python-3.10 - address CVE-2024-4032

smoser · smoser · commit 1485d2b05c80 · 2024-06-27T18:33:39.000Z
python/cpython#113171
diff --git a/py3-setuptools.yaml b/py3-setuptools.yaml
@@ -48,6 +48,12 @@ subpackages:
         with:
           python: python${{range.key}}
       - uses: strip
+    test:
+      pipeline:
+        - uses: python/import
+          with:
+            import: setuptools
+            python: python${{range.key}}
 
   - name: py3-supported-${{vars.pypi-package}}
     description: meta package providing ${{vars.pypi-package}} for supported python versions.
diff --git a/python-3.10.yaml b/python-3.10.yaml
@@ -1,7 +1,7 @@
 package:
   name: python-3.10
   version: 3.10.14
-  epoch: 3
+  epoch: 4
   description: "the Python programming language"
   copyright:
     - license: PSF-2.0
@@ -48,6 +48,9 @@ pipeline:
       expected-commit: 976ea78599d71f22e9c0fefc2dc37c1d9fc835a4
       repository: https://github.com/python/cpython.git
       tag: v${{package.version}}
+      cherry-picks: |
+        # https://github.com/python/cpython/issues/113171
+        3.10/c62c9e518b784fe44432a3f4fc265fb95b651906: CVE-2024-4032
 
   - name: Force use of system libraries
     runs: |
