micropython - Debian Package Tracker

general

source: micropython (main)
version: 1.24.1+ds-1
maintainer: Yangfl (DMD)
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

unstable: 1.24.1+ds-1

versioned links

1.24.1+ds-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

micropython
micropython-doc

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:00:54
Last run: 2024-02-10T13:59:40.000Z
Previous status: unknown

testing: fail (log)
The tests ran in 0:01:47
Last run: 2022-05-27T01:30:31.000Z
Previous status: unknown

Created: 2022-04-17 Last update: 2025-03-13 13:33

3 security issues in trixie high

There are 3 open security issues in trixie.

3 important issues:

CVE-2024-8946: A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.
CVE-2024-8947: A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.23.0 is able to address this issue. The identifier of the patch is 4bed614e707c0644c06e117f848fa12605c711cd. It is recommended to upgrade the affected component. In micropython objarray component, when a bytes object is resized and copied into itself, it may reference memory that has already been freed.
CVE-2024-8948: A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply a patch to fix this issue. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes.

Created: 2024-09-17 Last update: 2024-09-21 14:00

25 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 36ee3ecb2bf75d9fd2b43a4a79a878ced2069325
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Tue Oct 29 17:28:25 2024 +0800

    debian: update to 1.24.1+ds

commit 192e2545e492339406af17e5634db2ec4ed07679
Merge: 6c5bc14e6a ce725b018e
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Sat Mar 8 17:08:08 2025 +0800

    Merge tag 'upstream/1.24.1+ds'

commit ce725b018e58638104cf932b30e99717d3a70225
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Sat Mar 8 17:05:09 2025 +0800

    Import Upstream version 1.24.1+ds

commit ecfdd5d6f9be971852003c2049600dc7b3e2a838
Author: Damien George <damien@micropython.org>
Date:   Fri Nov 29 23:53:11 2024 +1100

    all: Bump version to 1.24.1.
    
    Signed-off-by: Damien George <damien@micropython.org>

commit 564ef28ad2ca1c0fb302ac3f46d5f2d07de353de
Author: Angus Gratton <angus@redyak.com.au>
Date:   Wed Nov 20 16:15:20 2024 +1100

    py/objfloat: Workaround non-constant NAN definition on Windows MSVC.
    
    Recent MSVC versions have changed the definition of NAN to a non-constant
    expression!  This is a bug, C standard says it should be a constant.
    
    Good explanation and workaround at: https://stackoverflow.com/a/79199887
    
    This work was funded through GitHub Sponsors.
    
    Signed-off-by: Angus Gratton <angus@redyak.com.au>

commit 7118942a8c03413e0e85b9b42fc9e1b167966d57
Author: robert-hh <robert@hammelrath.com>
Date:   Wed Nov 27 16:57:02 2024 +0100

    nrf/drivers/ticker: Reset slow ticker callback count on soft reboot.
    
    The micro:bit board (and probably other boards using the music or display
    module) locked up on soft reboot.  Reason was a buffer overflow caused by
    an index counter, which was not reset on soft_reboot.
    
    That's fixed in this commit.  Tested with a micro:bit board, performing a
    series of soft reboots.
    
    Signed-off-by: robert-hh <robert@hammelrath.com>

commit 948863c0b8ab4937d11aadf4cbb1b688bf66bf8f
Author: Corran Webster <cwebster@unital.dev>
Date:   Thu Nov 14 10:15:10 2024 +0000

    extmod/modframebuf: Fix 0 radius bug in FrameBuffer.ellipse.
    
    This fixes a bug in FrameBuffer.ellipse where it goes into an infinite loop
    if both radii are 0.
    
    This fixes the bug with a simple pre-check to see if both radii are 0, and
    in that case sets a single pixel at the center. This is consistent with the
    behaviour of the method when called with just one of the radii set to 0,
    where it will draw a horizontal or vertical line of 1 pixel width.
    
    The pixel is set with setpixel_checked so it should handle out-of-bounds
    drawing correctly.
    
    This fix also includes three new tests: one for the default behaviour, one
    for drawing out-of-bounds, and one for when the sector mask is 0.
    
    Fixes issue #16053.
    
    Signed-off-by: Corran Webster <cwebster@unital.dev>

commit 33f50d4f20de3543f81a8404545eeeffb4aebbc0
Author: Angus Gratton <angus@redyak.com.au>
Date:   Wed Nov 6 17:14:09 2024 +1100

    esp32: Fix machine.TouchPad startup on ESP32-S2 and S3.
    
    Closes #13178.
    
    TouchPad confirmed working on both chips, and fixes the the ESP32-S3
    reading constant max value. Was unable to reproduce the bug on ESP32-S2 but
    this may be due to my test setup, and it still works with the fix.
    
    This work was funded through GitHub Sponsors.
    
    Signed-off-by: Angus Gratton <angus@redyak.com.au>

commit eb0027b82f77e9c9f072cecc1130c66ac287bc8a
Author: Angus Gratton <angus@redyak.com.au>
Date:   Wed Nov 6 16:48:56 2024 +1100

    esp32: Use hardware version for touchpad macro defines.
    
    ESP32 has hardware V1 and S2/S3 has V2, and future chips
    may have different versions.
    
    This should still compile to the same binary before and after.
    
    This work was funded through GitHub Sponsors.
    
    Signed-off-by: Angus Gratton <angus@redyak.com.au>

commit 03bc561edb39073af28e0ee32a5e47543a0973c8
Author: Angus Gratton <angus@redyak.com.au>
Date:   Wed Nov 13 10:16:25 2024 +1100

    esp32: Fix setting WLAN channel in AP mode.
    
    - Previously the call to esp_wifi_set_channel() would be immediately
      overridden by calling esp_wifi_config(...) with the previous channel set.
    
    - AP interface doesn't seem to need more than esp_wifi_config(...) to work.
      It will automatically configure 40MHz bandwidth and place the secondary
      channel using similar logic to what was being explicitly calculated here.
    
    - However, calling esp_wifi_set_channel() on the STA interface is necessary
      if using this interface with ESP-NOW (without connecting to an AP). So
      the esp_wifi_set_channel() call is kept in for this purpose. Without
      this, tests/multi_espnow/70_channel.py fails.
    
    This work was funded through GitHub Sponsors.
    
    Signed-off-by: Angus Gratton <angus@redyak.com.au>

commit 49b83ed44a0bd8ed2e8b4b82ae9ca09b47f4dbf9
Author: Angus Gratton <angus@redyak.com.au>
Date:   Wed Nov 13 18:04:59 2024 +1100

    extmod/network_cyw43: Allow configuring active AP interface.
    
    Configuring the AP for cyw43 writes to some buffers that are only sent to
    the modem when the interface is brought up. This means you can't configure
    the AP after calling active(True), the new settings seem to be accepted but
    the radio doesn't change.
    
    This is different to the WLAN behaviour on other ports. The esp8266 port
    requires calling active(True) on the AP before configuring, even.
    
    Fix this by bouncing the AP interface after a config change, if it's
    active. Configuring with active(False) still works the same as before.
    
    Adds a static variable to track interface active state, rather than relying
    on the LWIP interface state. This is because the interface state is updated
    by a driver callback and there's a race: if code calls active(True) and
    then config(a=b) then the driver doesn't know it's active yet and the
    changes aren't correctly applied.
    
    It is possible this pattern will cause the AP to come up briefly with the
    default "PICOabcd" SSID before being reconfigured, however (due to the
    aforementioned race condition) it seems like this may not happen at all
    before the new config is applied.
    
    This work was funded through GitHub Sponsors.
    
    Signed-off-by: Angus Gratton <angus@redyak.com.au>

commit 4f4d683ea58b69ae0906894b5fb98c9da9216ff9
Author: Damien George <damien@micropython.org>
Date:   Tue Nov 19 11:26:34 2024 +1100

    extmod/network_cyw43: Fix uninitialised variable in status('stations').
    
    The `num_stas` was uninitialised and if it happened to take the value 0
    then no results were returned.  It now has the correct maximum value.
    
    Signed-off-by: Damien George <damien@micropython.org>

commit 67f893852af455a8fd938d67dda74f1465af0960
Author: Angus Gratton <angus@redyak.com.au>
Date:   Wed Nov 13 18:14:47 2024 +1100

    extmod/network_cyw43: Fix isconnected() result on AP interface.
    
    This function is documented to return True if any stations are connected to
    the AP. Without this fix it returns True whenever the driver has brought
    the AP interface up.
    
    This work was funded through GitHub Sponsors.
    
    Signed-off-by: Angus Gratton <angus@redyak.com.au>

commit 20a6d82872263e0ef20de7c71b62456907244596
Author: Damien George <damien@micropython.org>
Date:   Wed Nov 13 14:21:29 2024 +1100

    extmod/vfs_blockdev: Support bool return from Python read/write blocks.
    
    Commit f4ab9d924790581989f2398fe30bbac5d680577f inadvertently broke some
    Python block devices, for example esp32 and stm32 SDCard classes.  Those
    classes return a bool from their `readblocks` and `writeblocks` methods
    instead of an integer errno code.  With that change, both `False` and
    `True` return values are now be interpreted as non-zero and hence the block
    device call fails.
    
    The fix in this commit is to allow a bool and explicitly convert `True` to
    0 and `False` to `-MP_EIO`.
    
    Signed-off-by: Damien George <damien@micropython.org>

commit 0c580f71aedac16045f0ecad9cb586aa389d9cff
Author: Damien George <damien@micropython.org>
Date:   Mon Nov 11 12:04:57 2024 +1100

    esp32/modsocket: Fix getaddrinfo hints to set AI_CANONNAME.
    
    Because the `ai_canonname` field is subsequently used.
    
    ESP32_GENERIC_S3 (at least) crashes with IDF 5.2.3 without this set.
    
    Signed-off-by: Damien George <damien@micropython.org>

commit 4e78c611b4b2ac2ee9eefb90b352fdc585f2a80a
Author: Damien George <damien@micropython.org>
Date:   Wed Nov 6 12:45:06 2024 +1100

    tools/mpremote: Support trailing slash on dest for non-recursive copy.
    
    This fixes a regression in db59e55fe7a0b67d3af868990468e7b8056afe42: prior
    to that commit `mpremote` supported trailing slashes on the destination of
    a normal (non-recursive) copy.
    
    Add back support for that, with the semantics that a trailing slash
    requires the destination to be an existing directory.
    
    Also add a test for this.
    
    Signed-off-by: Damien George <damien@micropython.org>

commit 159b54b7da404bc9a8d60d8c989e33e11412e548
Author: Damien George <damien@micropython.org>
Date:   Wed Nov 6 12:44:50 2024 +1100

    tools/mpremote: Add test for forced copy.
    
    Signed-off-by: Damien George <damien@micropython.org>

commit c1a85bb6debb6f20a19d8699f2a009fadd4ed9d2
Author: Damien George <damien@micropython.org>
Date:   Wed Nov 6 12:43:04 2024 +1100

    tools/mpremote: Make sure stdout and stderr output appear in order.
    
    mpremote error messages now go to stderr, so make sure stdout is flushed
    before printing them.
    
    Also update the test runner to capture error messages.
    
    Signed-off-by: Damien George <damien@micropython.org>

commit 72799f99739f99496fd82b06b0c55ad7f58d2290
Author: Angus Gratton <angus@redyak.com.au>
Date:   Wed Nov 6 14:27:01 2024 +1100

    esp32: Workaround native code execution crash on ESP32-S2.
    
    Seemingly ESP-IDF incorrectly marks RTC FAST memory region
    as MALLOC_CAP_EXEC on ESP32-S2 when it isn't. This memory is
    the lowest priority, so it only is returned if D/IRAM is exhausted.
    
    Apply this workaround to treat the allocation as failed if it gives us
    non-executable RAM back, rather than crashing.
    
    This work was funded through GitHub Sponsors.
    
    Signed-off-by: Angus Gratton <angus@redyak.com.au>

commit 164c5492481cb0d66e13f068818f9e2bbfa4dad6
Author: Angus Gratton <angus@redyak.com.au>
Date:   Fri Nov 1 15:57:40 2024 +1100

    esp32/machine_pwm: Restore PWM support for ESP-IDF v5.0.x and v5.1.x.
    
    The cleanup in 548babf8 relies on some functions not available in older
    ESP-IDF. Temporarily restore them, until we drop support for ESP-IDF <5.2.
    
    PWM functionality should end up the same regardless of ESP-IDF version, and
    also no different from MicroPython V1.23.
    
    Signed-off-by: Angus Gratton <angus@redyak.com.au>

commit 6f327684b75ca882d34402f885897ada8e57592d
Author: Damien George <damien@micropython.org>
Date:   Thu Oct 31 12:41:17 2024 +1100

    extmod/modlwip: Fix IGMP address type when IPv6 is enabled.
    
    This was missed in 628abf8f25a7705a2810fffe2ca6ae652c532896.  The the bug
    was that, when IPv6 is enabled, the `sizeof(ip_addr_t)` is much larger than
    IPv4 size, which is what's needed for IGMP addressing.
    
    Fixes issue #16100.
    
    Signed-off-by: Damien George <damien@micropython.org>

commit a7d3bc23085fdc4dfe9bf644daf7fa6f2d5559df
Author: Jan Sturm <jansturm92@googlemail.com>
Date:   Tue Oct 29 19:26:19 2024 +0100

    py/objdeque: Fix buffer overflow in deque_subscr.
    
    In `deque_subscr()`, if `index_val` equals `self->alloc`, the index
    correction `index_val -= self->alloc` does not execute, leading to an
    out-of-bounds access in `self->items[index_val]`.
    
    The fix in this commit ensures that the index correction is applied
    whenever `index_val >= self->alloc`, preventing access beyond the allocated
    buffer size.
    
    Signed-off-by: Jan Sturm <jansturm92@googlemail.com>

commit c0afff8f22ccb84ab46b01ebcd5e1e49803a71cb
Author: Alessandro Gatti <a.gatti@frob.it>
Date:   Thu Sep 12 13:08:32 2024 +0200

    pic16bit: Make it build with recent XC16 versions.
    
    The PIC16 port didn't catch up with the other ports, so it required a bit
    of work to make it build with the latest version of XC16.
    
    Signed-off-by: Alessandro Gatti <a.gatti@frob.it>

commit 785c92df7642577b1b1980aaaf92f86c0183895b
Author: Andrew Leech <andrew.leech@planetinnovation.com.au>
Date:   Sun Oct 27 14:51:37 2024 +1100

    esp32/machine_pwm: Use IDF functions to calculate resolution correctly.
    
    This commit fixes PWM configuration across C3, C6, S2 and S3 chips, which
    was broken by 6d799378bad4474e77ddb2fa2187ecd6e290e0ba.  Without this fix
    the PWM frequency is limited to a maximum of 2446Hz (on S2 at least).
    
    Signed-off-by: Andrew Leech <andrew@alelec.net>

commit 5c7ac55232670aaccfc2d05d75f5d7a6772a61ef
Author: Glenn Moloney <glenn.moloney@gmail.com>
Date:   Sat Oct 26 15:19:54 2024 +1100

    tools/mpremote: Fix UnboundLocalError in Transport.fs_writefile().
    
    The variable `written` was being used before it was defined in the
    `fs_writefile()` method of the Transport class.  This was causing an
    `UnboundLocalError` to be raised when the `progress_callback` was not
    provided.
    
    Fixes issue #16084.
    
    Signed-off-by: Glenn Moloney <glenn.moloney@gmail.com>

Created: 2024-10-27 Last update: 2025-03-10 04:01

lintian reports 7 warnings normal

Lintian reports 7 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-10-29 Last update: 2024-10-29 12:31

debian/patches: 9 patches to forward upstream low

Among the 9 debian patches available in version 1.24.1+ds-1 of the package, we noticed the following issues:

9 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-03-10 10:30

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2024-10-30 Last update: 2024-10-30 10:00

testing migrations

excuses:
- Migration status for micropython (- to 1.24.1+ds-1): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Too young, only 3 of 5 days old
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/m/micropython.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Waiting for reproducibility test results on armhf - info ♻
- ∙ ∙ Reproducible on i386 - info ♻
- Not considered

news

[rss feed]

[2025-03-09] Accepted micropython 1.24.1+ds-1 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2024-10-28] Accepted micropython 1.24.0+ds-1 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2024-10-22] micropython REMOVED from testing (Debian testing watch)
[2024-02-16] micropython 1.22.1+ds-1 MIGRATED to testing (Debian testing watch)
[2024-02-10] Accepted micropython 1.22.1+ds-1 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2022-07-24] Accepted micropython 1.19.1+ds-1 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2022-06-12] micropython REMOVED from testing (Debian testing watch)
[2021-11-21] micropython 1.17+ds-1.1 MIGRATED to testing (Debian testing watch)
[2021-11-15] Accepted micropython 1.17+ds-1.1 (source) into unstable (Boyuan Yang)
[2021-10-27] micropython REMOVED from testing (Debian testing watch)
[2021-09-11] micropython 1.17+ds-1 MIGRATED to testing (Debian testing watch)
[2021-09-05] Accepted micropython 1.17+ds-1 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2021-02-28] Accepted micropython 1.14+ds-1 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2021-01-21] micropython REMOVED from testing (Debian testing watch)
[2020-05-07] micropython 1.12-2 MIGRATED to testing (Debian testing watch)
[2020-05-01] Accepted micropython 1.12-2 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2020-03-06] micropython 1.12-1 MIGRATED to testing (Debian testing watch)
[2020-02-11] Accepted micropython 1.12-1 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2020-02-03] Accepted micropython 1.11-1 (source amd64 all) into unstable, unstable (Yangfl) (signed by: Jonathan Carter)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 7)
buildd: logs, checks, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.24.1+ds-1