From b7b982a29e5d14c558b5fc25b4dc727810510ade Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Wed, 10 May 2017 17:13:19 +0300 Subject: python: update to 3.5.3 Prior versions of python do not support openssl 1.1; updating to Python 3.6 on the other hand is a lot more involved, and so should be done by a specialist/maintainer. LICENSE checksum change due to copyright years. Drop upstreamed python3-fix-CVE-2016-1000110.patch Rebase upstream-random-fixes.patch (taken from https://github.com/python/cpython/commit/ff558f5aba40bd173f336503def886a12f8db016 ) Rebase 0001-Do-not-use-the-shell-version-of-python-config-that-w.patch Rebase 000-cross-compile.patch Signed-off-by: Alexander Kanavin Signed-off-by: Ross Burton --- .../python/python3-native_3.5.2.bb | 79 ------ .../python/python3-native_3.5.3.bb | 79 ++++++ .../python/python3/000-cross-compile.patch | 85 ------ ...the-shell-version-of-python-config-that-w.patch | 10 +- .../python3/0001-cross-compile-support.patch | 93 +++++++ .../python3/python3-fix-CVE-2016-1000110.patch | 148 ----------- .../python/python3/upstream-random-fixes.patch | 288 ++++++++++----------- meta/recipes-devtools/python/python3_3.5.2.bb | 224 ---------------- meta/recipes-devtools/python/python3_3.5.3.bb | 223 ++++++++++++++++ 9 files changed, 535 insertions(+), 694 deletions(-) delete mode 100644 meta/recipes-devtools/python/python3-native_3.5.2.bb create mode 100644 meta/recipes-devtools/python/python3-native_3.5.3.bb delete mode 100644 meta/recipes-devtools/python/python3/000-cross-compile.patch create mode 100644 meta/recipes-devtools/python/python3/0001-cross-compile-support.patch delete mode 100644 meta/recipes-devtools/python/python3/python3-fix-CVE-2016-1000110.patch delete mode 100644 meta/recipes-devtools/python/python3_3.5.2.bb create mode 100644 meta/recipes-devtools/python/python3_3.5.3.bb diff --git a/meta/recipes-devtools/python/python3-native_3.5.2.bb b/meta/recipes-devtools/python/python3-native_3.5.2.bb deleted file mode 100644 index edcf2244f5..0000000000 --- a/meta/recipes-devtools/python/python3-native_3.5.2.bb +++ /dev/null @@ -1,79 +0,0 @@ -require recipes-devtools/python/python.inc - -PR = "${INC_PR}.0" -PYTHON_MAJMIN = "3.5" -DISTRO_SRC_URI ?= "file://sitecustomize.py" -DISTRO_SRC_URI_linuxstdbase = "" -SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ -file://12-distutils-prefix-is-inside-staging-area.patch \ -file://python-config.patch \ -file://000-cross-compile.patch \ -file://030-fixup-include-dirs.patch \ -file://070-dont-clean-ipkg-install.patch \ -file://080-distutils-dont_adjust_files.patch \ -file://130-readline-setup.patch \ -file://150-fix-setupterm.patch \ -file://python-3.3-multilib.patch \ -file://03-fix-tkinter-detection.patch \ -file://avoid_warning_about_tkinter.patch \ -file://shutil-follow-symlink-fix.patch \ -file://0001-h2py-Fix-issue-13032-where-it-fails-with-UnicodeDeco.patch \ -file://sysroot-include-headers.patch \ -file://unixccompiler.patch \ -${DISTRO_SRC_URI} \ -file://sysconfig.py-add-_PYTHON_PROJECT_SRC.patch \ -file://setup.py-check-cross_compiling-when-get-FLAGS.patch \ -file://0001-Do-not-use-the-shell-version-of-python-config-that-w.patch \ -" - -SRC_URI[md5sum] = "8906efbacfcdc7c3c9198aeefafd159e" -SRC_URI[sha256sum] = "0010f56100b9b74259ebcd5d4b295a32324b58b517403a10d1a2aa7cb22bca40" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=6b60258130e4ed10d3101517eb5b9385" - -# exclude pre-releases for both python 2.x and 3.x -UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar" - -S = "${WORKDIR}/Python-${PV}" - -EXTRANATIVEPATH += "bzip2-native" -DEPENDS = "openssl-native bzip2-replacement-native zlib-native readline-native sqlite3-native" - -inherit native - -require python-native-${PYTHON_MAJMIN}-manifest.inc - -EXTRA_OECONF_append = " --bindir=${bindir}/${PN} --without-ensurepip" - -EXTRA_OEMAKE = '\ - LIBC="" \ - STAGING_LIBDIR=${STAGING_LIBDIR_NATIVE} \ - STAGING_INCDIR=${STAGING_INCDIR_NATIVE} \ - LIB=${baselib} \ - ARCH=${TARGET_ARCH} \ -' - -# No ctypes option for python 3 -PYTHONLSBOPTS = "" - -do_configure_append() { - autoreconf --verbose --install --force --exclude=autopoint ../Python-${PV}/Modules/_ctypes/libffi -} - -do_install() { - install -d ${D}${libdir}/pkgconfig - oe_runmake 'DESTDIR=${D}' install - if [ -e ${WORKDIR}/sitecustomize.py ]; then - install -m 0644 ${WORKDIR}/sitecustomize.py ${D}/${libdir}/python${PYTHON_MAJMIN} - fi - install -d ${D}${bindir}/${PN} - install -m 0755 Parser/pgen ${D}${bindir}/${PN} - - # Make sure we use /usr/bin/env python - for PYTHSCRIPT in `grep -rIl ${bindir}/${PN}/python ${D}${bindir}/${PN}`; do - sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' $PYTHSCRIPT - done - - # Tests are large and we don't need them in the native sysroot - rm ${D}${libdir}/python${PYTHON_MAJMIN}/test -rf -} diff --git a/meta/recipes-devtools/python/python3-native_3.5.3.bb b/meta/recipes-devtools/python/python3-native_3.5.3.bb new file mode 100644 index 0000000000..250697fbbc --- /dev/null +++ b/meta/recipes-devtools/python/python3-native_3.5.3.bb @@ -0,0 +1,79 @@ +require recipes-devtools/python/python.inc + +PR = "${INC_PR}.0" +PYTHON_MAJMIN = "3.5" +DISTRO_SRC_URI ?= "file://sitecustomize.py" +DISTRO_SRC_URI_linuxstdbase = "" +SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ +file://12-distutils-prefix-is-inside-staging-area.patch \ +file://python-config.patch \ +file://0001-cross-compile-support.patch \ +file://030-fixup-include-dirs.patch \ +file://070-dont-clean-ipkg-install.patch \ +file://080-distutils-dont_adjust_files.patch \ +file://130-readline-setup.patch \ +file://150-fix-setupterm.patch \ +file://python-3.3-multilib.patch \ +file://03-fix-tkinter-detection.patch \ +file://avoid_warning_about_tkinter.patch \ +file://shutil-follow-symlink-fix.patch \ +file://0001-h2py-Fix-issue-13032-where-it-fails-with-UnicodeDeco.patch \ +file://sysroot-include-headers.patch \ +file://unixccompiler.patch \ +${DISTRO_SRC_URI} \ +file://sysconfig.py-add-_PYTHON_PROJECT_SRC.patch \ +file://setup.py-check-cross_compiling-when-get-FLAGS.patch \ +file://0001-Do-not-use-the-shell-version-of-python-config-that-w.patch \ +" + +SRC_URI[md5sum] = "57d1f8bfbabf4f2500273fb0706e6f21" +SRC_URI[sha256sum] = "eefe2ad6575855423ab630f5b51a8ef6e5556f774584c06beab4926f930ddbb0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=b680ed99aa60d350c65a65914494207e" + +# exclude pre-releases for both python 2.x and 3.x +UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar" + +S = "${WORKDIR}/Python-${PV}" + +EXTRANATIVEPATH += "bzip2-native" +DEPENDS = "openssl-native bzip2-replacement-native zlib-native readline-native sqlite3-native" + +inherit native + +require python-native-${PYTHON_MAJMIN}-manifest.inc + +EXTRA_OECONF_append = " --bindir=${bindir}/${PN} --without-ensurepip" + +EXTRA_OEMAKE = '\ + LIBC="" \ + STAGING_LIBDIR=${STAGING_LIBDIR_NATIVE} \ + STAGING_INCDIR=${STAGING_INCDIR_NATIVE} \ + LIB=${baselib} \ + ARCH=${TARGET_ARCH} \ +' + +# No ctypes option for python 3 +PYTHONLSBOPTS = "" + +do_configure_append() { + autoreconf --verbose --install --force --exclude=autopoint ../Python-${PV}/Modules/_ctypes/libffi +} + +do_install() { + install -d ${D}${libdir}/pkgconfig + oe_runmake 'DESTDIR=${D}' install + if [ -e ${WORKDIR}/sitecustomize.py ]; then + install -m 0644 ${WORKDIR}/sitecustomize.py ${D}/${libdir}/python${PYTHON_MAJMIN} + fi + install -d ${D}${bindir}/${PN} + install -m 0755 Parser/pgen ${D}${bindir}/${PN} + + # Make sure we use /usr/bin/env python + for PYTHSCRIPT in `grep -rIl ${bindir}/${PN}/python ${D}${bindir}/${PN}`; do + sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' $PYTHSCRIPT + done + + # Tests are large and we don't need them in the native sysroot + rm ${D}${libdir}/python${PYTHON_MAJMIN}/test -rf +} diff --git a/meta/recipes-devtools/python/python3/000-cross-compile.patch b/meta/recipes-devtools/python/python3/000-cross-compile.patch deleted file mode 100644 index 2d822218f4..0000000000 --- a/meta/recipes-devtools/python/python3/000-cross-compile.patch +++ /dev/null @@ -1,85 +0,0 @@ -We cross compile python. This patch uses tools from host/native -python instead of in-tree tools - --Khem - -Upstream-Status: Inappropriate[Configuration Specific] - ---- - Makefile.pre.in | 25 +++++++++++++------------ - 1 file changed, 13 insertions(+), 12 deletions(-) - -Index: Python-3.5.2/Makefile.pre.in -=================================================================== ---- Python-3.5.2.orig/Makefile.pre.in -+++ Python-3.5.2/Makefile.pre.in -@@ -220,6 +220,7 @@ LIBOBJS= @LIBOBJS@ - - PYTHON= python$(EXE) - BUILDPYTHON= python$(BUILDEXE) -+HOSTPYTHON= $(BUILDPYTHON) - - cross_compiling=@cross_compiling@ - PYTHON_FOR_BUILD=@PYTHON_FOR_BUILD@ -@@ -279,6 +280,7 @@ LIBFFI_INCLUDEDIR= @LIBFFI_INCLUDEDIR@ - ########################################################################## - # Parser - PGEN= Parser/pgen$(EXE) -+HOSTPGEN= $(PGEN)$(EXE) - - PSRCS= \ - Parser/acceler.c \ -@@ -509,7 +511,7 @@ build_all_generate_profile: - - run_profile_task: - : # FIXME: can't run for a cross build -- $(LLVM_PROF_FILE) $(RUNSHARED) ./$(BUILDPYTHON) $(PROFILE_TASK) || true -+ $(LLVM_PROF_FILE) $(RUNSHARED) $(HOSTPYTHON) $(PROFILE_TASK) || true - - build_all_merge_profile: - $(LLVM_PROF_MERGER) -@@ -792,7 +794,7 @@ $(GRAMMAR_H): $(GRAMMAR_INPUT) $(PGEN) - @$(MKDIR_P) Include - # Avoid copying the file onto itself for an in-tree build - if test "$(cross_compiling)" != "yes"; then \ -- $(PGEN) $(GRAMMAR_INPUT) $(GRAMMAR_H) $(GRAMMAR_C); \ -+ $(HOSTPGEN) $(GRAMMAR_INPUT) $(GRAMMAR_H) $(GRAMMAR_C); \ - else \ - cp $(srcdir)/Include/graminit.h $(GRAMMAR_H).tmp; \ - mv $(GRAMMAR_H).tmp $(GRAMMAR_H); \ -@@ -990,7 +992,7 @@ $(LIBRARY_OBJS) $(MODOBJS) Programs/pyth - ###################################################################### - - TESTOPTS= $(EXTRATESTOPTS) --TESTPYTHON= $(RUNSHARED) ./$(BUILDPYTHON) $(TESTPYTHONOPTS) -+TESTPYTHON= $(RUNSHARED) $(HOSTPYTHON) $(TESTPYTHONOPTS) - TESTRUNNER= $(TESTPYTHON) $(srcdir)/Tools/scripts/run_tests.py - TESTTIMEOUT= 3600 - -@@ -1481,7 +1483,7 @@ frameworkinstallstructure: $(LDLIBRARY) - fi; \ - done - $(LN) -fsn include/python$(LDVERSION) $(DESTDIR)$(prefix)/Headers -- sed 's/%VERSION%/'"`$(RUNSHARED) ./$(BUILDPYTHON) -c 'import platform; print(platform.python_version())'`"'/g' < $(RESSRCDIR)/Info.plist > $(DESTDIR)$(prefix)/Resources/Info.plist -+ sed 's/%VERSION%/'"`$(RUNSHARED) $(HOSTPYTHON) -c 'import platform; print(platform.python_version())'`"'/g' < $(RESSRCDIR)/Info.plist > $(DESTDIR)$(prefix)/Resources/Info.plist - $(LN) -fsn $(VERSION) $(DESTDIR)$(PYTHONFRAMEWORKINSTALLDIR)/Versions/Current - $(LN) -fsn Versions/Current/$(PYTHONFRAMEWORK) $(DESTDIR)$(PYTHONFRAMEWORKINSTALLDIR)/$(PYTHONFRAMEWORK) - $(LN) -fsn Versions/Current/Headers $(DESTDIR)$(PYTHONFRAMEWORKINSTALLDIR)/Headers -@@ -1547,7 +1549,7 @@ config.status: $(srcdir)/configure - - # Run reindent on the library - reindent: -- ./$(BUILDPYTHON) $(srcdir)/Tools/scripts/reindent.py -r $(srcdir)/Lib -+ $(HOSTPYTHON) $(srcdir)/Tools/scripts/reindent.py -r $(srcdir)/Lib - - # Rerun configure with the same options as it was run last time, - # provided the config.status script exists -@@ -1683,7 +1685,7 @@ funny: - - # Perform some verification checks on any modified files. - patchcheck: all -- $(RUNSHARED) ./$(BUILDPYTHON) $(srcdir)/Tools/scripts/patchcheck.py -+ $(RUNSHARED) ./$(HOSTPYTHON) $(srcdir)/Tools/scripts/patchcheck.py - - # Dependencies - diff --git a/meta/recipes-devtools/python/python3/0001-Do-not-use-the-shell-version-of-python-config-that-w.patch b/meta/recipes-devtools/python/python3/0001-Do-not-use-the-shell-version-of-python-config-that-w.patch index b7e0ac6354..8ea3f03fe0 100644 --- a/meta/recipes-devtools/python/python3/0001-Do-not-use-the-shell-version-of-python-config-that-w.patch +++ b/meta/recipes-devtools/python/python3/0001-Do-not-use-the-shell-version-of-python-config-that-w.patch @@ -1,4 +1,4 @@ -From 045c99b5f1eb6e4e0d8ad1ef9f0ba6574f738150 Mon Sep 17 00:00:00 2001 +From 04df959365e2b54d7503edf0e5534ff094284f2d Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Fri, 23 Oct 2015 12:25:09 +0300 Subject: [PATCH] Do not use the shell version of python-config that was @@ -14,13 +14,13 @@ Signed-off-by: Alexander Kanavin 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/Makefile.pre.in b/Makefile.pre.in -index d7fc9a0..47e60bc 100644 +index 236f005..5c4337f 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1270,12 +1270,9 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh +@@ -1348,12 +1348,9 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh sed -e "s,@EXENAME@,$(BINDIR)/python$(LDVERSION)$(EXE)," < $(srcdir)/Misc/python-config.in >python-config.py # Replace makefile compat. variable references with shell script compat. ones; $(VAR) -> ${VAR} - sed -e 's,\$$(\([A-Za-z0-9_]*\)),\$$\{\1\},g' < Misc/python-config.sh >python-config + LC_ALL=C sed -e 's,\$$(\([A-Za-z0-9_]*\)),\$$\{\1\},g' < Misc/python-config.sh >python-config - # On Darwin, always use the python version of the script, the shell - # version doesn't use the compiler customizations that are provided - # in python (_osx_support.py). @@ -34,5 +34,5 @@ index d7fc9a0..47e60bc 100644 # Install the include files -- -2.1.4 +2.11.0 diff --git a/meta/recipes-devtools/python/python3/0001-cross-compile-support.patch b/meta/recipes-devtools/python/python3/0001-cross-compile-support.patch new file mode 100644 index 0000000000..118d75ddc5 --- /dev/null +++ b/meta/recipes-devtools/python/python3/0001-cross-compile-support.patch @@ -0,0 +1,93 @@ +From 624c029abcc73c724020ccea9a2b4b5b5c00f2a6 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Fri, 31 Mar 2017 15:42:46 +0300 +Subject: [PATCH] cross-compile support + +We cross compile python. This patch uses tools from host/native +python instead of in-tree tools + +-Khem + +Upstream-Status: Inappropriate[Configuration Specific] +Signed-off-by: Alexander Kanavin +--- + Makefile.pre.in | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/Makefile.pre.in b/Makefile.pre.in +index a88b7d5..7cb8bb3 100644 +--- a/Makefile.pre.in ++++ b/Makefile.pre.in +@@ -221,6 +221,7 @@ LIBOBJS= @LIBOBJS@ + + PYTHON= python$(EXE) + BUILDPYTHON= python$(BUILDEXE) ++HOSTPYTHON= $(BUILDPYTHON) + + PYTHON_FOR_GEN=@PYTHON_FOR_GEN@ + PYTHON_FOR_BUILD=@PYTHON_FOR_BUILD@ +@@ -280,6 +281,7 @@ LIBFFI_INCLUDEDIR= @LIBFFI_INCLUDEDIR@ + ########################################################################## + # Parser + PGEN= Parser/pgen$(EXE) ++HOSTPGEN= $(PGEN)$(EXE) + + PSRCS= \ + Parser/acceler.c \ +@@ -510,7 +512,7 @@ build_all_generate_profile: + + run_profile_task: + : # FIXME: can't run for a cross build +- $(LLVM_PROF_FILE) $(RUNSHARED) ./$(BUILDPYTHON) $(PROFILE_TASK) || true ++ $(LLVM_PROF_FILE) $(RUNSHARED) $(HOSTPYTHON) $(PROFILE_TASK) || true + + build_all_merge_profile: + $(LLVM_PROF_MERGER) +@@ -787,7 +789,7 @@ $(IO_OBJS): $(IO_H) + + $(GRAMMAR_H): @GENERATED_COMMENT@ $(GRAMMAR_INPUT) $(PGEN) + @$(MKDIR_P) Include +- $(PGEN) $(GRAMMAR_INPUT) $(GRAMMAR_H) $(GRAMMAR_C) ++ $(HOSTPGEN) $(GRAMMAR_INPUT) $(GRAMMAR_H) $(GRAMMAR_C) + $(GRAMMAR_C): @GENERATED_COMMENT@ $(GRAMMAR_H) + touch $(GRAMMAR_C) + +@@ -976,7 +978,7 @@ $(LIBRARY_OBJS) $(MODOBJS) Programs/python.o: $(PYTHON_HEADERS) + ###################################################################### + + TESTOPTS= $(EXTRATESTOPTS) +-TESTPYTHON= $(RUNSHARED) ./$(BUILDPYTHON) $(TESTPYTHONOPTS) ++TESTPYTHON= $(RUNSHARED) $(HOSTPYTHON) $(TESTPYTHONOPTS) + TESTRUNNER= $(TESTPYTHON) $(srcdir)/Tools/scripts/run_tests.py + TESTTIMEOUT= 3600 + +@@ -1468,7 +1470,7 @@ frameworkinstallstructure: $(LDLIBRARY) + fi; \ + done + $(LN) -fsn include/python$(LDVERSION) $(DESTDIR)$(prefix)/Headers +- sed 's/%VERSION%/'"`$(RUNSHARED) ./$(BUILDPYTHON) -c 'import platform; print(platform.python_version())'`"'/g' < $(RESSRCDIR)/Info.plist > $(DESTDIR)$(prefix)/Resources/Info.plist ++ sed 's/%VERSION%/'"`$(RUNSHARED) $(HOSTPYTHON) -c 'import platform; print(platform.python_version())'`"'/g' < $(RESSRCDIR)/Info.plist > $(DESTDIR)$(prefix)/Resources/Info.plist + $(LN) -fsn $(VERSION) $(DESTDIR)$(PYTHONFRAMEWORKINSTALLDIR)/Versions/Current + $(LN) -fsn Versions/Current/$(PYTHONFRAMEWORK) $(DESTDIR)$(PYTHONFRAMEWORKINSTALLDIR)/$(PYTHONFRAMEWORK) + $(LN) -fsn Versions/Current/Headers $(DESTDIR)$(PYTHONFRAMEWORKINSTALLDIR)/Headers +@@ -1534,7 +1536,7 @@ config.status: $(srcdir)/configure + + # Run reindent on the library + reindent: +- ./$(BUILDPYTHON) $(srcdir)/Tools/scripts/reindent.py -r $(srcdir)/Lib ++ $(HOSTPYTHON) $(srcdir)/Tools/scripts/reindent.py -r $(srcdir)/Lib + + # Rerun configure with the same options as it was run last time, + # provided the config.status script exists +@@ -1674,7 +1676,7 @@ funny: + + # Perform some verification checks on any modified files. + patchcheck: all +- $(RUNSHARED) ./$(BUILDPYTHON) $(srcdir)/Tools/scripts/patchcheck.py ++ $(RUNSHARED) ./$(HOSTPYTHON) $(srcdir)/Tools/scripts/patchcheck.py + + # Dependencies + +-- +2.11.0 + diff --git a/meta/recipes-devtools/python/python3/python3-fix-CVE-2016-1000110.patch b/meta/recipes-devtools/python/python3/python3-fix-CVE-2016-1000110.patch deleted file mode 100644 index ab1b7230ea..0000000000 --- a/meta/recipes-devtools/python/python3/python3-fix-CVE-2016-1000110.patch +++ /dev/null @@ -1,148 +0,0 @@ -From aab3e8c432b90508ac14755128f5a687be2fdf43 Mon Sep 17 00:00:00 2001 -From: Mingli Yu -Date: Thu, 22 Sep 2016 16:39:49 +0800 -Subject: [PATCH] python3: fix CVE-2016-1000110 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which -indicates that the script is in CGI mode. - -Issue #27568 Reported and patch contributed by RĂ©mi Rampin. [#27568] - -Backport patch from https://hg.python.org/cpython/rev/a0ac52ed8f79 - -Upstream-Status: Backport -CVE: CVE-2016-1000110 -Signed-off-by: Mingli Yu ---- - Doc/howto/urllib2.rst | 5 +++++ - Doc/library/urllib.request.rst | 17 ++++++++++++++++- - Lib/test/test_urllib.py | 14 +++++++++++++- - Lib/urllib/request.py | 6 ++++++ - Misc/NEWS | 4 ++++ - 5 files changed, 44 insertions(+), 2 deletions(-) - -diff --git a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst -index 24a4156..d2c7991 100644 ---- a/Doc/howto/urllib2.rst -+++ b/Doc/howto/urllib2.rst -@@ -538,6 +538,11 @@ setting up a `Basic Authentication`_ handler: :: - through a proxy. However, this can be enabled by extending urllib.request as - shown in the recipe [#]_. - -+.. note:: -+ -+ ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; see -+ the documentation on :func:`~urllib.request.getproxies`. -+ - - Sockets and Layers - ================== -diff --git a/Doc/library/urllib.request.rst b/Doc/library/urllib.request.rst -index 1338906..1291aeb 100644 ---- a/Doc/library/urllib.request.rst -+++ b/Doc/library/urllib.request.rst -@@ -173,6 +173,16 @@ The :mod:`urllib.request` module defines the following functions: - If both lowercase and uppercase environment variables exist (and disagree), - lowercase is preferred. - -+ .. note:: -+ -+ If the environment variable ``REQUEST_METHOD`` is set, which usually -+ indicates your script is running in a CGI environment, the environment -+ variable ``HTTP_PROXY`` (uppercase ``_PROXY``) will be ignored. This is -+ because that variable can be injected by a client using the "Proxy:" HTTP -+ header. If you need to use an HTTP proxy in a CGI environment, either use -+ ``ProxyHandler`` explicitly, or make sure the variable name is in -+ lowercase (or at least the ``_proxy`` suffix). -+ - - The following classes are provided: - -@@ -280,6 +290,11 @@ The following classes are provided: - list of hostname suffixes, optionally with ``:port`` appended, for example - ``cern.ch,ncsa.uiuc.edu,some.host:8080``. - -+ .. note:: -+ -+ ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; -+ see the documentation on :func:`~urllib.request.getproxies`. -+ - - .. class:: HTTPPasswordMgr() - -@@ -1138,7 +1153,7 @@ the returned bytes object to string once it determines or guesses - the appropriate encoding. - - The following W3C document, https://www.w3.org/International/O-charset\ , lists --the various ways in which a (X)HTML or a XML document could have specified its -+the various ways in which an (X)HTML or an XML document could have specified its - encoding information. - - As the python.org website uses *utf-8* encoding as specified in its meta tag, we -diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py -index 5d05f8d..247598a 100644 ---- a/Lib/test/test_urllib.py -+++ b/Lib/test/test_urllib.py -@@ -1,4 +1,4 @@ --"""Regresssion tests for what was in Python 2's "urllib" module""" -+"""Regression tests for what was in Python 2's "urllib" module""" - - import urllib.parse - import urllib.request -@@ -232,6 +232,18 @@ class ProxyTests(unittest.TestCase): - self.assertTrue(urllib.request.proxy_bypass_environment('anotherdomain.com:8888')) - self.assertTrue(urllib.request.proxy_bypass_environment('newdomain.com:1234')) - -+ def test_proxy_cgi_ignore(self): -+ try: -+ self.env.set('HTTP_PROXY', 'http://somewhere:3128') -+ proxies = urllib.request.getproxies_environment() -+ self.assertEqual('http://somewhere:3128', proxies['http']) -+ self.env.set('REQUEST_METHOD', 'GET') -+ proxies = urllib.request.getproxies_environment() -+ self.assertNotIn('http', proxies) -+ finally: -+ self.env.unset('REQUEST_METHOD') -+ self.env.unset('HTTP_PROXY') -+ - def test_proxy_bypass_environment_host_match(self): - bypass = urllib.request.proxy_bypass_environment - self.env.set('NO_PROXY', -diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py -index 1731fe3..3be327d 100644 ---- a/Lib/urllib/request.py -+++ b/Lib/urllib/request.py -@@ -2412,6 +2412,12 @@ def getproxies_environment(): - name = name.lower() - if value and name[-6:] == '_proxy': - proxies[name[:-6]] = value -+ # CVE-2016-1000110 - If we are running as CGI script, forget HTTP_PROXY -+ # (non-all-lowercase) as it may be set from the web server by a "Proxy:" -+ # header from the client -+ # If "proxy" is lowercase, it will still be used thanks to the next block -+ if 'REQUEST_METHOD' in os.environ: -+ proxies.pop('http', None) - for name, value in os.environ.items(): - if name[-6:] == '_proxy': - name = name.lower() -diff --git a/Misc/NEWS b/Misc/NEWS -index 4ad2551..2fcc95b 100644 ---- a/Misc/NEWS -+++ b/Misc/NEWS -@@ -329,6 +329,10 @@ Library - - Issue #26644: Raise ValueError rather than SystemError when a negative - length is passed to SSLSocket.recv() or read(). - -+- Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the -+ HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates -+ that the script is in CGI mode. -+ - - Issue #23804: Fix SSL recv(0) and read(0) methods to return zero bytes - instead of up to 1024. - --- -2.8.1 - diff --git a/meta/recipes-devtools/python/python3/upstream-random-fixes.patch b/meta/recipes-devtools/python/python3/upstream-random-fixes.patch index 0d9152ccd7..9b40e8ac9f 100644 --- a/meta/recipes-devtools/python/python3/upstream-random-fixes.patch +++ b/meta/recipes-devtools/python/python3/upstream-random-fixes.patch @@ -1,21 +1,7 @@ -This patch updates random.c to match upstream python's code at revision -8125d9a8152b. This addresses various issues around problems with glibc 2.24 -and 2.25 such that python would fail to start with: - -[rpurdie@centos7 ~]$ /tmp/t2/sysroots/x86_64-pokysdk-linux/usr/bin/python3 -Fatal Python error: getentropy() failed -Aborted - -(taken from our buildtools-tarball also breaks eSDK) - -Upstream-Status: Backport - -# HG changeset patch -# User Victor Stinner -# Date 1483957133 -3600 -# Node ID 8125d9a8152b79e712cb09c7094b9129b9bcea86 -# Parent 337461574c90281630751b6095c4e1baf380cf7d -Issue #29157: Prefer getrandom() over getentropy() +From 035ba5da3e53e45c712b39fe1f6fb743e697c032 Mon Sep 17 00:00:00 2001 +From: Victor Stinner +Date: Mon, 9 Jan 2017 11:18:53 +0100 +Subject: [PATCH] Issue #29157: Prefer getrandom() over getentropy() Copy and then adapt Python/random.c from default branch. Difference between 3.5 and default branches: @@ -26,12 +12,17 @@ and default branches: * Python 3.5 has no _PyOS_URandomNonblock() function: _PyOS_URandom() works in non-blocking mode on Python 3.5 -RP 2017/1/22 +Upstream-Status: Backport [https://github.com/python/cpython/commit/035ba5da3e53e45c712b39fe1f6fb743e697c032] +Signed-off-by: Alexander Kanavin + +--- + Python/random.c | 494 +++++++++++++++++++++++++++++++++----------------------- + 1 file changed, 294 insertions(+), 200 deletions(-) -Index: Python-3.5.2/Python/random.c -=================================================================== ---- Python-3.5.2.orig/Python/random.c -+++ Python-3.5.2/Python/random.c +diff --git a/Python/random.c b/Python/random.c +index d203939..31f61d0 100644 +--- a/Python/random.c ++++ b/Python/random.c @@ -1,6 +1,9 @@ #include "Python.h" #ifdef MS_WINDOWS @@ -42,7 +33,7 @@ Index: Python-3.5.2/Python/random.c #else # include # ifdef HAVE_SYS_STAT_H -@@ -36,10 +39,9 @@ win32_urandom_init(int raise) +@@ -37,10 +40,9 @@ win32_urandom_init(int raise) return 0; error: @@ -55,7 +46,7 @@ Index: Python-3.5.2/Python/random.c return -1; } -@@ -52,8 +54,9 @@ win32_urandom(unsigned char *buffer, Py_ +@@ -53,8 +55,9 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) if (hCryptProv == 0) { @@ -66,7 +57,7 @@ Index: Python-3.5.2/Python/random.c } while (size > 0) -@@ -62,11 +65,9 @@ win32_urandom(unsigned char *buffer, Py_ +@@ -63,11 +66,9 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) if (!CryptGenRandom(hCryptProv, (DWORD)chunk, buffer)) { /* CryptGenRandom() failed */ @@ -80,7 +71,7 @@ Index: Python-3.5.2/Python/random.c return -1; } buffer += chunk; -@@ -75,55 +76,29 @@ win32_urandom(unsigned char *buffer, Py_ +@@ -76,58 +77,23 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) return 0; } @@ -129,13 +120,19 @@ Index: Python-3.5.2/Python/random.c #if defined(HAVE_GETRANDOM) || defined(HAVE_GETRANDOM_SYSCALL) #define PY_GETRANDOM 1 +-/* Call getrandom() +/* Call getrandom() to get random bytes: + -+ - Return 1 on success + - Return 1 on success +- - Return 0 if getrandom() syscall is not available (failed with ENOSYS or +- EPERM) or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom +- not initialized yet) and raise=0. + - Return 0 if getrandom() is not available (failed with ENOSYS or EPERM), + or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom not + initialized yet). -+ - Raise an exception (if raise is non-zero) and return -1 on error: + - Raise an exception (if raise is non-zero) and return -1 on error: +- getrandom() failed with EINTR and the Python signal handler raised an +- exception, or getrandom() failed with a different error. */ + if getrandom() failed with EINTR, raise is non-zero and the Python signal + handler raised an exception, or if getrandom() failed with a different + error. @@ -144,26 +141,16 @@ Index: Python-3.5.2/Python/random.c static int py_getrandom(void *buffer, Py_ssize_t size, int raise) { -- /* Is getrandom() supported by the running kernel? -- * Need Linux kernel 3.17 or newer, or Solaris 11.3 or newer */ -+ /* Is getrandom() supported by the running kernel? Set to 0 if getrandom() -+ failed with ENOSYS or EPERM. Need Linux kernel 3.17 or newer, or Solaris -+ 11.3 or newer */ - static int getrandom_works = 1; - - /* getrandom() on Linux will block if called before the kernel has -@@ -132,84 +107,165 @@ py_getrandom(void *buffer, Py_ssize_t si +@@ -142,16 +108,19 @@ py_getrandom(void *buffer, Py_ssize_t size, int raise) * see https://bugs.python.org/issue26839. To avoid this, use the * GRND_NONBLOCK flag. */ const int flags = GRND_NONBLOCK; -- int n; + char *dest; -+ long n; + long n; -- if (!getrandom_works) -+ if (!getrandom_works) { + if (!getrandom_works) { return 0; -+ } + } + dest = buffer; while (0 < size) { @@ -174,11 +161,8 @@ Index: Python-3.5.2/Python/random.c + requested. */ n = Py_MIN(size, 1024); #else -- n = size; -+ n = Py_MIN(size, LONG_MAX); - #endif - - errno = 0; + n = Py_MIN(size, LONG_MAX); +@@ -161,34 +130,35 @@ py_getrandom(void *buffer, Py_ssize_t size, int raise) #ifdef HAVE_GETRANDOM if (raise) { Py_BEGIN_ALLOW_THREADS @@ -209,56 +193,45 @@ Index: Python-3.5.2/Python/random.c #endif if (n < 0) { -- if (errno == ENOSYS) { +- /* ENOSYS: getrandom() syscall not supported by the kernel (but +- * maybe supported by the host which built Python). EPERM: +- * getrandom() syscall blocked by SECCOMP or something else. */ + /* ENOSYS: the syscall is not supported by the kernel. + EPERM: the syscall is blocked by a security policy (ex: SECCOMP) + or something else. */ -+ if (errno == ENOSYS || errno == EPERM) { + if (errno == ENOSYS || errno == EPERM) { getrandom_works = 0; return 0; } + if (errno == EAGAIN) { -- /* If we failed with EAGAIN, the entropy pool was -- * uninitialized. In this case, we return failure to fall -- * back to reading from /dev/urandom. -- * -- * Note: In this case the data read will not be random so -- * should not be used for cryptographic purposes. Retaining -- * the existing semantics for practical purposes. */ -+ /* getrandom(GRND_NONBLOCK) fails with EAGAIN if the system -+ urandom is not initialiazed yet. In this case, fall back on -+ reading from /dev/urandom. -+ -+ Note: In this case the data read will not be random so -+ should not be used for cryptographic purposes. Retaining -+ the existing semantics for practical purposes. */ - getrandom_works = 0; - return 0; + /* getrandom(GRND_NONBLOCK) fails with EAGAIN if the system + urandom is not initialiazed yet. In this case, fall back on +@@ -202,169 +172,225 @@ py_getrandom(void *buffer, Py_ssize_t size, int raise) } if (errno == EINTR) { - if (PyErr_CheckSignals()) { -- if (!raise) +- if (!raise) { - Py_FatalError("getrandom() interrupted by a signal"); -- return -1; + if (raise) { + if (PyErr_CheckSignals()) { + return -1; -+ } + } +- return -1; } + - /* retry getrandom() */ -+ + /* retry getrandom() if it was interrupted by a signal */ continue; } -- if (raise) -+ if (raise) { + if (raise) { PyErr_SetFromErrno(PyExc_OSError); -- else + } +- else { - Py_FatalError("getrandom() failed"); -+ } +- } return -1; } @@ -269,12 +242,19 @@ Index: Python-3.5.2/Python/random.c return 1; } -#endif -+ + +-static struct { +- int fd; +- dev_t st_dev; +- ino_t st_ino; +-} urandom_cache = { -1 }; +#elif defined(HAVE_GETENTROPY) +#define PY_GETENTROPY 1 -+ + +/* Fill buffer with size pseudo-random bytes generated by getentropy(): -+ + +-/* Read 'size' random bytes from py_getrandom(). Fall back on reading from +- /dev/urandom if getrandom() is not available. + - Return 1 on success + - Return 0 if getentropy() syscall is not available (failed with ENOSYS or + EPERM). @@ -282,25 +262,47 @@ Index: Python-3.5.2/Python/random.c + if getentropy() failed with EINTR, raise is non-zero and the Python signal + handler raised an exception, or if getentropy() failed with a different + error. -+ + +- Call Py_FatalError() on error. */ +-static void +-dev_urandom_noraise(unsigned char *buffer, Py_ssize_t size) + getentropy() is retried if it failed with EINTR: interrupted by a signal. */ +static int +py_getentropy(char *buffer, Py_ssize_t size, int raise) -+{ + { +- int fd; +- Py_ssize_t n; + /* Is getentropy() supported by the running kernel? Set to 0 if + getentropy() failed with ENOSYS or EPERM. */ + static int getentropy_works = 1; -+ + +- assert (0 < size); +- +-#ifdef PY_GETRANDOM +- if (py_getrandom(buffer, size, 0) == 1) { +- return; + if (!getentropy_works) { + return 0; -+ } -+ + } +- /* getrandom() failed with ENOSYS or EPERM, +- fall back on reading /dev/urandom */ +-#endif + +- fd = _Py_open_noraise("/dev/urandom", O_RDONLY); +- if (fd < 0) { +- Py_FatalError("Failed to open /dev/urandom"); +- } + while (size > 0) { + /* getentropy() is limited to returning up to 256 bytes. Call it + multiple times if more bytes are requested. */ + Py_ssize_t len = Py_MIN(size, 256); + int res; -+ + +- while (0 < size) +- { +- do { +- n = read(fd, buffer, (size_t)size); +- } while (n < 0 && errno == EINTR); + if (raise) { + Py_BEGIN_ALLOW_THREADS + res = getentropy(buffer, len); @@ -309,7 +311,11 @@ Index: Python-3.5.2/Python/random.c + else { + res = getentropy(buffer, len); + } -+ + +- if (n <= 0) { +- /* read() failed or returned 0 bytes */ +- Py_FatalError("Failed to read bytes from /dev/urandom"); +- break; + if (res < 0) { + /* ENOSYS: the syscall is not supported by the running kernel. + EPERM: the syscall is blocked by a security policy (ex: SECCOMP) @@ -334,71 +340,44 @@ Index: Python-3.5.2/Python/random.c + PyErr_SetFromErrno(PyExc_OSError); + } + return -1; -+ } + } +- buffer += n; +- size -= n; + + buffer += len; + size -= len; -+ } + } +- close(fd); + return 1; -+} + } +#endif /* defined(HAVE_GETENTROPY) && !defined(sun) */ -+ - static struct { - int fd; -@@ -217,127 +273,123 @@ static struct { - ino_t st_ino; - } urandom_cache = { -1 }; +-/* Read 'size' random bytes from py_getrandom(). Fall back on reading from +- /dev/urandom if getrandom() is not available. +- Return 0 on success. Raise an exception and return -1 on error. */ ++static struct { ++ int fd; ++ dev_t st_dev; ++ ino_t st_ino; ++} urandom_cache = { -1 }; ++ +/* Read random bytes from the /dev/urandom device: - --/* Read size bytes from /dev/urandom into buffer. -- Call Py_FatalError() on error. */ --static void --dev_urandom_noraise(unsigned char *buffer, Py_ssize_t size) --{ -- int fd; -- Py_ssize_t n; ++ + - Return 0 on success + - Raise an exception (if raise is non-zero) and return -1 on error - -- assert (0 < size); ++ + Possible causes of errors: - --#ifdef PY_GETRANDOM -- if (py_getrandom(buffer, size, 0) == 1) -- return; -- /* getrandom() is not supported by the running kernel, fall back -- * on reading /dev/urandom */ --#endif ++ + - open() failed with ENOENT, ENXIO, ENODEV, EACCES: the /dev/urandom device + was not found. For example, it was removed manually or not exposed in a + chroot or container. + - open() failed with a different error + - fstat() failed + - read() failed or returned 0 - -- fd = _Py_open_noraise("/dev/urandom", O_RDONLY); -- if (fd < 0) -- Py_FatalError("Failed to open /dev/urandom"); ++ + read() is retried if it failed with EINTR: interrupted by a signal. - -- while (0 < size) -- { -- do { -- n = read(fd, buffer, (size_t)size); -- } while (n < 0 && errno == EINTR); -- if (n <= 0) -- { -- /* stop on error or if read(size) returned 0 */ -- Py_FatalError("Failed to read bytes from /dev/urandom"); -- break; -- } -- buffer += n; -- size -= (Py_ssize_t)n; -- } -- close(fd); --} ++ + The file descriptor of the device is kept open between calls to avoid using + many file descriptors when run in parallel from multiple threads: + see the issue #18756. @@ -406,9 +385,7 @@ Index: Python-3.5.2/Python/random.c + st_dev and st_ino fields of the file descriptor (from fstat()) are cached to + check if the file descriptor was replaced by a different file (which is + likely a bug in the application): see the issue #21207. - --/* Read size bytes from /dev/urandom into buffer. -- Return 0 on success, raise an exception and return -1 on error. */ ++ + If the file descriptor was closed or replaced, open a new file descriptor + but don't close the old file descriptor: it probably points to something + important for some third-party code. */ @@ -422,22 +399,24 @@ Index: Python-3.5.2/Python/random.c -#ifdef PY_GETRANDOM - int res; -#endif - +- - if (size <= 0) - return 0; -+ if (raise) { -+ struct _Py_stat_struct st; -#ifdef PY_GETRANDOM - res = py_getrandom(buffer, size, 1); -- if (res < 0) +- if (res < 0) { - return -1; -- if (res == 1) +- } +- if (res == 1) { - return 0; -- /* getrandom() is not supported by the running kernel, fall back -- * on reading /dev/urandom */ +- } +- /* getrandom() failed with ENOSYS or EPERM, +- fall back on reading /dev/urandom */ -#endif -- ++ if (raise) { ++ struct _Py_stat_struct st; + - if (urandom_cache.fd >= 0) { - /* Does the fd point to the same thing as before? (issue #21207) */ - if (_Py_fstat_noraise(urandom_cache.fd, &st) @@ -516,8 +495,9 @@ Index: Python-3.5.2/Python/random.c - do { - n = _Py_read(fd, buffer, (size_t)size); -- if (n == -1) +- if (n == -1) { - return -1; +- } - if (n == 0) { - PyErr_Format(PyExc_RuntimeError, - "Failed to read %zi bytes from /dev/urandom", @@ -566,7 +546,7 @@ Index: Python-3.5.2/Python/random.c return 0; } -@@ -349,8 +401,8 @@ dev_urandom_close(void) +@@ -376,8 +402,8 @@ dev_urandom_close(void) urandom_cache.fd = -1; } } @@ -576,7 +556,7 @@ Index: Python-3.5.2/Python/random.c /* Fill buffer with pseudo-random bytes generated by a linear congruent generator (LCG): -@@ -373,29 +425,98 @@ lcg_urandom(unsigned int x0, unsigned ch +@@ -400,31 +426,100 @@ lcg_urandom(unsigned int x0, unsigned char *buffer, size_t size) } } @@ -661,7 +641,7 @@ Index: Python-3.5.2/Python/random.c #else - return dev_urandom_python((char*)buffer, size); + res = py_getentropy(buffer, size, raise); - #endif ++#endif + if (res < 0) { + return -1; + } @@ -673,9 +653,9 @@ Index: Python-3.5.2/Python/random.c +#endif + + return dev_urandom(buffer, size, raise); -+#endif -+} -+ + #endif + } + +/* Fill buffer with size pseudo-random bytes from the operating system random + number generator (RNG). It is suitable for most cryptographic purposes + except long living private keys for asymmetric encryption. @@ -685,10 +665,12 @@ Index: Python-3.5.2/Python/random.c +_PyOS_URandom(void *buffer, Py_ssize_t size) +{ + return pyurandom(buffer, size, 1); - } - ++} ++ void -@@ -436,13 +557,14 @@ _PyRandom_Init(void) + _PyRandom_Init(void) + { +@@ -463,13 +558,14 @@ _PyRandom_Init(void) } } else { @@ -710,7 +692,7 @@ Index: Python-3.5.2/Python/random.c } } -@@ -454,8 +576,6 @@ _PyRandom_Fini(void) +@@ -481,8 +577,6 @@ _PyRandom_Fini(void) CryptReleaseContext(hCryptProv, 0); hCryptProv = 0; } diff --git a/meta/recipes-devtools/python/python3_3.5.2.bb b/meta/recipes-devtools/python/python3_3.5.2.bb deleted file mode 100644 index 7f2bc7186f..0000000000 --- a/meta/recipes-devtools/python/python3_3.5.2.bb +++ /dev/null @@ -1,224 +0,0 @@ -require recipes-devtools/python/python.inc - -DEPENDS = "python3-native libffi bzip2 db gdbm openssl readline sqlite3 zlib virtual/libintl xz" -PR = "${INC_PR}.0" -PYTHON_MAJMIN = "3.5" -PYTHON_BINABI= "${PYTHON_MAJMIN}m" -DISTRO_SRC_URI ?= "file://sitecustomize.py" -DISTRO_SRC_URI_linuxstdbase = "" -SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ -file://python-config.patch \ -file://000-cross-compile.patch \ -file://030-fixup-include-dirs.patch \ -file://070-dont-clean-ipkg-install.patch \ -file://080-distutils-dont_adjust_files.patch \ -file://130-readline-setup.patch \ -file://150-fix-setupterm.patch \ -file://0001-h2py-Fix-issue-13032-where-it-fails-with-UnicodeDeco.patch \ -file://tweak-MULTIARCH-for-powerpc-linux-gnuspe.patch \ -${DISTRO_SRC_URI} \ -" - -SRC_URI += "\ - file://03-fix-tkinter-detection.patch \ - file://avoid_warning_about_tkinter.patch \ - file://cgi_py.patch \ - file://host_include_contamination.patch \ - file://python-3.3-multilib.patch \ - file://shutil-follow-symlink-fix.patch \ - file://sysroot-include-headers.patch \ - file://unixccompiler.patch \ - file://avoid-ncursesw-include-path.patch \ - file://python3-use-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \ - file://python3-setup.py-no-host-headers-libs.patch \ - file://sysconfig.py-add-_PYTHON_PROJECT_SRC.patch \ - file://setup.py-check-cross_compiling-when-get-FLAGS.patch \ - file://setup.py-find-libraries-in-staging-dirs.patch \ - file://configure.ac-fix-LIBPL.patch \ - file://python3-fix-CVE-2016-1000110.patch \ - file://upstream-random-fixes.patch \ - " -SRC_URI[md5sum] = "8906efbacfcdc7c3c9198aeefafd159e" -SRC_URI[sha256sum] = "0010f56100b9b74259ebcd5d4b295a32324b58b517403a10d1a2aa7cb22bca40" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=6b60258130e4ed10d3101517eb5b9385" - -# exclude pre-releases for both python 2.x and 3.x -UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar" - -S = "${WORKDIR}/Python-${PV}" - -inherit autotools multilib_header python3native pkgconfig - -CONFIGUREOPTS += " --with-system-ffi " - -CACHED_CONFIGUREVARS = "ac_cv_have_chflags=no \ - ac_cv_have_lchflags=no \ - ac_cv_have_long_long_format=yes \ - ac_cv_buggy_getaddrinfo=no \ - ac_cv_file__dev_ptmx=yes \ - ac_cv_file__dev_ptc=no \ -" - -TARGET_CC_ARCH += "-DNDEBUG -fno-inline" -SDK_CC_ARCH += "-DNDEBUG -fno-inline" -EXTRA_OEMAKE += "CROSS_COMPILE=yes" -EXTRA_OECONF += "CROSSPYTHONPATH=${STAGING_LIBDIR_NATIVE}/python${PYTHON_MAJMIN}/lib-dynload/ --without-ensurepip" - -export CROSS_COMPILE = "${TARGET_PREFIX}" -export _PYTHON_PROJECT_BASE = "${B}" -export _PYTHON_PROJECT_SRC = "${S}" -export CCSHARED = "-fPIC" - -# Fix cross compilation of different modules -export CROSSPYTHONPATH = "${STAGING_LIBDIR_NATIVE}/python${PYTHON_MAJMIN}/lib-dynload/:${B}/build/lib.linux-${TARGET_ARCH}-${PYTHON_MAJMIN}:${S}/Lib:${S}/Lib/plat-linux" - -# No ctypes option for python 3 -PYTHONLSBOPTS = "" - -do_configure_append() { - rm -f ${S}/Makefile.orig - autoreconf -Wcross --verbose --install --force --exclude=autopoint ../Python-${PV}/Modules/_ctypes/libffi -} - -do_compile() { - # regenerate platform specific files, because they depend on system headers - cd ${S}/Lib/plat-linux* - include=${STAGING_INCDIR} ${STAGING_BINDIR_NATIVE}/python3-native/python3 \ - ${S}/Tools/scripts/h2py.py -i '(u_long)' \ - ${STAGING_INCDIR}/dlfcn.h \ - ${STAGING_INCDIR}/linux/cdrom.h \ - ${STAGING_INCDIR}/netinet/in.h \ - ${STAGING_INCDIR}/sys/types.h - sed -e 's,${STAGING_DIR_HOST},,g' -i *.py - cd - - - - # remove any bogus LD_LIBRARY_PATH - sed -i -e s,RUNSHARED=.*,RUNSHARED=, Makefile - - if [ ! -f Makefile.orig ]; then - install -m 0644 Makefile Makefile.orig - fi - sed -i -e 's,^CONFIGURE_LDFLAGS=.*,CONFIGURE_LDFLAGS=-L. -L${STAGING_LIBDIR},g' \ - -e 's,libdir=${libdir},libdir=${STAGING_LIBDIR},g' \ - -e 's,libexecdir=${libexecdir},libexecdir=${STAGING_DIR_HOST}${libexecdir},g' \ - -e 's,^LIBDIR=.*,LIBDIR=${STAGING_LIBDIR},g' \ - -e 's,includedir=${includedir},includedir=${STAGING_INCDIR},g' \ - -e 's,^INCLUDEDIR=.*,INCLUDE=${STAGING_INCDIR},g' \ - -e 's,^CONFINCLUDEDIR=.*,CONFINCLUDE=${STAGING_INCDIR},g' \ - Makefile - # save copy of it now, because if we do it in do_install and - # then call do_install twice we get Makefile.orig == Makefile.sysroot - install -m 0644 Makefile Makefile.sysroot - - oe_runmake HOSTPGEN=${STAGING_BINDIR_NATIVE}/python3-native/pgen \ - HOSTPYTHON=${STAGING_BINDIR_NATIVE}/python3-native/python3 \ - STAGING_LIBDIR=${STAGING_LIBDIR} \ - STAGING_BASELIBDIR=${STAGING_BASELIBDIR} \ - STAGING_INCDIR=${STAGING_INCDIR} \ - LIB=${baselib} \ - ARCH=${TARGET_ARCH} \ - OPT="${CFLAGS}" libpython3.so - - oe_runmake HOSTPGEN=${STAGING_BINDIR_NATIVE}/python3-native/pgen \ - HOSTPYTHON=${STAGING_BINDIR_NATIVE}/python3-native/python3 \ - STAGING_LIBDIR=${STAGING_LIBDIR} \ - STAGING_INCDIR=${STAGING_INCDIR} \ - STAGING_BASELIBDIR=${STAGING_BASELIBDIR} \ - LIB=${baselib} \ - ARCH=${TARGET_ARCH} \ - OPT="${CFLAGS}" -} - -do_install() { - # make install needs the original Makefile, or otherwise the inclues would - # go to ${D}${STAGING...}/... - install -m 0644 Makefile.orig Makefile - - install -d ${D}${libdir}/pkgconfig - install -d ${D}${libdir}/python${PYTHON_MAJMIN}/config - - # rerun the build once again with original makefile this time - # run install in a separate step to avoid compile/install race - oe_runmake HOSTPGEN=${STAGING_BINDIR_NATIVE}/python3-native/pgen \ - HOSTPYTHON=${STAGING_BINDIR_NATIVE}/python3-native/python3 \ - STAGING_LIBDIR=${STAGING_LIBDIR} \ - STAGING_INCDIR=${STAGING_INCDIR} \ - STAGING_BASELIBDIR=${STAGING_BASELIBDIR} \ - LIB=${baselib} \ - ARCH=${TARGET_ARCH} \ - DESTDIR=${D} LIBDIR=${libdir} - - oe_runmake HOSTPGEN=${STAGING_BINDIR_NATIVE}/python3-native/pgen \ - HOSTPYTHON=${STAGING_BINDIR_NATIVE}/python3-native/python3 \ - STAGING_LIBDIR=${STAGING_LIBDIR} \ - STAGING_INCDIR=${STAGING_INCDIR} \ - STAGING_BASELIBDIR=${STAGING_BASELIBDIR} \ - LIB=${baselib} \ - ARCH=${TARGET_ARCH} \ - DESTDIR=${D} LIBDIR=${libdir} install - - # avoid conflict with 2to3 from Python 2 - rm -f ${D}/${bindir}/2to3 - - install -m 0644 Makefile.sysroot ${D}/${libdir}/python${PYTHON_MAJMIN}/config/Makefile - install -m 0644 Makefile.sysroot ${D}/${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_MAJMIN}${PYTHON_ABI}/Makefile - - if [ -e ${WORKDIR}/sitecustomize.py ]; then - install -m 0644 ${WORKDIR}/sitecustomize.py ${D}/${libdir}/python${PYTHON_MAJMIN} - fi - - oe_multilib_header python${PYTHON_BINABI}/pyconfig.h -} - -do_install_append_class-nativesdk () { - create_wrapper ${D}${bindir}/python${PYTHON_MAJMIN} TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo' -} - -SSTATE_SCAN_FILES += "Makefile" -PACKAGE_PREPROCESS_FUNCS += "py_package_preprocess" - -py_package_preprocess () { - # copy back the old Makefile to fix target package - install -m 0644 ${B}/Makefile.orig ${PKGD}/${libdir}/python${PYTHON_MAJMIN}/config/Makefile - install -m 0644 ${B}/Makefile.orig ${PKGD}/${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_MAJMIN}${PYTHON_ABI}/Makefile - # Remove references to buildmachine paths in target Makefile and _sysconfigdata - sed -i -e 's:--sysroot=${STAGING_DIR_TARGET}::g' -e s:'--with-libtool-sysroot=${STAGING_DIR_TARGET}'::g \ - ${PKGD}/${libdir}/python${PYTHON_MAJMIN}/config/Makefile \ - ${PKGD}/${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_MAJMIN}${PYTHON_ABI}/Makefile \ - ${PKGD}/${libdir}/python${PYTHON_MAJMIN}/_sysconfigdata.py -} - -require python-${PYTHON_MAJMIN}-manifest.inc - -# manual dependency additions -RPROVIDES_${PN}-modules = "${PN}" -RRECOMMENDS_${PN}-core = "${PN}-readline" -RRECOMMENDS_${PN}-crypt = "openssl" -RRECOMMENDS_${PN}-crypt_class-nativesdk = "nativesdk-openssl" - -FILES_${PN}-2to3 += "${bindir}/2to3-${PYTHON_MAJMIN}" -FILES_${PN}-pydoc += "${bindir}/pydoc${PYTHON_MAJMIN} ${bindir}/pydoc3" -FILES_${PN}-idle += "${bindir}/idle3 ${bindir}/idle${PYTHON_MAJMIN}" - -PACKAGES =+ "${PN}-pyvenv" -FILES_${PN}-pyvenv += "${bindir}/pyvenv-${PYTHON_MAJMIN} ${bindir}/pyvenv" - -# package libpython3 -PACKAGES =+ "libpython3 libpython3-staticdev" -FILES_libpython3 = "${libdir}/libpython*.so.*" -FILES_libpython3-staticdev += "${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_BINABI}/libpython${PYTHON_BINABI}.a" -INSANE_SKIP_${PN}-dev += "dev-elf" - -# catch all the rest (unsorted) -PACKAGES += "${PN}-misc" -RDEPENDS_${PN}-misc += "${PN}-core ${PN}-email ${PN}-codecs ${PN}-textutils ${PN}-argparse" -RDEPENDS_${PN}-modules += "${PN}-misc" -FILES_${PN}-misc = "${libdir}/python${PYTHON_MAJMIN}" - -# catch manpage -PACKAGES += "${PN}-man" -FILES_${PN}-man = "${datadir}/man" - -BBCLASSEXTEND = "nativesdk" diff --git a/meta/recipes-devtools/python/python3_3.5.3.bb b/meta/recipes-devtools/python/python3_3.5.3.bb new file mode 100644 index 0000000000..3b3cfebbf4 --- /dev/null +++ b/meta/recipes-devtools/python/python3_3.5.3.bb @@ -0,0 +1,223 @@ +require recipes-devtools/python/python.inc + +DEPENDS = "python3-native libffi bzip2 db gdbm openssl readline sqlite3 zlib virtual/libintl xz" +PR = "${INC_PR}.0" +PYTHON_MAJMIN = "3.5" +PYTHON_BINABI= "${PYTHON_MAJMIN}m" +DISTRO_SRC_URI ?= "file://sitecustomize.py" +DISTRO_SRC_URI_linuxstdbase = "" +SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ +file://python-config.patch \ +file://0001-cross-compile-support.patch \ +file://030-fixup-include-dirs.patch \ +file://070-dont-clean-ipkg-install.patch \ +file://080-distutils-dont_adjust_files.patch \ +file://130-readline-setup.patch \ +file://150-fix-setupterm.patch \ +file://0001-h2py-Fix-issue-13032-where-it-fails-with-UnicodeDeco.patch \ +file://tweak-MULTIARCH-for-powerpc-linux-gnuspe.patch \ +${DISTRO_SRC_URI} \ +" + +SRC_URI += "\ + file://03-fix-tkinter-detection.patch \ + file://avoid_warning_about_tkinter.patch \ + file://cgi_py.patch \ + file://host_include_contamination.patch \ + file://python-3.3-multilib.patch \ + file://shutil-follow-symlink-fix.patch \ + file://sysroot-include-headers.patch \ + file://unixccompiler.patch \ + file://avoid-ncursesw-include-path.patch \ + file://python3-use-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \ + file://python3-setup.py-no-host-headers-libs.patch \ + file://sysconfig.py-add-_PYTHON_PROJECT_SRC.patch \ + file://setup.py-check-cross_compiling-when-get-FLAGS.patch \ + file://setup.py-find-libraries-in-staging-dirs.patch \ + file://configure.ac-fix-LIBPL.patch \ + file://upstream-random-fixes.patch \ + " +SRC_URI[md5sum] = "57d1f8bfbabf4f2500273fb0706e6f21" +SRC_URI[sha256sum] = "eefe2ad6575855423ab630f5b51a8ef6e5556f774584c06beab4926f930ddbb0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=b680ed99aa60d350c65a65914494207e" + +# exclude pre-releases for both python 2.x and 3.x +UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar" + +S = "${WORKDIR}/Python-${PV}" + +inherit autotools multilib_header python3native pkgconfig + +CONFIGUREOPTS += " --with-system-ffi " + +CACHED_CONFIGUREVARS = "ac_cv_have_chflags=no \ + ac_cv_have_lchflags=no \ + ac_cv_have_long_long_format=yes \ + ac_cv_buggy_getaddrinfo=no \ + ac_cv_file__dev_ptmx=yes \ + ac_cv_file__dev_ptc=no \ +" + +TARGET_CC_ARCH += "-DNDEBUG -fno-inline" +SDK_CC_ARCH += "-DNDEBUG -fno-inline" +EXTRA_OEMAKE += "CROSS_COMPILE=yes" +EXTRA_OECONF += "CROSSPYTHONPATH=${STAGING_LIBDIR_NATIVE}/python${PYTHON_MAJMIN}/lib-dynload/ --without-ensurepip" + +export CROSS_COMPILE = "${TARGET_PREFIX}" +export _PYTHON_PROJECT_BASE = "${B}" +export _PYTHON_PROJECT_SRC = "${S}" +export CCSHARED = "-fPIC" + +# Fix cross compilation of different modules +export CROSSPYTHONPATH = "${STAGING_LIBDIR_NATIVE}/python${PYTHON_MAJMIN}/lib-dynload/:${B}/build/lib.linux-${TARGET_ARCH}-${PYTHON_MAJMIN}:${S}/Lib:${S}/Lib/plat-linux" + +# No ctypes option for python 3 +PYTHONLSBOPTS = "" + +do_configure_append() { + rm -f ${S}/Makefile.orig + autoreconf -Wcross --verbose --install --force --exclude=autopoint ../Python-${PV}/Modules/_ctypes/libffi +} + +do_compile() { + # regenerate platform specific files, because they depend on system headers + cd ${S}/Lib/plat-linux* + include=${STAGING_INCDIR} ${STAGING_BINDIR_NATIVE}/python3-native/python3 \ + ${S}/Tools/scripts/h2py.py -i '(u_long)' \ + ${STAGING_INCDIR}/dlfcn.h \ + ${STAGING_INCDIR}/linux/cdrom.h \ + ${STAGING_INCDIR}/netinet/in.h \ + ${STAGING_INCDIR}/sys/types.h + sed -e 's,${STAGING_DIR_HOST},,g' -i *.py + cd - + + + # remove any bogus LD_LIBRARY_PATH + sed -i -e s,RUNSHARED=.*,RUNSHARED=, Makefile + + if [ ! -f Makefile.orig ]; then + install -m 0644 Makefile Makefile.orig + fi + sed -i -e 's,^CONFIGURE_LDFLAGS=.*,CONFIGURE_LDFLAGS=-L. -L${STAGING_LIBDIR},g' \ + -e 's,libdir=${libdir},libdir=${STAGING_LIBDIR},g' \ + -e 's,libexecdir=${libexecdir},libexecdir=${STAGING_DIR_HOST}${libexecdir},g' \ + -e 's,^LIBDIR=.*,LIBDIR=${STAGING_LIBDIR},g' \ + -e 's,includedir=${includedir},includedir=${STAGING_INCDIR},g' \ + -e 's,^INCLUDEDIR=.*,INCLUDE=${STAGING_INCDIR},g' \ + -e 's,^CONFINCLUDEDIR=.*,CONFINCLUDE=${STAGING_INCDIR},g' \ + Makefile + # save copy of it now, because if we do it in do_install and + # then call do_install twice we get Makefile.orig == Makefile.sysroot + install -m 0644 Makefile Makefile.sysroot + + oe_runmake HOSTPGEN=${STAGING_BINDIR_NATIVE}/python3-native/pgen \ + HOSTPYTHON=${STAGING_BINDIR_NATIVE}/python3-native/python3 \ + STAGING_LIBDIR=${STAGING_LIBDIR} \ + STAGING_BASELIBDIR=${STAGING_BASELIBDIR} \ + STAGING_INCDIR=${STAGING_INCDIR} \ + LIB=${baselib} \ + ARCH=${TARGET_ARCH} \ + OPT="${CFLAGS}" libpython3.so + + oe_runmake HOSTPGEN=${STAGING_BINDIR_NATIVE}/python3-native/pgen \ + HOSTPYTHON=${STAGING_BINDIR_NATIVE}/python3-native/python3 \ + STAGING_LIBDIR=${STAGING_LIBDIR} \ + STAGING_INCDIR=${STAGING_INCDIR} \ + STAGING_BASELIBDIR=${STAGING_BASELIBDIR} \ + LIB=${baselib} \ + ARCH=${TARGET_ARCH} \ + OPT="${CFLAGS}" +} + +do_install() { + # make install needs the original Makefile, or otherwise the inclues would + # go to ${D}${STAGING...}/... + install -m 0644 Makefile.orig Makefile + + install -d ${D}${libdir}/pkgconfig + install -d ${D}${libdir}/python${PYTHON_MAJMIN}/config + + # rerun the build once again with original makefile this time + # run install in a separate step to avoid compile/install race + oe_runmake HOSTPGEN=${STAGING_BINDIR_NATIVE}/python3-native/pgen \ + HOSTPYTHON=${STAGING_BINDIR_NATIVE}/python3-native/python3 \ + STAGING_LIBDIR=${STAGING_LIBDIR} \ + STAGING_INCDIR=${STAGING_INCDIR} \ + STAGING_BASELIBDIR=${STAGING_BASELIBDIR} \ + LIB=${baselib} \ + ARCH=${TARGET_ARCH} \ + DESTDIR=${D} LIBDIR=${libdir} + + oe_runmake HOSTPGEN=${STAGING_BINDIR_NATIVE}/python3-native/pgen \ + HOSTPYTHON=${STAGING_BINDIR_NATIVE}/python3-native/python3 \ + STAGING_LIBDIR=${STAGING_LIBDIR} \ + STAGING_INCDIR=${STAGING_INCDIR} \ + STAGING_BASELIBDIR=${STAGING_BASELIBDIR} \ + LIB=${baselib} \ + ARCH=${TARGET_ARCH} \ + DESTDIR=${D} LIBDIR=${libdir} install + + # avoid conflict with 2to3 from Python 2 + rm -f ${D}/${bindir}/2to3 + + install -m 0644 Makefile.sysroot ${D}/${libdir}/python${PYTHON_MAJMIN}/config/Makefile + install -m 0644 Makefile.sysroot ${D}/${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_MAJMIN}${PYTHON_ABI}/Makefile + + if [ -e ${WORKDIR}/sitecustomize.py ]; then + install -m 0644 ${WORKDIR}/sitecustomize.py ${D}/${libdir}/python${PYTHON_MAJMIN} + fi + + oe_multilib_header python${PYTHON_BINABI}/pyconfig.h +} + +do_install_append_class-nativesdk () { + create_wrapper ${D}${bindir}/python${PYTHON_MAJMIN} TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo' +} + +SSTATE_SCAN_FILES += "Makefile" +PACKAGE_PREPROCESS_FUNCS += "py_package_preprocess" + +py_package_preprocess () { + # copy back the old Makefile to fix target package + install -m 0644 ${B}/Makefile.orig ${PKGD}/${libdir}/python${PYTHON_MAJMIN}/config/Makefile + install -m 0644 ${B}/Makefile.orig ${PKGD}/${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_MAJMIN}${PYTHON_ABI}/Makefile + # Remove references to buildmachine paths in target Makefile and _sysconfigdata + sed -i -e 's:--sysroot=${STAGING_DIR_TARGET}::g' -e s:'--with-libtool-sysroot=${STAGING_DIR_TARGET}'::g \ + ${PKGD}/${libdir}/python${PYTHON_MAJMIN}/config/Makefile \ + ${PKGD}/${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_MAJMIN}${PYTHON_ABI}/Makefile \ + ${PKGD}/${libdir}/python${PYTHON_MAJMIN}/_sysconfigdata.py +} + +require python-${PYTHON_MAJMIN}-manifest.inc + +# manual dependency additions +RPROVIDES_${PN}-modules = "${PN}" +RRECOMMENDS_${PN}-core = "${PN}-readline" +RRECOMMENDS_${PN}-crypt = "openssl" +RRECOMMENDS_${PN}-crypt_class-nativesdk = "nativesdk-openssl" + +FILES_${PN}-2to3 += "${bindir}/2to3-${PYTHON_MAJMIN}" +FILES_${PN}-pydoc += "${bindir}/pydoc${PYTHON_MAJMIN} ${bindir}/pydoc3" +FILES_${PN}-idle += "${bindir}/idle3 ${bindir}/idle${PYTHON_MAJMIN}" + +PACKAGES =+ "${PN}-pyvenv" +FILES_${PN}-pyvenv += "${bindir}/pyvenv-${PYTHON_MAJMIN} ${bindir}/pyvenv" + +# package libpython3 +PACKAGES =+ "libpython3 libpython3-staticdev" +FILES_libpython3 = "${libdir}/libpython*.so.*" +FILES_libpython3-staticdev += "${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_BINABI}/libpython${PYTHON_BINABI}.a" +INSANE_SKIP_${PN}-dev += "dev-elf" + +# catch all the rest (unsorted) +PACKAGES += "${PN}-misc" +RDEPENDS_${PN}-misc += "${PN}-core ${PN}-email ${PN}-codecs ${PN}-textutils ${PN}-argparse" +RDEPENDS_${PN}-modules += "${PN}-misc" +FILES_${PN}-misc = "${libdir}/python${PYTHON_MAJMIN}" + +# catch manpage +PACKAGES += "${PN}-man" +FILES_${PN}-man = "${datadir}/man" + +BBCLASSEXTEND = "nativesdk" -- cgit 1.2.3-korg