1a3cef77d4
This version includes fixes for: * CVE-2020-14422: Hash collisions in IPv4Interface and IPv6Interface * CVE-2020-15523: Python uses invalid DLL path after calling Py_SetPath on Windows This version also includes support for OpenSSL 1.1.x builds that use 'no-deprecated' and '--api=1.1.0'[1], and so this removes the previous OpenSSL-related patches. This also backports fixes for security issues, including: * CVE-2019-20907: Infinite loop in the tarfile module This also updates the setuptools and pip packages to 47.1.0 and 20.1.1, respectively. [1]: https://github.com/python/cpython/pull/20566 Signed-off-by: Jeffery To <jeffery.to@gmail.com>
16 lines
763 B
Diff
16 lines
763 B
Diff
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848136
|
|
https://sources.debian.org/patches/python-setuptools/40.8.0-1/reproducible.diff/
|
|
|
|
Index: b/setuptools/command/easy_install.py
|
|
===================================================================
|
|
--- a/setuptools/command/easy_install.py
|
|
+++ b/setuptools/command/easy_install.py
|
|
@@ -423,7 +423,7 @@ class easy_install(Command):
|
|
for spec in self.args:
|
|
self.easy_install(spec, not self.no_deps)
|
|
if self.record:
|
|
- outputs = self.outputs
|
|
+ outputs = list(sorted(self.outputs))
|
|
if self.root: # strip any package prefix
|
|
root_len = len(self.root)
|
|
for counter in range(len(outputs)):
|