[Buildroot] [PATCH 1/1] package/python-pip: security bump to version 21.2.4
Arnout Vandecappelle
arnout at mind.be
Wed Sep 22 19:26:07 UTC 2021
On 19/09/2021 21:37, Fabrice Fontaine wrote:
> - SECURITY: Stop splitting on unicode separators in git references,
> which could be maliciously used to install a different revision on the
> repository. (#9827)
> - Update hash of LICENSE.txt (update in year)
> - Update indentation in hash file (two spaces)
>
> https://pip.pypa.io/en/stable/news/#v21-2-4
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Applied to master, thanks.
Regards,
Arnout
> ---
> package/python-pip/python-pip.hash | 6 +++---
> package/python-pip/python-pip.mk | 4 ++--
> package/python3-pip/python3-pip.mk | 4 ++--
> 3 files changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/package/python-pip/python-pip.hash b/package/python-pip/python-pip.hash
> index 58bc239154..69214110f8 100644
> --- a/package/python-pip/python-pip.hash
> +++ b/package/python-pip/python-pip.hash
> @@ -1,5 +1,5 @@
> # md5, sha256 from https://pypi.org/pypi/pip/json
> -md5 7d42ba49b809604f0df3d55df1c3fd86 pip-20.0.2.tar.gz
> -sha256 7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f pip-20.0.2.tar.gz
> +md5 efbdb4201a5e6383fb4d12e26f78f355 pip-21.2.4.tar.gz
> +sha256 0eb8a1516c3d138ae8689c0c1a60fde7143310832f9dc77e11d8a4bc62de193b pip-21.2.4.tar.gz
> # Locally computed sha256 checksums
> -sha256 5ba21fbb0964f936ad7d15362d1ed6d4931cc8c8f9ff2d4d91190e109be74431 LICENSE.txt
> +sha256 23a7361c2b1581028bc623b9da2bd24997abcaa4781ace6ad444a37944f8dae1 LICENSE.txt
> diff --git a/package/python-pip/python-pip.mk b/package/python-pip/python-pip.mk
> index 71f76e2842..ba7134e235 100644
> --- a/package/python-pip/python-pip.mk
> +++ b/package/python-pip/python-pip.mk
> @@ -5,9 +5,9 @@
> ################################################################################
>
> # Please keep in sync with package/python3-pip/python3-pip.mk
> -PYTHON_PIP_VERSION = 20.0.2
> +PYTHON_PIP_VERSION = 21.2.4
> PYTHON_PIP_SOURCE = pip-$(PYTHON_PIP_VERSION).tar.gz
> -PYTHON_PIP_SITE = https://files.pythonhosted.org/packages/8e/76/66066b7bc71817238924c7e4b448abdb17eb0c92d645769c223f9ace478f
> +PYTHON_PIP_SITE = https://files.pythonhosted.org/packages/52/e1/06c018197d8151383f66ebf6979d951995cf495629fc54149491f5d157d0
> PYTHON_PIP_SETUP_TYPE = setuptools
> PYTHON_PIP_LICENSE = MIT
> PYTHON_PIP_LICENSE_FILES = LICENSE.txt
> diff --git a/package/python3-pip/python3-pip.mk b/package/python3-pip/python3-pip.mk
> index 58e3c06c39..5e20b06865 100644
> --- a/package/python3-pip/python3-pip.mk
> +++ b/package/python3-pip/python3-pip.mk
> @@ -5,9 +5,9 @@
> ################################################################################
>
> # Please keep in sync with package/python-pip/python-pip.mk
> -PYTHON3_PIP_VERSION = 20.0.2
> +PYTHON3_PIP_VERSION = 21.2.4
> PYTHON3_PIP_SOURCE = pip-$(PYTHON_PIP_VERSION).tar.gz
> -PYTHON3_PIP_SITE = https://files.pythonhosted.org/packages/8e/76/66066b7bc71817238924c7e4b448abdb17eb0c92d645769c223f9ace478f
> +PYTHON3_PIP_SITE = https://files.pythonhosted.org/packages/52/e1/06c018197d8151383f66ebf6979d951995cf495629fc54149491f5d157d0
> PYTHON3_PIP_SETUP_TYPE = setuptools
> PYTHON3_PIP_LICENSE = MIT
> PYTHON3_PIP_LICENSE_FILES = LICENSE.txt
>
More information about the buildroot
mailing list