linux sdk: update python

tools/jenkins/include/scripts/pkg/python2.sh

@@ -6,6 +6,25 @@ PY2_VERSION=2.7.18
 PY2_VERSION_SHORT=${PY2_VERSION%.*}
 PY2_TAR="Python-${PY2_VERSION}.tar.xz"
 PY2_SITE="https://www.python.org/ftp/python/${PY2_VERSION}"
+
+PY2VER="${PY2_VERSION_SHORT}"
+PY2VERNODOT=$(echo ${PY2VER:-}| sed 's/\.//')
+PY2_EXE=$SDK_HOME/bin/python2
+PY2_LIB=$SDK_HOME/lib/libpython${PY2VER}.so
+PY2_INC=$SDK_HOME/include/python${PY2VER}
+if [ -z "${PYV:-}" ] || [ "$PYV" = "2" ]; then
+    PYV=2
+    PYVER="${PY2VER}"
+    PYVERNODOT="${PY2VERNODOT}"
+    PY_EXE="$SDK_HOME/bin/python${PYV}"
+    PY_LIB="$SDK_HOME/lib/libpython${PYVER}.so"
+    PY_INC="$SDK_HOME/include/python${PYVER}"
+    PYTHON_HOME="$SDK_HOME"
+    PYTHON_PATH="$SDK_HOME/lib/python${PYVER}"
+    PYTHON_INCLUDE="$SDK_HOME/include/python${PYVER}"
+    export PYTHON_PATH PYTHON_INCLUDE
+fi
+
 if download_step; then
     download "$PY2_SITE" "$PY2_TAR"
 fi
@@ -15,7 +34,7 @@ if build_step && { force_build || { [ ! -s "$SDK_HOME/lib/pkgconfig/python2.pc"
     pushd "Python-${PY2_VERSION}"
 
     ##########################################################
-    ## Patches from https://rpmfind.net/linux/RPM/fedora/devel/rawhide/aarch64/p/python2.7-2.7.18-11.fc35.aarch64.html
+    ## Patches from python2.7-2.7.18-15.fc36 https://src.fedoraproject.org/rpms/python2.7
 
     # 00351 # 1ae2a3db6d7af4ea973d1aee285e5fb9f882fdd0
     # Avoid infinite loop when reading specially crafted TAR files using the tarfile module
@@ -64,6 +83,29 @@ if build_step && { force_build || { [ ! -s "$SDK_HOME/lib/pkgconfig/python2.pc"
     # but a warning is raised if parse_qs is used on input that contains ';'.
     patch -Np1 -i "$INC_PATH"/patches/python27/00359-CVE-2021-23336.patch
 
+    # 00366 # e76b05ea3313854adf80e290c07d5b38fef606bb
+    # CVE-2021-3733: Fix ReDoS in urllib AbstractBasicAuthHandler
+    #
+    # Fix Regular Expression Denial of Service (ReDoS) vulnerability in
+    # urllib2.AbstractBasicAuthHandler. The ReDoS-vulnerable regex
+    # has quadratic worst-case complexity and it allows cause a denial of
+    # service when identifying crafted invalid RFCs. This ReDoS issue is on
+    # the client side and needs remote attackers to control the HTTP server.
+    #
+    # Backported from Python 3 together with another backward-compatible
+    # improvement of the regex from fix for CVE-2020-8492.
+    patch -Np1 -i "$INC_PATH"/patches/python27/00366-CVE-2021-3733.patch
+
+    # 00368 # 10dcf6732fb101ce89ad506a89365c6b1ff8c4e4
+    # CVE-2021-3737: http client infinite line reading (DoS) after a HTTP 100 Continue
+    #
+    # Fixes http.client potential denial of service where it could get stuck reading
+    # lines from a malicious server after a 100 Continue response.
+    #
+    # Backported from Python 3.
+    patch -Np1 -i "$INC_PATH"/patches/python27/00368-CVE-2021-3737.patch
+
+    # (New patches go here ^^^)
     # End of Fedora patches
     ##################################################################
 

tools/jenkins/include/scripts/pkg/python3.sh

@@ -2,10 +2,29 @@
 
 # Install Python3
 # see http://www.linuxfromscratch.org/blfs/view/svn/general/python3.html
-PY3_VERSION=3.9.6
+PY3_VERSION=3.9.7
 PY3_VERSION_SHORT=${PY3_VERSION%.*}
 PY3_TAR="Python-${PY3_VERSION}.tar.xz"
 PY3_SITE="https://www.python.org/ftp/python/${PY3_VERSION}"
+
+PY3VER="${PY3_VERSION_SHORT}"
+PY3VERNODOT=$(echo ${PY3VER:-}| sed 's/\.//')
+PY3_EXE=$SDK_HOME/bin/python3
+PY3_LIB=$SDK_HOME/lib/libpython${PY3VER}.so
+PY3_INC=$SDK_HOME/include/python${PY3VER}
+if [ -z "${PYV:-}" ] || [ "$PYV" = "3" ]; then
+    PYV=3
+    PYVER="${PY3VER}"
+    PYVERNODOT="${PY3VERNODOT}"
+    PY_EXE="$SDK_HOME/bin/python${PYV}"
+    PY_LIB="$SDK_HOME/lib/libpython${PYVER}.so"
+    PY_INC="$SDK_HOME/include/python${PYVER}"
+    PYTHON_HOME="$SDK_HOME"
+    PYTHON_PATH="$SDK_HOME/lib/python${PYVER}"
+    PYTHON_INCLUDE="$SDK_HOME/include/python${PYVER}"
+    export PYTHON_PATH PYTHON_INCLUDE
+fi
+
 if download_step; then
     download "$PY3_SITE" "$PY3_TAR"
 fi