home-assistant
/
buildroot
mirror of https://github.com/home-assistant/buildroot.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
buildroot/package/python3
History
Peter Korsgaard 39a2ff16f9 package/python3: add upstream security fix for CVE-2022-45061 
Fixes the following security issue:

CVE-2022-45061: An issue was discovered in Python before 3.11.1.  An
unnecessary quadratic algorithm exists in one path when processing some
inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably
long name being presented to the decoder could lead to a CPU denial of
service.  Hostnames are often supplied by remote servers that could be
controlled by a malicious actor; in such a scenario, they could trigger
excessive CPU consumption on the client attempting to make use of an
attacker-supplied supposed hostname.  For example, the attack payload could
be placed in the Location header of an HTTP response with status code 302.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 		2022-11-23 11:03:15 +01:00
..
0001-Make-the-build-of-pyc-files-conditional.patch
0002-Disable-buggy_getaddrinfo-configure-test-when-cross-.patch
0003-Add-infrastructure-to-disable-the-build-of-certain-e.patch
0004-Adjust-library-header-paths-for-cross-compilation.patch
0005-Don-t-look-in-usr-lib-termcap-for-libraries.patch
0006-Don-t-add-multiarch-paths.patch
0007-Abort-on-failed-module-build.patch
0008-Serial-ioctl-workaround.patch
0009-Do-not-adjust-the-shebang-of-Python-scripts-for-cros.patch
0010-Misc-python-config.sh.in-ensure-sed-invocations-only.patch
0011-Add-an-option-to-disable-pydoc.patch
0012-Add-an-option-to-disable-lib2to3.patch
0013-Add-option-to-disable-the-sqlite3-module.patch
0014-Add-an-option-to-disable-the-tk-module.patch
0015-Add-an-option-to-disable-the-curses-module.patch
0016-Add-an-option-to-disable-expat.patch
0017-Add-an-option-to-disable-CJK-codecs.patch
0018-Add-an-option-to-disable-NIS.patch
0019-Add-an-option-to-disable-unicodedata.patch
0020-Add-an-option-to-disable-IDLE.patch
0021-Add-an-option-to-disable-decimal.patch
0022-Add-an-option-to-disable-the-ossaudiodev-module.patch
0023-Add-an-option-to-disable-openssl-support.patch
0024-Add-an-option-to-disable-the-readline-module.patch
0025-Add-options-to-disable-zlib-bzip2-and-xz-modules.patch
0026-python-config.sh-don-t-reassign-prefix.patch
0027-Fix-cross-compiling-the-uuid-module.patch
0028-Add-an-option-to-disable-uuid-module.patch
0029-fix-building-on-older-distributions.patch
0030-configure.ac-fixup-CC-print-multiarch-output-for-mus.patch
0031-Add-an-option-to-disable-the-berkeleydb-module.patch
0032-lib-crypt-uClibc-ng-doesn-t-set-errno-when-encryptio.patch
0033-3.11-gh-98433-Fix-quadratic-time-idna-decoding.-GH-9.patch
Config.in
Config.in.host
python3.hash
python3.mk