Skip to content

Commit

Permalink
Use patched pip to solve latest security issue. (#158)
Browse files Browse the repository at this point in the history 
* Use patched pip 20.3.4 to solve Safety id 42218.

* Document changes in pip sources.

* Link to our chevah/pip fork for 20.3.4chevah versions.

* Back to using pip wheel generated from patched released sources.

* Try using pip wheel generated from linked git branch.

* Updated OpenSSL 1.1.1 sources to 1.1.1m.

* Updated built/test scripts for OpenSSL 1.1.1m.

* Updated external deps sheets for OpenSSL 1.1.1m.

* Fixed test phase when running locally.

* Cleanup the distributed package.

* One more minor cleanup for libffi's include files.

* On some OS'es, there's nothing to remove.

* On some OS'es, there are no stray pkgconfig files.

* Updated cffi sources to version 1.15.0.

* Use cffi version 1.15.0.

* Use latest versions suggested by 'pip list --outdate'.

* Update SQLite sources and DLLs to version 3.37.2.

* Use SQLite version 3.37.2.

* Keep include/ where it belongs, might be needed when testing.

* Safety tests fine on arm64 again.

* Documented updated external deps.

* Updated supported status for all OS'es.
  • Loading branch information
@dumol
dumol authored Feb 21, 2022
1 parent 5d8a8e9 commit 241e9fe
Show file tree
Hide file tree
Showing 3,337 changed files with 12,213 additions and 7,757 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
25 changes: 13 additions & 12 deletions chevah_build
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,20 +17,22 @@ BZIP2_VERSION="1.0.8"
# We statically build the BSD libedit on selected platforms to get the
# readline module available without linking to the GPL-only readline libs.
LIBEDIT_VERSION="20170329-3.1"
OPENSSL_VERSION="1.1.1l"
SQLITE_VERSION="3.36.0"
OPENSSL_VERSION="1.1.1m"
SQLITE_VERSION="3.37.2"

# Python modules versions to be used everywhere possible.
PYSQLITE_VERSION="2.8.3"
CFFI_VERSION="1.14.6"
# 19.1.0 is used with OpenSSL 1.0.2 libs.
PYOPENSSL_VERSION="20.0.1"
CFFI_VERSION="1.15.0"
SCANDIR_VERSION="1.10.0"
PSUTIL_VERSION="5.8.0"
PSUTIL_VERSION="5.9.0"
SUBPROCESS32_VERSION="3.5.4"

# Versions no longer upgradable because of Python 2 deprecation.
PIP_VERSION="20.3.4"
# pyOpenSSL 19.1.0 is used with OpenSSL 1.0.2 libs.
PYOPENSSL_VERSION="21.0.0"
# Backported fix for https://github.com/pypa/pip/issues/9827
# at https://github.com/chevah/pip/tree/20.3.4chevah.
PIP_VERSION="20.3.4chevah1"
# For pip <21.1.
SAFETY_IGNORED_OPTS="-i 40291"
# setuptools 44.x is the last series to support Python 2.7.
Expand All @@ -46,7 +48,7 @@ SETPROCTITLE_VERSION="1.1.10"
PYWIN32_VERSION="228"

# pycparser is explicitly installed to work around setuptools auto dependencies.
PYCPARSER_VERSION="2.20"
PYCPARSER_VERSION="2.21"

# Current revision for the VC++ 9.0 redistributable version used on Windows.
REDISTRIBUTABLE_VERSION="9.0.30729.9518"
Expand Down Expand Up @@ -733,15 +735,14 @@ command_test() {
aix*)
(>&2 echo -e "\tSkipping because of upstream issues.")
;;
lnx-arm64)
(>&2 echo -e "\tSkipping as it now fails on ARM64.")
;;
lnx-x64)
lnx*)
set +o nounset
if [ x"$CHEVAH_CONTAINER" = x"yes" ]; then
(>&2 echo -e "\tSkipping as it fails under Docker on CentOS 5.")
else
execute $PYTHON_BIN ${SCANDIR_FOLDER}/test/run_tests.py
fi
set -o nounset
;;
*)
# UTF-8 locale is needed for the tests to pass on remaining OS'es.
Expand Down
44 changes: 22 additions & 22 deletions external_deps.csv
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
OS,AIX,,,Amazon,Alpine,,Debian,FreeBSD,,HP-UX,macOS,OS X,RHEL,,,,SLES,,Solaris,,,,Ubuntu,,,,Windows,
OS Version,5.3³,6.1³,7.1¹,2¹,3.12³,3.14¹,5.0+³,11.4³,12.2²,11.31²,10.13+¹,10.8³,5.11¹,6.x¹,7.x¹,8.x¹,11SP4¹,12SP3¹,10u8+³,11.0/11.1³,11.2²,11.4²,14.04²,16.04¹,18.04¹,20.04¹,"XP, 2003, 2008²","2012r2, 2016, 2019¹"
"OpenSSL /
LibreSSL⁶","1.0.2v-chevah2 (statically linked with stdlib “ssl”)
OS Version,5.3³,6.1³,7.1¹,2¹,3.12³,3.14¹,5.0+²,11.4³,12.2+³,11.31³,10.13+¹,10.8³,5.11¹,6.x¹,7.x¹,8.x¹,11SP4²,12SP3²,10u8+³,11.0/11.1³,11.2³,11.4³,14.04¹,16.04¹,18.04¹,20.04¹,"XP, 2003, 2008³","2012r2, 2016, 2019¹"
OpenSSL⁶,"1.0.2v-chevah2 (statically linked with stdlib “ssl”)
1.0.2v-chevah2 (statically linked with cryptography)",1.0.2k (from AIX Web Download Pack Programs),"1.0.2v-chevah3 (statically linked with stdlib “ssl”)
1.0.2v-chevah3 (statically linked with cryptography)","1.1.1l (statically linked with stdlib “ssl”)
1.1.1l (statically linked with cryptography)",1.1.1j,1.1.1l,"1.1.1l (statically linked with stdlib “ssl”)
1.1.1l (statically linked with cryptography)",1.0.1u,1.0.2s,1.0.2h,"1.1.1l (statically linked with stdlib “ssl”)
1.1.1l (statically linked with cryptography)","1.1.1g (statically built for stdlib “ssl”)
1.1.1g (bundled with upstream cryptography 2.9.1)","1.1.1l (statically linked with stdlib “ssl”)
1.1.1l (statically linked with cryptography)","1.1.1l (statically linked with stdlib “ssl”)
1.1.1l (statically linked with cryptography)","1.1.1l (statically linked with stdlib “ssl”)
1.1.1l (statically linked with cryptography)",1.1.1c FIPS,"1.1.1l (statically linked with stdlib “ssl”)
1.1.1l (statically linked with cryptography)","1.1.1l (statically linked with stdlib “ssl”)
1.1.1l (statically linked with cryptography)",1.0.2n (from upstream Oracle patches),1.0.0x,1.0.1h,1.0.2o,"1.1.1l (statically linked with stdlib “ssl”)
1.1.1l (statically linked with cryptography)","1.1.1l (statically linked with stdlib “ssl”)
1.1.1l (statically linked with cryptography)",1.1.0g,1.1.1f,"1.0.2t (bundled with upstream Python 2.7.18)
1.1.1g (bundled with upstream cryptography 2.9.1)","1.0.2t¹⁰ (bundled with upstream Python 2.7.18)
1.1.1l (built from upstream sources)"
1.0.2v-chevah3 (statically linked with cryptography)","1.1.1m (statically linked with stdlib “ssl”)
1.1.1m (statically linked with cryptography)",1.1.1j,1.1.1m,"1.1.1m (statically linked with stdlib “ssl”)
1.1.1m (statically linked with cryptography)",1.0.1u,1.0.2s,1.0.2h,"1.1.1m (statically linked with stdlib “ssl”)
1.1.1m (statically linked with cryptography)","1.1.1g (statically built for stdlib “ssl”)
1.1.1g (bundled with upstream cryptography 2.9.1)","1.1.1m (statically linked with stdlib “ssl”)
1.1.1m (statically linked with cryptography)","1.1.1m (statically linked with stdlib “ssl”)
1.1.1m (statically linked with cryptography)","1.1.1m (statically linked with stdlib “ssl”)
1.1.1m (statically linked with cryptography)",1.1.1c FIPS,"1.1.1m (statically linked with stdlib “ssl”)
1.1.1m (statically linked with cryptography)","1.1.1m (statically linked with stdlib “ssl”)
1.1.1m (statically linked with cryptography)",1.0.2n (from upstream Oracle patches),1.0.0x,1.0.1h,"
1.0.2o","1.1.1m (statically linked with stdlib “ssl”)
1.1.1m (statically linked with cryptography)","1.1.1m (statically linked with stdlib “ssl”)
1.1.1m (statically linked with cryptography)",1.1.0g,1.1.1f,"1.0.2t (bundled with upstream Python 2.7.18)
1.1.1g (bundled with upstream cryptography 2.9.1)","1.0.2t⁹ (bundled with upstream Python 2.7.18)
1.1.1m (built from upstream sources for cryptography)"
Python,2.7.18+patches,2.7.18¹¹,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18¹¹,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18¹¹,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.8⁴,2.7.18¹¹,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18+patches,2.7.18¹¹,2.7.18¹³
SQLite,3.34.1,3.34.1,3.36.0,3.36.0,3.34.1,3.36.0,3.36.0,3.30.1,3.34.1,3.34.1,3.36.0,3.30.1,3.36.0,3.36.0,3.36.0,3.36.0,3.36.0,3.36.0,3.34.1,3.30.1,3.34.1,3.34.1,3.36.0,3.36.0,3.36.0,3.36.0,3.30.1 (we overwrite version from upstream Python at build time),3.36.0 (we overwrite version from upstream Python at build time)
SQLite,3.34.1,3.34.1,3.37.2,3.37.2,3.34.1,3.37.2,3.37.2,3.30.1,3.34.1,3.34.1,3.37.2,3.30.1,3.37.2,3.37.2,3.37.2,3.37.2,3.37.2,3.37.2,3.34.1,3.30.1,3.34.1,3.34.1,3.37.2,3.37.2,3.37.2,3.37.2,3.30.1 (we overwrite version from upstream Python at build time),3.37.2 (we overwrite version from upstream Python at build time)
Expat,2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.1.0⁵ (bundled with Python 2.7.8),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python),2.2.8 (bundled with Python)
zlib,1.2.11,p/o,1.2.11,1.2.11,p/o,p/o,1.2.11,p/o,p/o,1.2.11,p/o,p/o,1.2.11,1.2.11,p/o,p/o,1.2.11,p/o,p/o,p/o,p/o,p/o,1.2.11,1.2.11,p/o,p/o,1.2.11 (bundled with Python),1.2.11 (bundled with Python)
bzip2,1.0.8,1.0.8,1.0.8,1.0.8,1.0.8,1.0.8,1.0.8,p/o,p/o,1.0.8,p/o,p/o,1.0.8,1.0.8,1.0.8,1.0.8,1.0.8,1.0.8,p/o,p/o,p/o,p/o,1.0.8,1.0.8,1.0.8,1.0.8,1.0.6 (bundled with Python),1.0.6 (bundled with Python)
Expand All @@ -28,18 +28,18 @@ pysqlite,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3,2.8.3
pip,20.3.4,9.0.3,20.3.4,20.3.4,9.0.3,20.3.4,20.3.4,9.0.3,20.3.4,20.3.4,20.3.4,9.0.3,20.3.4,20.3.4,20.3.4,20.3.4,20.3.4,20.3.4,20.3.4,9.0.3,20.3.4,20.3.4,20.3.4,20.3.4,20.3.4,20.3.4,20.3.4,20.3.4
setuptools,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,41.6.0,41.6.0,41.6.0,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1,44.1.1
wheel,0.36.2,0.33.6,0.37.0,0.37.0,0.33.6,0.37.0,0.37.0,0.33.6,0.37.0,0.36.2,0.37.0,0.33.6,0.37.0,0.37.0,0.37.0,0.37.0,0.37.0,0.37.0,0.36.2,0.33.6,0.36.2,0.37.0,0.37.0,0.37.0,0.37.0,0.37.0,0.36.2,0.37.0
pycparser,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20,2.20
pycparser,2.20,2.20,2.21,2.21,2.21,2.21,2.21,2.20,2.21,2.20,2.21,2.20,2.21,2.21,2.21,2.21,2.21,2.21,2.20,2.20,2.20,2.21,2.21,2.21,2.21,2.21,2.20,2.21
setproctitle,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10
cryptography,3.2.1¹²,2.9.2¹²,3.2.1¹²,3.3.2,3.3.2,3.3.2,3.3.2,2.9.2¹²,3.3.2,n/a,3.3.2,2.9.2¹² (wheel includes OpenSSL),3.3.2,3.3.2,3.3.2,3.3.2,3.3.2,3.3.2,n/a,n/a,n/a,3.2.1¹²,3.3.2,3.3.2,3.3.2,3.3.2,2.9.2¹² (wheel includes OpenSSL),3.3.2 (wheel includes OpenSSL)
six,1.15.0,1.13.0,1.15.0,1.15.0,1.15.0,1.15.0,1.15.0,1.11.0,1.15.0,1.15.0,1.15.0,1.11.0,1.15.0,1.15.0,1.15.0,1.15.0,1.15.0,1.15.0,1.15.0,1.11.0,1.15.0,1.15.0,1.11.0,1.11.0,1.11.0,1.11.0,1.11.0,1.11.0
ipaddress,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,n/a,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,n/a,n/a,n/a,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23,1.0.23
cffi,1.14.5,1.14.0,1.14.6,1.14.6,1.14.0,1.14.6,1.14.6,1.14.0,1.14.6,n/a,1.14.6,1.14.0,1.14.6,1.14.6,1.14.6,1.14.6,1.14.6,1.14.6,n/a,1.14.0,1.14.5,1.14.6,1.14.6,1.14.6,1.14.6,1.14.6,1.14.0,1.14.6
cffi,1.14.5,1.14.0,1.15.0,1.15.0,1.14.0,1.15.0,1.15.0,1.14.0,1.15.0,n/a,1.15.0,1.14.0,1.15.0,1.15.0,1.15.0,1.15.0,1.15.0,1.15.0,n/a,1.14.0,1.14.5,1.15.0,1.15.0,1.15.0,1.15.0,1.15.0,1.14.0,1.15.0
asn1crypto,n/a,1.2.0,n/a,n/a,n/a,n/a,n/a,1.2.0,n/a,n/a,n/a,1.2.0,n/a,n/a,n/a,n/a,n/a,n/a,n/a,1.2.0,n/a,n/a,n/a,n/a,n/a,n/a,1.2.0,n/a
enum34,1.1.10,1.1.6,1.1.10,1.1.10,1.1.6,1.1.10,1.1.10,1.1.6,1.1.10,n/a,1.1.10,1.1.6,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,,,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.10,1.1.6,1.1.10
idna,n/a,2.6,n/a,n/a,n/a,n/a,n/a,2.6,n/a,n/a,n/a,2.6,n/a,n/a,n/a,n/a,n/a,n/a,n/a,2.6,n/a,n/a,n/a,n/a,n/a,n/a,2.6,n/a
pyOpenSSL,19.1.0,19.1.0,19.1.0,20.0.1,20.0.1,20.0.1,20.0.1,19.1.0,20.0.1,0.13.1⁷,20.0.1,19.1.0,20.0.1,20.0.1,20.0.1,20.0.1,20.0.1,20.0.1,0.13.1⁷,0.13.1⁷,0.13.1⁷,19.1.0,20.0.1,20.0.1,20.0.1,20.0.1,19.1.0,20.0.1
pyOpenSSL,19.1.0,19.1.0,19.1.0,21.0.0,21.0.0,21.0.0,21.0.0,19.1.0,21.0.0,0.13.1⁷,21.0.0,19.1.0,21.0.0,21.0.0,21.0.0,21.0.0,21.0.0,21.0.0,0.13.1⁷,0.13.1⁷,0.13.1⁷,19.1.0,21.0.0,21.0.0,21.0.0,21.0.0,19.1.0,21.0.0
scandir,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0,1.10.0
psutil,n/a,5.6.5,5.8.0,5.8.0,5.8.0,5.8.0,5.8.0,n/a,5.8.0,n/a,5.8.0,5.6.5,5.8.0,5.8.0,5.8.0,5.8.0,5.8.0,5.8.0,n/a,n/a,n/a,5.8.0,5.8.0,5.8.0,5.8.0,5.8.0,n/a,5.8.0
psutil,n/a,5.6.5,5.9.0,5.9.0,5.9.0,5.9.0,5.9.0,n/a,5.9.0,n/a,5.9.0,5.6.5,5.9.0,5.9.0,5.9.0,5.9.0,5.9.0,5.9.0,n/a,n/a,n/a,5.9.0,5.9.0,5.9.0,5.9.0,5.9.0,n/a,5.9.0
subprocess32,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4,3.5.4
bcrypt,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,n/a,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7,3.1.7
pywin32,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,n/a,,n/a,227,228
Expand Down
Loading

0 comments on commit 241e9fe

Please sign in to comment.