Fix CVE-2022-0391 for Python's urlparse. by dumol · Pull Request #169 · chevah/python-package

dumol · 2022-09-02T13:46:08Z

Scope

Fixes #168.

Changes

Address CVE-2022-0391 for urlparse from ActiveState/cpython#14.

Drive-by changes:

Updated OpenSSL to version 1.1.1q.
Updated cffi to 1.15.1 and psutil to 5.9.2 (except on generic Linux, where 5.9.0 is now pinned)
Build a generic musl Linux version on Alpine 3.12, similar to the glibc build on CentOS 5.
Fixes More strict Bash checks. #167.
Fixes Get rid of lib64 sub-dir in the generic Linux package. #166.
Some other minor fixes backported from Pythia.

How to try and test the changes

reviewers: @adiroiban

git diff master chevah_build *.sh src/*/chevahbs python-modules/chevah-python-test/ .github/

Check the automated builds.

dumol · 2022-09-08T13:11:06Z

Testing packages used in https://github.com/chevah/server/pull/5891 seem to be working properly, please double-check.

needs-review

adiroiban

Thanks. It can be merged.

dumol added 22 commits September 2, 2022 16:41

Fixed CVE-2022-0391 for Python's urlparse.

67d4c87

Bash checks for the chevahbs scripts.

472ce24

Removed some unused variables from chevahbs scripts.

e630fb3

Try generic musl build.

d8f43c9

Fixed musl version check for 1.2 and newer.

770df34

Updated OpenSSL sources to 1.1.1q

04765bf

Updated OpenSSL 1.1.1 version in our scripts and docs.

49114ad

Actually updated the docs for OpenSSL 1.1.1q.

8d8e3bc

Updated own tests for generic musl Linux build.

2124e25

Backported OpenSSL build fix for macOS.

7077364

Ignore dparse issue for now.

a003616

Updated cffi and psutil to the latest versions.

db2f171

Updated cffi sources to 1.15.1.

9e36da4

Try a different psutil check.

50d4725

Pin psutil to version 5.9.0 on generic Linux builds.

b2e8f67

Build generic musl version on Alpine 3.12.

cfe932e

Use a saved paxctl on Alpine 3.12.

10d9e45

Save paxctl on Alpine 3.12 in an already existing path dir.

382cab2

Changes after own review.

854b00a

Updated and reorganized external deps sheets.

321fe91

Updated list of RHEL clones from server repo.

e65a5fe

Temporarily disabled ARM64 builds.

98913ec

chevah-robot added the needs-review label Sep 8, 2022

chevah-robot requested a review from adiroiban September 8, 2022 13:11

dumol added 2 commits September 9, 2022 11:27

More Alpine-related cleanups and fixes.

71e043c

One more Alpine-related fix.

9fd66f5

adiroiban approved these changes Sep 14, 2022

View reviewed changes

chevah-robot added needs-merge and removed needs-review labels Sep 14, 2022

chevah-robot assigned dumol Sep 14, 2022

dumol merged commit 90dc4a6 into master Sep 19, 2022

dumol deleted the python-cve-2022-0391 branch September 19, 2022 09:22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix CVE-2022-0391 for Python's urlparse.#169

Fix CVE-2022-0391 for Python's urlparse.#169
dumol merged 24 commits intomasterfrom
python-cve-2022-0391

dumol commented Sep 2, 2022 •

edited

Loading

Uh oh!

dumol commented Sep 8, 2022

Uh oh!

adiroiban left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

dumol commented Sep 2, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Scope

Changes

How to try and test the changes

Uh oh!

dumol commented Sep 8, 2022

Uh oh!

adiroiban left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

dumol commented Sep 2, 2022 •

edited

Loading