New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Windows installer to use bzip2 1.0.8 #88715
Comments
Python (3.9.5 and 3.9.6 are using Bzip2 1.0.6 which has a known critical vulnerability. Please upgrade the same to a stable version. |
If you update python/cpython-source-deps, I can submit a simple PR to python/cpython. I want to submit a PR to python/cpython-source-deps, but I think it’s better for a credible person to do this. |
I request the dependency update to use bzip2 1.0.8 which is the stable version. |
@ned.deily Is it possible to update bz2 to 1.0.8 on macOS distribution? |
Hmm since I am not a distribution expert, I would like to follow other core devs opinions. Almost Linux distributions use bzip2 1.0.6 by default. |
Thanks for looking into this. As I commented on PR 27241, this change is not needed because current macOS python.org installers dynamically link to the system-provided copies of Bzip2; the code to build a private copy of BZip2 in build-installer.py was only used when building on very old versions of macOS, 10.4 and earlier, versions for which we no longer support building installers. I've submitted another PR to remove that unused code to avoid future confusion. |
Okay, so this issue looks out of scope to the CPython team if the Windows distribution follows the same policy. @steve.dowe Can you check about this issue? |
cpython-source-deps was updated middle of last year, but apparently we never merged the main repo change to use it. I'll do it now. |
Adding RMs - this should get merged before we do any security releases for bpo-46948 |
New changeset 105b9ac by Steve Dower in branch 'main': |
New changeset 58d576a by Steve Dower in branch '3.10': |
New changeset 4a3c610 by Steve Dower in branch '3.7': |
New changeset e1639f3 by Steve Dower in branch '3.9': |
New changeset 6649519 by Steve Dower in branch '3.8': |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: