Zlib inflate security fix. by dumol · Pull Request #171 · chevah/python-package

dumol · 2022-11-04T10:56:34Z

Scope

Fixes CVE-2022-37434.

Changes

Updated zlib sources to 1.2.13.

Note that Windows packages use upstream Python which embeds zlib 1.2.11, so they remain vulnerable to this.

Other updates: OpenSSL 1.1.1s, SQLite 3.39.4, libffi 3.4.4, psutil 5.9.3 (5.9.1 on generic glibc-based Linux).

How to try and test the changes

reviewers: @adiroiban

To review changes:

git diff master python-modules/ chevah_build

Check automated tests.

Staging packages tested in server repo: https://github.com/chevah/server/pull/5974

dumol · 2022-11-04T13:41:20Z

Still to be tested under AIX (maybe without the exception for psutil).

needs-review

adiroiban

Thanks.

windows will be left behind.

I will start working on py3 migration now

dumol · 2022-11-07T09:52:00Z

The current branch builds and tests fine on AIX 7.1 using the python-package-7100-05-09 image on IBM Cloud.

This reverts commit 1958e27.

dumol added 2 commits November 4, 2022 12:53

Updated zlib sources to 1.2.13.

151c8cb

Use zlib 1.2.13 to fix CVE-2022-37434.

f9f7ba7

dumol self-assigned this Nov 4, 2022

dumol added 13 commits November 4, 2022 12:57

Updated OpenSSL 1.1.1 sources to version 1.1.1s.

38b4f8c

Use OpenSSL 1.1.1s.

2b8a5df

Updated safety and its exceptions.

dd72382

Use safety 1.9.0.

51e168f

Updated psutil to 5.9.3.

27e1825

Use safety 1.8.7.

0b89e9b

Updated OpenSSL 1.1.1 version to check for.

e41bcaa

Updated libffi sources to version 3.4.4.

4a83e84

Use libffi version 3.4.4.

2576efc

Updated SQLite sources to version 3.39.4.

6b024da

Updated SQLite DLLs.

ea3fddd

Use SQLite version 3.39.4.

c231104

Updated external deps sheets.

a870ea9

chevah-robot added the needs-review label Nov 4, 2022

chevah-robot requested a review from adiroiban November 4, 2022 13:41

adiroiban approved these changes Nov 5, 2022

View reviewed changes

chevah-robot added needs-merge and removed needs-review labels Nov 5, 2022

Try latest psutil on CentOS 5.

1958e27

dumol added 3 commits November 7, 2022 12:00

Revert "Try latest psutil on CentOS 5."

9a21ef7

This reverts commit 1958e27.

Try latest psutil working on CentOS 5.

1bdf03c

Updated external deps sheets.

e7f3f4e

dumol merged commit d2b7dcc into master Nov 7, 2022

dumol deleted the zlib-inflate-fix branch November 7, 2022 10:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Zlib inflate security fix.#171

Zlib inflate security fix.#171
dumol merged 19 commits intomasterfrom
zlib-inflate-fix

dumol commented Nov 4, 2022 •

edited

Loading

Uh oh!

dumol commented Nov 4, 2022

Uh oh!

adiroiban left a comment

Uh oh!

dumol commented Nov 7, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

dumol commented Nov 4, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Scope

Changes

How to try and test the changes

Uh oh!

dumol commented Nov 4, 2022

Uh oh!

adiroiban left a comment

Choose a reason for hiding this comment

Uh oh!

dumol commented Nov 7, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

dumol commented Nov 4, 2022 •

edited

Loading