d78bdbd8ad
This contains a fix for CVE-2020-8492 (Denial of service in urllib.request.AbstractBasicAuthHandler)[1]. This also updates the setuptools and pip packages to 47.1.0 and 20.1.1, respectively. [1]: https://docs.python.org/release/3.7.8/whatsnew/changelog.html#python-3-7-8-release-candidate-1 Signed-off-by: Jeffery To <jeffery.to@gmail.com>
16 lines
763 B
Diff
16 lines
763 B
Diff
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848136
|
|
https://sources.debian.org/patches/python-setuptools/40.8.0-1/reproducible.diff/
|
|
|
|
Index: b/setuptools/command/easy_install.py
|
|
===================================================================
|
|
--- a/setuptools/command/easy_install.py
|
|
+++ b/setuptools/command/easy_install.py
|
|
@@ -423,7 +423,7 @@ class easy_install(Command):
|
|
for spec in self.args:
|
|
self.easy_install(spec, not self.no_deps)
|
|
if self.record:
|
|
- outputs = self.outputs
|
|
+ outputs = list(sorted(self.outputs))
|
|
if self.root: # strip any package prefix
|
|
root_len = len(self.root)
|
|
for counter in range(len(outputs)):
|