code.ossystems Code Review - openembedded-core.git/commit

author	Tim Orling <timothy.t.orling@intel.com>
	Wed, 16 Jun 2021 06:33:52 +0000 (23:33 -0700)
committer	Steve Sakoman <steve@sakoman.com>
	Sun, 27 Jun 2021 19:24:24 +0000 (09:24 -1000)
commit	fdfc3340b58e1af0c231eedaa07358f7d9c6483e
tree	64d31dd21380322646f13409e86ed573b9002d32	tree \| snapshot
parent	a90dde9b1800acf364fa272177945e0a4cbf6560	commit \| diff

python3: upgrade 3.8.7 -> 3.8.8

Release Date: Feb. 19, 2021

Note: The release you're looking at is Python 3.8.8, a bugfix release for the
legacy 3.8 series. Python 3.9 is now the latest feature release series of
Python 3.

Notable changes in Python 3.8.8

Earlier Python versions allowed using both ; and & as query parameter
separators in urllib.parse.parse_qs() and urllib.parse.parse_qsl(). Due to
security concerns, and to conform with newer W3C recommendations, this has been
changed to allow only a single separator key, with & as the default. This
change also affects cgi.parse() and cgi.parse_multipart() as they use the
affected functions internally. For more details, please see their respective
documentation. (Contributed by Adam Goldschmidt, Senthil Kumaran and Ken Jin
in bpo-42967.)

License-Update: update copyright years

Drop patches fixed in 3.8.8:
- CVE-2021-3177

Fixes:
CVE: CVE-2021-3426
CVE: CVE-2021-23336

References:
https://www.python.org/downloads/release/python-388/
https://docs.python.org/release/3.8.8/whatsnew/changelog.html#changelog
https://docs.python.org/3/whatsnew/3.8.html#notable-changes-in-python-3-8-8
https://nvd.nist.gov/vuln/detail/CVE-2021-3177
https://nvd.nist.gov/vuln/detail/CVE-2021-3426

Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-devtools/python/python3/CVE-2021-3177.patch	[deleted file]	blob \| history
meta/recipes-devtools/python/python3_3.8.8.bb	[moved from meta/recipes-devtools/python/python3_3.8.7.bb with 98% similarity]	diff \| blob \| history