0,1.15.0,1.15.0,1.15.0,1.11.0,1.15.0,1.15.0,1.15.0,1.15.0,1.15.0,1.11.0,1.15.0,1.15.0,1.11.0,1.11.0,1.11.0,1.11.0,1.11.0,1.11.0
ipaddress,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,n/a,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,n/a,n/a,n/a,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23
cffi,1.14.5,1.14.0,1.15.1,1.15.1,1.15.1,1.15.1,1.14.0,1.15.1,n/a,1.15.1,1.14.0,1.15.1,1.15.1,1.15.1,1.15.1,n/a,1.14.0,1.14.5,1.15.1,1.15.1,1.15.1,1.15.1,1.15.1,1.14.0,1.15.1
Expand All @@ -38,10 +38,10 @@ enum34,1.1.10,1.1.6,1.1.10,1.1.10,1.1.10,1.1.10,1.1.6,1.1.10,n/a,1.1.10,1.1.6,1.
idna,n/a,2.6,n/a,n/a,n/a,n/a,2.6,n/a,n/a,n/a,2.6,n/a,n/a,n/a,n/a,n/a,2.6,n/a,n/a,n/a,n/a,n/a,n/a,2.6,n/a
pyOpenSSL,19.1.0,19.1.0,19.1.0,21.0.0,21.0.0,21.0.0,19.1.0,21.0.0,0.13.1⁷,21.0.0,19.1.0,21.0.0,21.0.0,21.0.0,21.0.0,0.13.1⁷,0.13.1⁷,0.13.1⁷,19.1.0,21.0.0,21.0.0,21.0.0,21.0.0,19.1.0,21.0.0
scandir,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0
psutil,n/a,5.6.5,5.9.5,5.9.5,5.9.5,5.9.5,n/a,5.9.2,n/a,5.9.5,5.6.5,5.9.5,5.9.5,5.9.5,5.9.5,n/a,n/a,n/a,5.9.2,5.9.5,5.9.5,5.9.5,5.9.5,n/a,5.9.5
psutil,n/a,5.6.5,6.0.0,5.9.6,6.0.0,5.9.6,n/a,5.9.2,n/a,6.0.0,5.6.5,5.9.6,6.0.0,5.9.6,5.9.6,n/a,n/a,n/a,6.0.0,5.9.6,6.0.0,6.0.0,5.9.6,n/a,6.0.0
subprocess32,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4
bcrypt,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,n/a,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7
pywin32,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,,n/a,227,228
pywin32,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,227,228
,,,,,,,,,,,,,,,,,,,,,,,,,
Abbreviations:,n/a: not applicable,,,,,,,,,,Notes:,"0. Dependencies above are listed as per the current build process, not necessarily for the latest released versions of python-package.",,,,,,,,,,,,,
,p/o: provided with OS,,,,,,,,,,,"1. Tier 1 platforms, fully supported and tested",,,,,,,,,,,,,
Expand All @@ -56,8 +56,8 @@ Colour codes:,DARKGREY: Tier 2 platforms and their problematic dependencies,,,,,
,,,,,,,,,,,,10. https://www.openssl.org/news/openssl-1.1.1-notes.html,,,,,,,,,,,,,
,,,,,,,,,,,,11. https://github.com/ActiveState/cpython/tags,,,,,,,,,,,,,
,,,,,,,,,,,,12. https://cryptography.io/en/latest/changelog.html,,,,,,,,,,,,,
,,,,,,,,,,,,"13. On Windows, the upstream Python 2.7.18 packages are hot patched for all known issues except CVE-2021-3177 and CVE-2020-10735",,,,,,,,,,,,,
,,,,,,,,,,,,"13. On Windows, the upstream Python 2.7.18 packages are not patched for CVE-2020-10735, CVE-2021-3177, CVE-2022-48560, CVE-2022-48566, CVE-2023-40217, CVE-2024-0397.",,,,,,,,,,,,,
,,,,,,,,,,,,14. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3572,,,,,,,,,,,,,
,,,,,,,,,,,,15. Corresponds to upstream OpenSSL version 1.0.2zg from 07 Feb 2023.,,,,,,,,,,,,,
,,,,,,,,,,,,"16. Both cryptography 3.2.1 and version 3.3.2 have been patched for CVE-2023-23931, but not for CVE-2023-38325.",,,,,,,,,,,,,
,,,,,,,,,,,,17. Versions older than 65.5.1 are vulnerable to CVE-2022-40897.,,,,,,,,,,,,,
,,,,,,,,,,,,"16. Both cryptography 3.2.1 and version 3.3.2+patches have been patched for CVE-2023-23931 and CVE-2023-49083, but not for CVE-2023-38325. Other issues might be present.",,,,,,,,,,,,,
,,,,,,,,,,,,"17. Vulnerable to CVE-2022-40897, CVE-2024-6345.",,,,,,,,,,,,,
Loading

0 comments on commit a67ce7f

Please sign in to comment.