Python 3: Upgrade to fix CVE-2019-20907, CVE-2020-26116, CVE-2019-18348, CVE-2020-14422, Patch CVE-2020-27619 (#358)

2020-11-10 13:16:00 -08:00 · 2020-11-10 13:16:00 -08:00 · 93fe450a4f
--- a/SPECS/python3/CVE-2020-27619.patch
+++ b/SPECS/python3/CVE-2020-27619.patch
@ -0,0 +1,64 @@
+From 43e523103886af66d6c27cd72431b5d9d14cd2a9 Mon Sep 17 00:00:00 2001
+From: "Miss Skeleton (bot)" <31488909+miss-islington@users.noreply.github.com>
+Date: Mon, 19 Oct 2020 19:38:40 -0700
+Subject: [PATCH] bpo-41944: No longer call eval() on content received via HTTP
+ in the CJK codec tests (GH-22566) (GH-22578)
+
+(cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8)
+
+Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
+---
+ Lib/test/multibytecodec_support.py            | 22 +++++++------------
+ .../2020-10-05-17-43-46.bpo-41944.rf1dYb.rst  |  1 +
+ 2 files changed, 9 insertions(+), 14 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
+
+diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py
+index cca8af67d6d1d..f76c0153f5ecf 100644
+--- a/Lib/test/multibytecodec_support.py
+++ b/Lib/test/multibytecodec_support.py
+@@ -305,29 +305,23 @@ def test_mapping_file(self):
+             self._test_mapping_file_plain()
+ 
+     def _test_mapping_file_plain(self):
+-        unichrs = lambda s: ''.join(map(chr, map(eval, s.split('+'))))
+        def unichrs(s):
+            return ''.join(chr(int(x, 16)) for x in s.split('+'))
+
+         urt_wa = {}
+ 
+         with self.open_mapping_file() as f:
+             for line in f:
+                 if not line:
+                     break
+-                data = line.split('#')[0].strip().split()
+                data = line.split('#')[0].split()
+                 if len(data) != 2:
+                     continue
+ 
+-                csetval = eval(data[0])
+-                if csetval <= 0x7F:
+-                    csetch = bytes([csetval & 0xff])
+-                elif csetval >= 0x1000000:
+-                    csetch = bytes([(csetval >> 24), ((csetval >> 16) & 0xff),
+-                                    ((csetval >> 8) & 0xff), (csetval & 0xff)])
+-                elif csetval >= 0x10000:
+-                    csetch = bytes([(csetval >> 16), ((csetval >> 8) & 0xff),
+-                                    (csetval & 0xff)])
+-                elif csetval >= 0x100:
+-                    csetch = bytes([(csetval >> 8), (csetval & 0xff)])
+-                else:
+                if data[0][:2] != '0x':
+                    self.fail(f"Invalid line: {line!r}")
+                csetch = bytes.fromhex(data[0][2:])
+                if len(csetch) == 1 and 0x80 <= csetch[0]:
+                     continue
+ 
+                 unich = unichrs(data[1])
+diff --git a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
+new file mode 100644
+index 0000000000000..4f9782f1c85af
+--- /dev/null
+++ b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
+@@ -0,0 +1 @@
+Tests for CJK codecs no longer call ``eval()`` on content received via HTTP.
--- a/SPECS/python3/python3.signatures.json
+++ b/SPECS/python3/python3.signatures.json
@ -1,5 +1,5 @@
 {
 "Signatures": {
-  "Python-3.7.7.tar.xz": "06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136"
+  "Python-3.7.9.tar.xz": "91923007b05005b5f9bd46f3b9172248aea5abc1543e8a636d59e629c3331b01"
 }
 }
--- a/SPECS/python3/python3.spec
+++ b/SPECS/python3/python3.spec
@ -1,27 +1,28 @@
 %global openssl_flags -DOPENSSL_NO_SSL3 -DOPENSSL_NO_SSL2
-
 Summary:        A high-level scripting language
 Name:           python3
-Version:        3.7.7
+Version:        3.7.9
 Release:        2%{?dist}
 License:        PSF
-URL:            http://www.python.org/
-Group:          System Environment/Programming
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
+Group:          System Environment/Programming
+URL:            https://www.python.org/
 Source0:        https://www.python.org/ftp/python/%{version}/Python-%{version}.tar.xz
 Patch0:         cgi3.patch
 Patch1:         python3-support-mariner-platform.patch
 Patch2:         Replace-unsupported-TLS-methods.patch
-BuildRequires:  pkg-config >= 0.28
+# CVE-2020-27619 patch is pulled from upstream commit
+Patch3:         CVE-2020-27619.patch
 BuildRequires:  bzip2-devel
-BuildRequires:  ncurses-devel
-BuildRequires:  openssl-devel
-BuildRequires:  readline-devel
-BuildRequires:  xz-devel
 BuildRequires:  expat-devel >= 2.1.0
 BuildRequires:  libffi-devel >= 3.0.13
+BuildRequires:  ncurses-devel
+BuildRequires:  openssl-devel
+BuildRequires:  pkg-config >= 0.28
+BuildRequires:  readline-devel
 BuildRequires:  sqlite-devel
+BuildRequires:  xz-devel
 Requires:       ncurses
 Requires:       openssl
 Requires:       python3-libs = %{version}-%{release}
@ -29,10 +30,9 @@ Requires:       readline
 Requires:       xz
 Provides:       python-sqlite
 Provides:       python(abi)
-Provides:       /usr/bin/python
+Provides:       %{_bindir}/python
 Provides:       /bin/python
 Provides:       /bin/python3
-
 %if %{with_check}
 BuildRequires:  iana-etc
 BuildRequires:  tzdata
@ -45,15 +45,14 @@ strings support, easier and more intuitive syntax, and removes the deprecated
 code. It is incompatible with Python 2.x releases.

 %package libs
-Summary: The libraries for python runtime
-Group: Applications/System
+Summary:        The libraries for python runtime
+Group:          Applications/System
+Requires:       bzip2-libs
 Requires:       coreutils
 Requires:       expat >= 2.1.0
 Requires:       libffi >= 3.0.13
 Requires:       ncurses
 Requires:       sqlite-libs
-Requires:       bzip2-libs
-

 %description    libs
 The python interpreter can be embedded into applications wanting to
@ -63,8 +62,8 @@ provides the libraries needed for python 3 applications.
 %package        xml
 Summary:        XML libraries for python3 runtime
 Group:          Applications/System
-Requires:       python3-libs = %{version}-%{release}
 Requires:       python3 = %{version}-%{release}
+Requires:       python3-libs = %{version}-%{release}

 %description    xml
 The python3-xml package provides the libraries needed for XML manipulation.
@ -72,20 +71,20 @@ The python3-xml package provides the libraries needed for XML manipulation.
 %package        curses
 Summary:        Python module interface for NCurses Library
 Group:          Applications/System
-Requires:       python3-libs = %{version}-%{release}
 Requires:       ncurses
+Requires:       python3-libs = %{version}-%{release}

 %description    curses
 The python3-curses package provides interface for ncurses library.

 %package        devel
-Summary: The libraries and header files needed for Python development.
+Summary:        The libraries and header files needed for Python development.
 Group:          Development/Libraries
-Requires:       python3 = %{version}-%{release}
 Requires:       expat-devel >= 2.1.0
+Requires:       python3 = %{version}-%{release}
 # Needed here because of the migration of Makefile from -devel to the main
 # package
-Conflicts: python3 < %{version}-%{release}
+Conflicts:      python3 < %{version}-%{release}

 %description    devel
 The Python programming language's interpreter can be extended with
@ -110,9 +109,9 @@ to build python programs.
 %package        pip
 Summary:        The PyPA recommended tool for installing Python packages.
 Group:          Development/Tools
-BuildArch:      noarch
 Requires:       python3 = %{version}-%{release}
 Requires:       python3-xml = %{version}-%{release}
+BuildArch:      noarch

 %description    pip
 The PyPA recommended tool for installing Python packages.
@ -120,16 +119,16 @@ The PyPA recommended tool for installing Python packages.
 %package        setuptools
 Summary:        Download, build, install, upgrade, and uninstall Python packages.
 Group:          Development/Tools
-BuildArch:      noarch
 Requires:       python3 = %{version}-%{release}
+BuildArch:      noarch

 %description    setuptools
 setuptools is a collection of enhancements to the Python distutils that allow you to more easily build and distribute Python packages, especially ones that have dependencies on other packages.

 %package test
-Summary: Regression tests package for Python.
-Group: Development/Tools
-Requires: python3 = %{version}-%{release}
+Summary:        Regression tests package for Python.
+Group:          Development/Tools
+Requires:       python3 = %{version}-%{release}

 %description test
 The test package contains all regression tests for Python as well as the modules test.support and test.regrtest. test.support is used to enhance your tests while test.regrtest drives the testing suite.
@ -139,6 +138,7 @@ The test package contains all regression tests for Python as well as the modules
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1

 %build
 export OPT="%{optflags} %{openssl_flags}"
@ -173,10 +173,10 @@ make  %{?_smp_mflags} test
 %clean
 rm -rf %{buildroot}/*

+
 %files
 %defattr(-, root, root)
 %license LICENSE
-%doc LICENSE README.rst
 %{_bindir}/pydoc*
 %{_bindir}/pyvenv*
 %{_bindir}/python3
@ -191,7 +191,6 @@ rm -rf %{buildroot}/*
 %{_libdir}/libpython3.7.so
 %{_libdir}/libpython3.7m.so.1.0

-
 %exclude %{_libdir}/python3.7/ctypes/test
 %exclude %{_libdir}/python3.7/distutils/tests
 %exclude %{_libdir}/python3.7/sqlite3/test
@ -201,7 +200,6 @@ rm -rf %{buildroot}/*

 %files libs
 %defattr(-,root,root)
-%doc LICENSE README.rst
 %{_libdir}/python3.7
 %{_libdir}/python3.7/site-packages/easy_install.py
 %{_libdir}/python3.7/site-packages/README.txt
@ -218,11 +216,11 @@ rm -rf %{buildroot}/*
 %exclude %{_libdir}/python3.7/lib-dynload/_curses*.so
 %exclude %{_libdir}/python3.7/distutils/command/wininst-*.exe

-%files  xml
+%files xml
 %{_libdir}/python3.7/xml/*
 %{_libdir}/python3.7/lib-dynload/pyexpat*.so

-%files  curses
+%files curses
 %{_libdir}/python3.7/curses/*
 %{_libdir}/python3.7/lib-dynload/_curses*.so

@ -251,105 +249,153 @@ rm -rf %{buildroot}/*
 %files pip
 %defattr(-,root,root,755)
 %{_libdir}/python3.7/site-packages/pip/*
-%{_libdir}/python3.7/site-packages/pip-19.2.3.dist-info/*
+%{_libdir}/python3.7/site-packages/pip-20.1.1.dist-info/*
 %{_bindir}/pip*

 %files setuptools
 %defattr(-,root,root,755)
 %{_libdir}/python3.7/site-packages/pkg_resources/*
 %{_libdir}/python3.7/site-packages/setuptools/*
-%{_libdir}/python3.7/site-packages/setuptools-41.2.0.dist-info/*
+%{_libdir}/python3.7/site-packages/setuptools-47.1.0.dist-info/*
 %{_bindir}/easy_install-3.7

 %files test
 %{_libdir}/python3.7/test/*

 %changelog
-*   Mon Jul 06 2020 Henry Beberman <henry.beberman@microsoft.com> 3.7.7-2
-   Add BuildRequires for iana-etc and tzdata for check section.
-*   Wed Jun 10 2020 Paul Monson <paulmon@microsoft.com> 3.7.7-1
-   Update to Python 3.7.7 to fix CVEs
-*   Thu May 21 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 3.7.3-10
-   Fix CVE-2019-16056.
-*   Wed May 20 2020 Nicolas Ontiveros <niontive@microsoft.com> 3.7.3-9
-   Fix CVE-2020-8492.
-*   Wed May 20 2020 Paul Monson <paulmon@microsoft.com> 3.7.3-8
-   Fix variable use.
-*   Sat May 09 00:20:54 PST 2020 Nick Samson <nisamson@microsoft.com> - 3.7.3-7
-   Added %%license line automatically
-*   Wed May 06 2020 Paul Monson <paulmon@microsoft.com> 3.7.3-6
-   Replace unsupported TLS methods with a patch.
-*   Thu Apr 09 2020 Nicolas Ontiveros <niontive@microsoft.com> 3.7.3-5
-   Remove toybox and only use coreutils for requires.
-*   Mon Nov 25 2019 Andrew Phelps <anphel@microsoft.com> 3.7.3-4
-   Remove duplicate libpython3.so from devel package
-*   Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 3.7.3-3
-   Initial CBL-Mariner import from Photon (license: Apache2).
-*   Mon Jun 17 2019 Tapas Kundu <tkundu@vmware.com> 3.7.3-2
-   Fix for CVE-2019-10160
-*   Mon Jun 10 2019 Tapas Kundu <tkundu@vmware.com> 3.7.3-1
-   Update to Python 3.7.3 release
-*   Thu May 23 2019 Tapas Kundu <tkundu@vmware.com> 3.7.0-6
-   Fix for CVE-2019-5010
-   Fix for CVE-2019-9740
-*   Tue Mar 12 2019 Tapas Kundu <tkundu@vmware.com> 3.7.0-5
-   Fix for CVE-2019-9636
-*   Mon Feb 11 2019 Taps Kundu <tkundu@vmware.com> 3.7.0-4
-   Fix for CVE-2018-20406
-*   Fri Dec 21 2018 Tapas Kundu <tkundu@vmware.com> 3.7.0-3
-   Fix for CVE-2018-14647
-*   Tue Dec 04 2018 Tapas Kundu <tkundu@vmware.com> 3.7.0-2
-   Excluded windows installer from python3 libs packaging.
-*   Wed Sep 26 2018 Tapas Kundu <tkundu@vmware.com> 3.7.0-1
-   Updated to version 3.7.0
-*   Mon Sep 18 2017 Alexey Makhalov <amakhalov@vmware.com> 3.6.1-9
-   Requires coreutils or toybox
-   Requires bzip2-libs
-*   Fri Sep 15 2017 Bo Gan <ganb@vmware.com> 3.6.1-8
-   Remove devpts mount in check
-*   Mon Aug 28 2017 Dheeraj Shetty <dheerajs@vmware.com> 3.6.1-7
-   Add pty for tests to pass
-*   Wed Jul 12 2017 Xiaolin Li <xiaolinl@vmware.com> 3.6.1-6
-   Add python3-test package.
-*   Fri Jun 30 2017 Dheeraj Shetty <dheerajs@vmware.com> 3.6.1-5
-   Remove the imaplib tests.
-*   Mon Jun 05 2017 Xiaolin Li <xiaolinl@vmware.com> 3.6.1-4
-   Added pip, setuptools, xml, and curses sub packages.
-*   Sun Jun 04 2017 Bo Gan <ganb@vmware.com> 3.6.1-3
-   Fix symlink and script
-*   Wed May 10 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 3.6.1-2
-   Exclude idle3.
-*   Wed Apr 26 2017 Siju Maliakkal <smaliakkal@vmware.com> 3.6.1-1
-   Updating to latest
-*   Fri Apr 14 2017 Alexey Makhalov <amakhalov@vmware.com> 3.5.3-3
-   Python3-devel requires expat-devel.
-*   Thu Mar 23 2017 Xiaolin Li <xiaolinl@vmware.com> 3.5.3-2
-   Provides /bin/python3.
-*   Tue Feb 28 2017 Xiaolin Li <xiaolinl@vmware.com> 3.5.3-1
-   Updated to version 3.5.3.
-*   Fri Jan 20 2017 Dheeraj Shetty <dheerajs@vmware.com> 3.5.1-10
-   Added patch to support Photon OS
-*   Tue Dec 20 2016 Xiaolin Li <xiaolinl@vmware.com> 3.5.1-9
-   Move easy_install-3.5 to devel subpackage.
-*   Wed Nov 16 2016 Alexey Makhalov <ppadmavilasom@vmware.com> 3.5.1-8
-   Use sqlite-{devel,libs}
-*   Thu Oct 27 2016 Anish Swaminathan <anishs@vmware.com> 3.5.1-7
-   Patch for CVE-2016-5636
-*   Mon Oct 10 2016 ChangLee <changlee@vmware.com> 3.5.1-6
-   Modified %check
-*   Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 3.5.1-5
-   GA - Bump release of all rpms
-*   Wed May 04 2016 Anish Swaminathan <anishs@vmware.com> 3.5.1-4
-   Edit scriptlets.
-*   Wed Apr 13 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 3.5.1-3
-   update python to require python-libs
-*   Thu Apr 07 2016 Mahmoud Bassiouny <mbassiouny@vmware.com> 3.5.1-2
-   Providing python3 binaries instead of the minor versions.
-*   Tue Feb 23 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 3.5.1-1
-   Updated to version 3.5.1
-*   Wed Dec 09 2015 Anish Swaminathan <anishs@vmware.com> 3.4.3-3
-   Edit post script.
-*   Mon Aug 17 2015 Vinay Kulkarni <kulkarniv@vmware.com> 3.4.3-2
-   Remove python.o file, and minor cleanups.
-*   Wed Jul 1 2015 Vinay Kulkarni <kulkarniv@vmware.com> 3.4.3
-   Add Python3 package to Photon.
+* Fri Nov 06 2020 Thomas Crain <thcrain@microsoft.com> - 3.7.9-2
+- Patch CVE-2020-27619
+
+* Fri Nov 06 2020 Thomas Crain <thcrain@microsoft.com> - 3.7.9-1
+- Update to 3.7.9, the latest security release for 3.7
+
+* Mon Jul 06 2020 Henry Beberman <henry.beberman@microsoft.com> - 3.7.7-2
+- Add BuildRequires for iana-etc and tzdata for check section.
+
+* Wed Jun 10 2020 Paul Monson <paulmon@microsoft.com> - 3.7.7-1
+- Update to Python 3.7.7 to fix CVEs
+
+* Thu May 21 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> - 3.7.3-10
+- Fix CVE-2019-16056.
+
+* Wed May 20 2020 Nicolas Ontiveros <niontive@microsoft.com> - 3.7.3-9
+- Fix CVE-2020-8492.
+
+* Wed May 20 2020 Paul Monson <paulmon@microsoft.com> - 3.7.3-8
+- Fix variable use.
+
+* Sat May 09 00:20:54 PST 2020 Nick Samson <nisamson@microsoft.com> - 3.7.3-7
+- Added %%license line automatically
+
+* Wed May 06 2020 Paul Monson <paulmon@microsoft.com> - 3.7.3-6
+- Replace unsupported TLS methods with a patch.
+
+* Thu Apr 09 2020 Nicolas Ontiveros <niontive@microsoft.com> - 3.7.3-5
+- Remove toybox and only use coreutils for requires.
+
+* Mon Nov 25 2019 Andrew Phelps <anphel@microsoft.com> - 3.7.3-4
+- Remove duplicate libpython3.so from devel package
+
+* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> - 3.7.3-3
+- Initial CBL-Mariner import from Photon (license: Apache2).
+
+* Mon Jun 17 2019 Tapas Kundu <tkundu@vmware.com> - 3.7.3-2
+- Fix for CVE-2019-10160
+
+* Mon Jun 10 2019 Tapas Kundu <tkundu@vmware.com> - 3.7.3-1
+- Update to Python 3.7.3 release
+
+* Thu May 23 2019 Tapas Kundu <tkundu@vmware.com> - 3.7.0-6
+- Fix for CVE-2019-5010
+- Fix for CVE-2019-9740
+
+* Tue Mar 12 2019 Tapas Kundu <tkundu@vmware.com> - 3.7.0-5
+- Fix for CVE-2019-9636
+
+* Mon Feb 11 2019 Taps Kundu <tkundu@vmware.com> - 3.7.0-4
+- Fix for CVE-2018-20406
+
+* Fri Dec 21 2018 Tapas Kundu <tkundu@vmware.com> - 3.7.0-3
+- Fix for CVE-2018-14647
+
+* Tue Dec 04 2018 Tapas Kundu <tkundu@vmware.com> - 3.7.0-2
+- Excluded windows installer from python3 libs packaging.
+
+* Wed Sep 26 2018 Tapas Kundu <tkundu@vmware.com> - 3.7.0-1
+- Updated to version 3.7.0
+
+* Mon Sep 18 2017 Alexey Makhalov <amakhalov@vmware.com> - 3.6.1-9
+- Requires coreutils or toybox
+- Requires bzip2-libs
+
+* Fri Sep 15 2017 Bo Gan <ganb@vmware.com> - 3.6.1-8
+- Remove devpts mount in check
+
+* Mon Aug 28 2017 Dheeraj Shetty <dheerajs@vmware.com> - 3.6.1-7
+- Add pty for tests to pass
+
+* Wed Jul 12 2017 Xiaolin Li <xiaolinl@vmware.com> - 3.6.1-6
+- Add python3-test package.
+
+* Fri Jun 30 2017 Dheeraj Shetty <dheerajs@vmware.com> - 3.6.1-5
+- Remove the imaplib tests.
+
+* Mon Jun 05 2017 Xiaolin Li <xiaolinl@vmware.com> - 3.6.1-4
+- Added pip, setuptools, xml, and curses sub packages.
+
+* Sun Jun 04 2017 Bo Gan <ganb@vmware.com> - 3.6.1-3
+- Fix symlink and script
+
+* Wed May 10 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> - 3.6.1-2
+- Exclude idle3.
+
+* Wed Apr 26 2017 Siju Maliakkal <smaliakkal@vmware.com> - 3.6.1-1
+- Updating to latest
+
+* Fri Apr 14 2017 Alexey Makhalov <amakhalov@vmware.com> - 3.5.3-3
+- Python3-devel requires expat-devel.
+
+* Thu Mar 23 2017 Xiaolin Li <xiaolinl@vmware.com> - 3.5.3-2
+- Provides /bin/python3.
+
+* Tue Feb 28 2017 Xiaolin Li <xiaolinl@vmware.com> - 3.5.3-1
+- Updated to version 3.5.3.
+
+* Fri Jan 20 2017 Dheeraj Shetty <dheerajs@vmware.com> - 3.5.1-10
+- Added patch to support Photon OS
+
+* Tue Dec 20 2016 Xiaolin Li <xiaolinl@vmware.com> - 3.5.1-9
+- Move easy_install-3.5 to devel subpackage.
+
+* Wed Nov 16 2016 Alexey Makhalov <ppadmavilasom@vmware.com> - 3.5.1-8
+- Use sqlite-{devel,libs}
+
+* Thu Oct 27 2016 Anish Swaminathan <anishs@vmware.com> - 3.5.1-7
+- Patch for CVE-2016-5636
+
+* Mon Oct 10 2016 ChangLee <changlee@vmware.com> - 3.5.1-6
+- Modified %check
+
+* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> - 3.5.1-5
+- GA - Bump release of all rpms
+
+* Wed May 04 2016 Anish Swaminathan <anishs@vmware.com> - 3.5.1-4
+- Edit scriptlets.
+
+* Wed Apr 13 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> - 3.5.1-3
+- update python to require python-libs
+
+* Thu Apr 07 2016 Mahmoud Bassiouny <mbassiouny@vmware.com> - 3.5.1-2
+- Providing python3 binaries instead of the minor versions.
+
+* Tue Feb 23 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> - 3.5.1-1
+- Updated to version 3.5.1
+
+* Wed Dec 09 2015 Anish Swaminathan <anishs@vmware.com> - 3.4.3-3
+- Edit post script.
+
+* Mon Aug 17 2015 Vinay Kulkarni <kulkarniv@vmware.com> - 3.4.3-2
+- Remove python.o file, and minor cleanups.
+
+* Wed Jul 1 2015 Vinay Kulkarni <kulkarniv@vmware.com> - 3.4.3
+- Add Python3 package to Photon.
--- a/cgmanifest.json
+++ b/cgmanifest.json
@ -4226,8 +4226,8 @@
        "type": "other",
        "other": {
          "name": "python3",
-          "version": "3.7.7",
-          "downloadUrl": "https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tar.xz"
+          "version": "3.7.9",
+          "downloadUrl": "https://www.python.org/ftp/python/3.7.9/Python-3.7.9.tar.xz"
        }
      }
    },