-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2024.08 updates. #177
2024.08 updates. #177
Conversation
…ues not relevant for our old versions.
Getting closer with this, but compat tests no longer run because
Any ideas, @adiroiban? |
I think that we can just release this and then we will see how it goes in chevah/server series-4 branch chevah/compat trunk branch no longer supports python 2.7 if you want to run chevah/compat tests, they should be executed based on this commit this should be for version 1.0.9 which should still support python 2.7 unfortunately, I did a bad job tracking the versions for chevah/compat and we don't have any tags for that. |
We were using this branch: https://github.com/chevah/compat/tree/py2-support. That's why I was surprised to see an error about Python 3 being required. When checking out chevah/compat@d4a3dfc, there are other errors:
From https://github.com/chevah/python-package/actions/runs/10196943648/job/28208745488?pr=177 |
@adiroiban: I've disabled compat tests for now to produce packages to test with server 4.x.x. They are currently available at https://bin.chevah.com:20443/testing/2.7.18.4a3120a/ |
No new commits at https://github.com/ActiveState/cpython/commits/2.7/. I'm merging this while still relevant to the upstream patches. If needed, more changes can be added in another branch/PR. |
Scope
Patch Python and OpenSSL for as many security issues as feasibly possible. Fixes #176
Update libs and modules, if possible.
Changes
Python security hot patches applied on all platforms for: CVE-2017-18207, CVE-2021-4189, CVE-2022-45061, CVE-2022-48565, CVE-2024-7592.
Patched Python 2.7.18 sources on non-Windows platforms for: CVE-2022-48560, CVE-2022-48566, CVE-2023-40217, CVE-2024-0397.
Patched OpenSSL 1.1.1w sources for: CVE-2023-5678, CVE-2024-0727, CVE-2024-2511, CVE-2024-4741, CVE-2024-5535.
Patched our
cryptography
sources for CVE-2023-49083.Lib updates:
libffi
to 3.4.6zlib
to 1.3.1sqlite
to 3.46.0.Python modules updates:
psutil
to 5.9.6 on generic glibc-based Linux,psutil
to 6.0.0 on the other platforms.Drive-by changes:
compat
tests are now disabled as the branch for Python 2.7 tests is unmaintainedHow to try and test the changes
reviewers: @adiroiban
For a quick picture of the overall security situation per OS, check
external_deps.fods
in LibreOffice Calc.To check other changes to our scripts and docs:
For the
cryptography
patch:For Python 2.7.18 patches:
For OpenSSL 1.1.1w patches: