Age | Commit message (Collapse) | Author |
|
Add support to enable tk via PACKGECONFIG.
before the patch:
# python
Python 2.7.15 (default, Nov 8 2018, 04:53:50)
[GCC 8.2.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import Tkinter
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python2.7/lib-tk/Tkinter.py", line 39, in <module>
import _tkinter # If this fails your Python may not be configured for Tk
ImportError: No module named _tkinter
>>>
After the patch, if enable tk in PACKGECONFIG, then
# python
Python 2.7.15 (default, Oct 25 2018, 08:12:45)
[GCC 8.2.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import Tkinter
>>>
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patch to fix the following CVE.
CVE: CVE-2018-14647
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a patch to fix the following CVE.
CVE: CVE-2018-1000802
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Python uses AC_RUN_IFELSE to determine the byte order for floats and doubles,
and falls back onto "I don't know" if it can't run code. This results in
crippled floating point numbers in Python, and the regression tests fail.
Instead of running code, take a macro from autoconf-archive which compiles C
with a special double in which has an ASCII representation, and then greps the
binary to identify the format.
This is essentially a backport of the Python 3 patch in oe-core 1781b87.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
As the manifest handling is done differently now, just inherit ptest with the
other inherits.
test_shutil needs unzip so add to RDEPENDS.
Instead of using a patched Makefile, call test.regrtest directly.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport two and pick some other in-review patches from Ubuntu to fix
ssl test failures because of OpenSSL 1.1.x changes.
Fixes [YOCTO #12788]
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The module was accidentally included in python-misc.
Also re-run create_manifest to update the dependencies of python-sqlite3,
causing some whitespace changes.
[ YOCTO #12933 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We manually maintain the tests package's content and dependencies, so mark is as
special (matching create_manifest3.py).
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently the bulk of the tests in python-tests, some more in
python-sqlite3-tests, and others in their parent module (such as
python-ctypes). This is pointless space usage if we're not planning on
running the tests, so consolidate all the tests into python-tests.
This is a backport of the same changes done by Ross Burton for python3
Changes since v1:
- Rebase
Signed-off-by: Andrew Geissler <geissonator@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Instead of sorting the entire manifest when it is updated, use
OrderedDict to preserve the order of fields.This means that
packages can be ordered in the manifest to allow non-trivial
FILES assignments (such as a package that picks up pieces of
other packages)
The manifest has been regenerated with the new stable ordering, and
distutils-staticdev moved above distutils so the packaging rules work as
expected.
This is a backport of the same changes done by Ross Burton for python3
Changes since v1:
- Moved distutils-staticdev above distutils so packaging rules work
as expected.
Changes since v2:
- Rebase
Signed-off-by: Andrew Geissler <geissonator@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Update to the latest stable version
License-Update: Copyright year updated to include 2018
Remove the alignment patch that is included upstream
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Using 'basename' to strip the prefix fails when using multiarch style paths.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The oe-core version of python3 patches the purelib use directory to
the system libdir so as to make it work with multilibs properly inside
the patch fix_for_using_different_libdir.patch with:
- 'purelib': '{base}/lib/python{py_version_short}/site-packages',
+ 'purelib': '{base}/'+sys.lib+'/python{py_version_short}/site-packages',
The problem is that this broke the pip3-python package because the
install directory is out of sync when using a multilib version of
python. When ever a module is installed with pip3 install that is a
purelib it will get installed to a location that python3 will never
reference and cause random failures.
This patch fixes the purelib install directory to match the purelib
use directory for externally managed python modules when using
multilibs.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The manifest file was not regenerated when the package was updated.
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Rebased:
- python/01-use-proper-tools-for-cross-build.patch
- python/fix-makefile-for-ptest.patch
- python/parallel-makeinst-create-bindir.patch
Removed Upstreamed Patch:
- python/Don-t-use-getentropy-on-Linux.patch
Updated license checksum for changes in the copyright date. The license
terms remain unchanged
Added an extra do_compile item to create the native pgen that no longer
gets compiled by default
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* runpy allows running modules/scripts with 'python -m foo'
- create explicit python2 and 3 packages rather than the
misc catchall
* python3-setuptools and html.parser RDEPENDS on _markupbase
- add to python3-core rather than misc catchall
* pip3 RDEPENDS on plistlib, http.client
- already packaged in python2, add to python3
- add http/ to -netclient
* "pip3 install" RDEPENDS on encodingds.idna
- encodings.idna packaged in -core, but missing:
- stringprep (move from -codecs to -core)
- unicodedata (move from -codecs to -core)
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The json.dumps function adds trailing whitespace when using
indent, because the default separator is not ','.
The workaround [1] is to set the separators to be ',' and ': ',
e.g. separators=(',', ': ')
[1] https://hg.python.org/cpython/rev/78bad589f205
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The reason we have a manifest file for python is that our goal is to
keep python-core as small as posible and add other python packages only
when the user needs them, hence why we split upstream python into several
packages.
Although our manifest file has several issues:
- Its unorganized and hard to read and understand it for an average
human being.
- When a new package needs to be added, the user actually has to modify
the script that creates the manifest, then call the script to create
a new manifest, and then submit a patch for both the script and the
manifest, so its a little convoluted.
- Git complains every single time a patch is submitted to the manifest,
since it violates some of its guidelines.
- It changes or may change with every release of python, its impossible
to know if the required files for a certain package have changed
(it could have more or less dependencies), the only way of doing so
would be to install and test them all one by one on separate individual
images, and even then we wouldnt know if they require less dependencies,
we would just know if an extra dependency is required since it would
complain, lets face it, this isnt feasible.
- The same thing happens for new packages, if someone wants to add a
new package, its dependencies need to be checked manually one by one.
This patch fixes those issues, while adding some additional features.
Features/Fixes:
- A new manifest format is used (JSON), easy to read and understand.
This file is parsed by the python recipe and python packages read
from here are passed directly to bitbake during parsing time.
- It provides an automatic manifest creation task (explained below),
which automagically checks for every package dependencies and adds
them to the new manifest, hence we will have on each package exactly
what that package needs to be run, providing finer granularity.
- Dependencies are also checked automagically for new packages (explained below).
- Fixes the manifest in the following ways:
* python-core should be base and all packages should depend on it,
fixes lang, string, codecs, etc.
* Fixes packages with repeated files (e.g. bssdb and db, or
netclient and mime, and many others).
- Sitecustomize was fixed since encoding was deprecated.
- The JSON manifest file invalidates bitbake's cache, so if it changes
the python package will be rebuilt.
- It creates a solution for users that want precompiled bytecode files
(*.pyc) INCLUDE_PYCS = "1" can be set by the user on their local.conf to
include such files, some argument they get faster boot time, even when the
files would be created on their first run?, but they also sometimes give a
magic number error and take up space, so we leave it to the user to
decide if they want them or not.
- Fixes python-core dependencies, e.g.
When python is run on an image, it TRIES to import everything it needs,
but it doesnt necessarily fails when it doesnt find something, so even if
we didnt know, we had errors like (trimmed on purpose):
# trying /usr/lib/python2.7/_locale.so
# trying /usr/lib/python2.7/lib-dynload/_locale.so
# trying /usr/lib/python2.7/_sysconfigdata.so
while it didnt complain about _locale it should have imported it,
after creating a new manifest with the automated script we get:
# trying /usr/lib/python2.7/lib-dynload/_locale.so
dlopen("/usr/lib/python2.7/lib-dynload/_locale.so", 2);
import _locale # dynamically loaded from /usr/lib/python2.7/lib-dynload/_locale.so
How to use (after a new release of python, or maybe before every OE
release):
- A new task called create_manifest was added to the python package,
which may be invoked via:
$ bitbake python -c create_manifest
This task runs a script on native python on our HOST system, and since
the python and python-native packages come from the same source, we can
use it to know the dependencies of each module as if we were doing it
on an image, this script is called create_manifest.py and in a very
simplistic way it does the following:
1. Reads the JSON manifest file and creates a dictionary data structure
with all of our python packages, their FILES, RDEPENDS and SUMMARY.
2. Loops through all of them and runs every module listed on them
asynchronously, determining every dependency that they have.
3. These module dependencies are then handled, to be able to know which
packages contain those files and which should RDEPEND on one another.
4. The data structure that comes out of this, is then used to create a
new manifest file which is automatically copied onto the user's python
directory replacing the old one.
Create_manifest script features:
- Handles modules which dont exist anymore (new release for example).
- Handles modules that are builtin.
- Deals with modules which were not compiled (e.g. bsddb or ossaudiodev)
- Deals with packages which include folders.
- Deals with packages which include FILES with a wildcard.
- The manifest can be constructed on a multilib environment as well.
- This method works for both python modules and shared libraries used
by python.
How to add a new package:
- If a user wants to add a new package all that has to be done is
modify the python2-manifest.json file, and add the required file(s)
to the FILES list, the script should handle all the rest.
Real example:
We want to add a web browser package, including the file webbrowser.py
which at the moment is on python-misc.
"webbrowser": {
"files": ["${libdir}/python2.7/lib-dynload/webbrowser.py"],
"rdepends": [],
"summary": "Python Web Browser support"}
Run bitbake python -c create_manifest and the resulting manifest
should be completed after a few seconds, showing something like:
"webbrowser": {
"files": ["${libdir}/python2.7/webbrowser.py"],
"rdepends": ["core","fcntl","io","pickle","shell","subprocess"],
"summary": "Python Web Browser support"}
Known errors/issues:
- Some special packages are handled differently: core, misc,
modules,dev, staticdev.
All these should be handled manually, because they either include
binaries, static libraries, include files, etc. (something that we
cant import).
Specifically static libraries are not not supported by this method
and have to be handled by the user.
- The change should be transparent to the user, other than the fact
that now we CANT build python-foo (it was pretty dumb anyway, since
what building python-foo actually did was building the whole python
package anyway), but doing IMAGE_INSTALL_append = " python-foo"
would create an image with the requested package with no issues.
[YOCTO #11510] [YOCTO #11694] [YOCTO #11695]
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The compiled .pyc files contain time stamp corresponding to the compile time.
This prevents binary reproducibility. This patch allows to achieve binary
reproducibility by overriding the build time stamp by the value
exported via SOURCE_DATE_EPOCH.
Patch by Bernhard M. Wiedemann, backported from https://github.com/python/cpython/pull/296
[YOCTO#11241]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
qemux86/qemuarm
In upstream, the following commit:
https://github.com/python/cpython/commit/e711cafab13efc9c1fe6c5cd75826401445eb585
...
commit e711cafab13efc9c1fe6c5cd75826401445eb585
Author: Benjamin Peterson <benjamin@python.org>
Date: Wed Jun 11 16:44:04 2008 +0000
Merged revisions 64104,64117 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
...
(see diff in setup.py)
It assigned libraries for multiprocessing module according
the host_platform, but not pass it to Extension.
In glibc, the following commit caused two definition of
sem_getvalue are different.
https://sourceware.org/git/?p=glibc.git;a=commit;h=042e1521c794a945edc43b5bfa7e69ad70420524
(see diff in nptl/sem_getvalue.c for detail)
`__new_sem_getvalue' is the latest sem_getvalue@@GLIBC_2.1
and `__old_sem_getvalue' is to compat the old version
sem_getvalue@GLIBC_2.0.
If not explicitly link to library pthread (-lpthread), it will
load glibc's sem_getvalue randomly at runtime.
Such as build python on linux x86_64 host and run the python
on linux x86_32 target. If not link library pthread, it caused
multiprocessing bounded semaphore could not work correctly.
...
>>> import multiprocessing
>>> pool_sema = multiprocessing.BoundedSemaphore(value=1)
>>> pool_sema.acquire()
True
>>> pool_sema.release()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ValueError: semaphore or lock released too many times
...
And the semaphore issue also caused multiprocessing.Queue().put() hung.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This adds or fixes the Upstream-Status for all remaining patches missing it
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2016-5636.patch and avoid_parallel_make_races_on_pgen.patch were
removed from SRC_URI as handled upstream in adf4266524d0d.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Rebased:
- python-native/multilib.patch
- python/multilib.patch
- python/01-use-proper-tools-for-cross-build.patch
Upstream:
- CVE-2016-1000110
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport a patch from 2.7 branch to fix a regression with glibc
2.24 causing "OSError: [Errno 38] Function not implemented" when
calling urandom() with older kernels.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport patch to fix CVE-2016-1000110 from python upstream:
for python2.7
https://hg.python.org/cpython/rev/ba915d561667/
for python3
https://hg.python.org/cpython/rev/a0ac52ed8f79
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
LICENSE did not change, only dates were changed
Rebases:
- multilib.patch
- 01-use-proper-tools-for-cross-build.patch
Upstream:
- avoid_parallel_make_races_on_pgen.patch
- CVE-2016-5636.patch
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Affects python2 < 2.7.11
Base score (4.4) Medium
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Enforce the correct tag names across all of oe-core for consistency.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
BUILD_SYS variables
The code that utilized them was superseded by the code (in the same patch!)
that is utilizing STAGING_LIBDIR/STAGING_INCDIR, and wasn't correct in the
first place as HOST_SYS is not necessarily the same as the sysroot directory
name.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
* restore changes from:
http://git.openembedded.org/openembedded-core/commit/?id=53ae544cfdac22c82af452b8c7ebe6664296bd9b
* which were shamelessly removed in upgrade to 2.7.9:
http://git.openembedded.org/openembedded-core/commit/?id=d4ad95f0d5f08891637c644e85b09da9c4585059
and then spread to python3 as well
* fixes following issues reported by test-dependencies
WARN: python3: python3-tkinter rdepends on glibc, but it isn't a build dependency?
WARN: python3: python3-tkinter rdepends on libpython3, but it isn't a build dependency?
WARN: python3: python3-tkinter rdepends on tcl-lib, but it isn't a build dependency?
WARN: python: python-tkinter rdepends on glibc, but it isn't a build dependency?
WARN: python: python-tkinter rdepends on libpython2, but it isn't a build dependency?
WARN: python: python-tkinter rdepends on tcl-lib, but it isn't a build dependency?
and following QA warnings in normal builds:
python-2.7.11: python-tkinter rdepends on tcl-lib, but it isn't a build dependency, missing tcl in DEPENDS or PACKAGECONFIG? [build-deps]
python-2.7.11: /usr/lib/python2.7/lib-dynload/_tkinter.so contained in package python-tkinter requires libtk8.6.so, but no providers found in RDEPENDS_python-tkinter? [file-rdeps]
python3-3.5.1: python3-tkinter rdepends on tcl-lib, but it isn't a build dependency, missing tcl in DEPENDS or PACKAGECONFIG? [build-deps]
python3-3.5.1: /usr/lib/python3.5/lib-dynload/_tkinter.cpython-35m-arm-linux-gnueabi.so contained in package python3-tkinter requires libtk8.6.so, but no providers found in RDEPENDS_python3-tkinter? [file-rdeps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- no license change, just dates
Rebased:
- check-if-target-is-64b-not-host.patch
- add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If the target and host have the same type, the system
may try to execute the instructions from the target
version. This can lead to illegal instructions
as well as the wrong copy of the code running.
Add CROSSPYTHONPATH for PYTHON_FOR_BUILD and export
the correct path to fix it.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix a variety of problems such as typos, bad punctuations, or incorrect
Upstream-Status values.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Parallel make races when linking PGEN affects target's python
compilation as well, adds patch from python-native to modify the
Makefile and avoid parallel make races, also updates upstream status
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Based on Paul Eggletons work to partially upgrade to Python 2.7.6
Modified:
default-versions.inc: switched to python 2.7.9
generate-manifest-2.7.py: fixed _sysconfigdata
python-2.7-manifest.inc: fixed _sysconfigdata
python.inc: Updated checksums and source, no LICENSE
change just updated some dates
python-native_2.7.3 -> python-native_2.7.9 and updated patches
python_2.7.3 -> python_2.7.9, and added ac_cv_file__dev_ptmx=no
ac_cv_file__dev_ptc=no in EXTRA_OECONF to solve python
issue #3754, only needed when cross compiling, also updated patches
use_sysroot_ncurses_instead_of_host.patch: New patch to use ncursesw
from sysroot instead of hosts, introduced by fix for python issue #15268
Rebased:
01-use-proper-tools-for-cross-build.patch
03-fix-tkinter-detection.patch
05-enable-ctypes-cross-build.patch
06-avoid_usr_lib_termcap_path_in_linking.patch
avoid_warning_about_tkinter.patch
builddir.patch
fix_for_using_different_libdir.patch
host_include_contamination.patch
multilib.patch
nohostlibs.patch
search_db_h_in_inc_dirs_and_avoid_warning.patch
Deleted (fixed on upstream):
06-ctypes-libffi-fix-configure.patch
CVE-2013-4073_py27.patch
gcc-4.8-fix-configure-Wformat.patch
json-flaw-fix.patch
posix_close.patch
pypirc-secure.patch
python-2.7.3-CVE-2012-2135.patch
python-2.7.3-CVE-2013-1752-smtplib-fix.patch
python-2.7.3-CVE-2014-1912.patch
python-2.7.3-CVE-2014-7185.patch
python-2.7.3-berkeley-db-5.3.patch
python-fix-build-error-with-Readline-6.3.patch
remove-BOM-insection-code.patch
remove_sqlite_rpath.patch
python2.7.3-nossl3.patch
[YOCTO #7059]
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
|
|
This is related to "SSLv3 POODLE vulnerability" CVE-2014-3566
Building python without SSLv3 support when openssl is built without
any support for SSLv3 (e.g. by adding EXTRA_OECONF = " -no-ssl3" in
the openssl recipes).
Backport from:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768611#22
[python2.7-nossl3.patch] only Modules/_ssl.c is backported.
References:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7015
https://bugzilla.yoctoproject.org/show_bug.cgi?id=6843
http://bugs.python.org/issue22638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.
This back-ported patch fixes CVE-2014-7185
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport patch from:
https://hg.python.org/cpython/rev/af46a001d5ec
SysLogHandler converts message to utf8 and adds BOM, supposedly
to conform with RFC5424, but the implementation is broken:
the RFC specifies that the BOM should prefix only unstructured
message part, but current Python implementation puts it in the
middle of structured part, thus confusing RFC-compliant receivers.
Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
musl has posix_close which conflicts in python
so lets rename it.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
http://bugs.python.org/issue21529
Python 2 and 3 are susceptible to arbitrary process memory reading by
a user or adversary due to a bug in the _json module caused by
insufficient bounds checking.
The sole prerequisites of this attack are that the attacker is able to
control or influence the two parameters of the default scanstring
function: the string to be decoded and the index.
The bug is caused by allowing the user to supply a negative index
value. The index value is then used directly as an index to an array
in the C code; internally the address of the array and its index are
added to each other in order to yield the address of the value that is
desired. However, by supplying a negative index value and adding this
to the address of the array, the processor's register value wraps
around and the calculated value will point to a position in memory
which isn't within the bounds of the supplied string, causing the
function to access other parts of the process memory.
Signed-off-by: Benjamin Peterson <benjamin@python.org>
Applied to python-native recipe in order to fix the above mentioned
vulnerability.
Upstream-Status: Submitted
Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Avoids the determinism problem shown with the warnings:
WARNING: QA Issue: python-tkinter rdepends on libx11 but its not a build dependency? [build-deps]
WARNING: QA Issue: python-tkinter rdepends on tcl-lib but its not a build dependency? [build-deps
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A remote user can send specially crafted data to trigger a buffer overflow
in socket.recvfrom_into() and execute arbitrary code on the target system.
The code will run with the privileges of the target service.
This back-ported patch fixes CVE-2014-1912
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport two patches from upstream:
use new readline function types (closes #20374)
Issue #20374: Avoid compiler warnings when compiling readline with libedit.
[YOCTO #6107]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This back ported patch fixes CVE-2013-1752 for smtplib
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Reviewed-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When using make -j with the 'install' target, it's possible for altbininstall
(which normally creates BINDIR) and libainstall (which doesn't, though it
installs python-config there) to race, resulting in a failure due to
attempting to install python-config into a nonexistent BINDIR. Ensure it also
exists in the libainstall target.
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|