This also restores (and updates) a patch for pip that was removed
earlier but is still necessary.
Fixes: 7a756db002 ("python3: bump to version 3.10.9")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Refresh patches.
Bump setuptools to 65.5.0
Bump pip to 22.3.1
Removed patch: patches-pip/001-pep517-pyc-fix.patch
No longer needed as per:
fa4b2efbab
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Refreshed Python patches.
Updated pip & setuptools version.
For pip, patch '001-pep517-pyc-fix.patch' was reworked.
Also, the current version of the bundled pip (21.1.1) no longer supports
Python2, so the 'py2.py3' suffix gets replaced with just py3.
For setuptools, there is no longer a script/module:
https://github.com/pypa/setuptools/pull/2544
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This version includes fixes for:
* CVE-2020-14422: Hash collisions in IPv4Interface and IPv6Interface
* CVE-2020-15523: Python uses invalid DLL path after calling Py_SetPath
on Windows
This version also includes support for OpenSSL 1.1.x builds that use
'no-deprecated' and '--api=1.1.0'[1], and so this removes the previous
OpenSSL-related patches.
This also backports fixes for security issues, including:
* CVE-2019-20907: Infinite loop in the tarfile module
This also updates the setuptools and pip packages to 47.1.0 and 20.1.1,
respectively.
[1]: https://github.com/python/cpython/pull/20566
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
