diff options
| author | Steve Dower <steve.dower@python.org> | 2022-03-08 09:04:59 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-08 09:04:59 (GMT) |
| commit | 6649519e67841b1aa12672f1d9b5cb24494f6196 (patch) | |
| tree | 16bfff48b8e5fa36d0844566a1987e2dbccb6e8b | |
| parent | cff1b78c1dfb2a62b1e16fabc5f43bc3634d9de7 (diff) | |
| download | cpython-6649519e67841b1aa12672f1d9b5cb24494f6196.zip cpython-6649519e67841b1aa12672f1d9b5cb24494f6196.tar.gz cpython-6649519e67841b1aa12672f1d9b5cb24494f6196.tar.bz2 | |
bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and CVE-2019-12900 (GH-31732) (GH-31734)
| -rw-r--r-- | Misc/NEWS.d/next/Windows/2022-03-07-17-46-40.bpo-44549.SPrGS9.rst | 2 | ||||
| -rw-r--r-- | PCbuild/get_externals.bat | 2 | ||||
| -rw-r--r-- | PCbuild/python.props | 2 | ||||
| -rw-r--r-- | PCbuild/readme.txt | 2 |
4 files changed, 5 insertions, 3 deletions
diff --git a/Misc/NEWS.d/next/Windows/2022-03-07-17-46-40.bpo-44549.SPrGS9.rst b/Misc/NEWS.d/next/Windows/2022-03-07-17-46-40.bpo-44549.SPrGS9.rst new file mode 100644 index 0000000..0f1ef9a --- /dev/null +++ b/Misc/NEWS.d/next/Windows/2022-03-07-17-46-40.bpo-44549.SPrGS9.rst @@ -0,0 +1,2 @@ +Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and +CVE-2019-12900 diff --git a/PCbuild/get_externals.bat b/PCbuild/get_externals.bat index d975f05..2eff5e0 100644 --- a/PCbuild/get_externals.bat +++ b/PCbuild/get_externals.bat @@ -51,7 +51,7 @@ if NOT DEFINED PYTHON ( echo.Fetching external libraries... set libraries= -set libraries=%libraries% bzip2-1.0.6 +set libraries=%libraries% bzip2-1.0.8 if NOT "%IncludeLibffiSrc%"=="false" set libraries=%libraries% libffi-3.3.0 if NOT "%IncludeSSLSrc%"=="false" set libraries=%libraries% openssl-1.1.1l set libraries=%libraries% sqlite-3.35.5.0 diff --git a/PCbuild/python.props b/PCbuild/python.props index 0d25e51..7dfcf8f 100644 --- a/PCbuild/python.props +++ b/PCbuild/python.props @@ -57,7 +57,7 @@ <ExternalsDir Condition="$(ExternalsDir) == ''">$([System.IO.Path]::GetFullPath(`$(PySourcePath)externals`))</ExternalsDir> <ExternalsDir Condition="!HasTrailingSlash($(ExternalsDir))">$(ExternalsDir)\</ExternalsDir> <sqlite3Dir>$(ExternalsDir)sqlite-3.35.5.0\</sqlite3Dir> - <bz2Dir>$(ExternalsDir)bzip2-1.0.6\</bz2Dir> + <bz2Dir>$(ExternalsDir)bzip2-1.0.8\</bz2Dir> <lzmaDir>$(ExternalsDir)xz-5.2.2\</lzmaDir> <libffiDir>$(ExternalsDir)libffi-3.3.0\</libffiDir> <libffiOutDir>$(ExternalsDir)libffi-3.3.0\$(ArchName)\</libffiOutDir> diff --git a/PCbuild/readme.txt b/PCbuild/readme.txt index e6b9a78..6ad55ab 100644 --- a/PCbuild/readme.txt +++ b/PCbuild/readme.txt @@ -157,7 +157,7 @@ interpreter, but they do implement several major features. See the about getting the source for building these libraries. The sub-projects are: _bz2 - Python wrapper for version 1.0.6 of the libbzip2 compression library + Python wrapper for version 1.0.8 of the libbzip2 compression library Homepage: http://www.bzip.org/ _lzma |