| Age | Commit message (Collapse) | Author |
|---|
|
Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.
PoC:
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is related to "SSLv3 POODLE vulnerability" CVE-2014-3566
Building python without SSLv3 support when openssl is built without
any support for SSLv3 (e.g. by adding EXTRA_OECONF = " -no-ssl3" in
the openssl recipes).
Backport from:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768611#22
[python2.7-nossl3.patch] only Modules/_ssl.c is backported.
References:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7015
https://bugzilla.yoctoproject.org/show_bug.cgi?id=6843
http://bugs.python.org/issue22638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
A remote user can send specially crafted data to trigger a buffer overflow
in socket.recvfrom_into() and execute arbitrary code on the target system.
The code will run with the privileges of the target service.
This back-ported patch fixes CVE-2014-1912
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport two patches from upstream:
use new readline function types (closes #20374)
Issue #20374: Avoid compiler warnings when compiling readline with libedit.
[YOCTO #6107]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This back ported patch fixes CVE-2013-1752 for smtplib
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Reviewed-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When using make -j with the 'install' target, it's possible for altbininstall
(which normally creates BINDIR) and libainstall (which doesn't, though it
installs python-config there) to race, resulting in a failure due to
attempting to install python-config into a nonexistent BINDIR. Ensure it also
exists in the libainstall target.
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These are back ports of 2 patches from upstream to address
CVE-2011-4944
CVE-2013-4238
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Install python test suite and run it as ptest
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This fixes errors in packages using python( build with gcc 4.8)
|
/home/jenkins/oe/shr-core-branches/shr-core/tmp-eglibc/sysroots/qemuarm/usr/include/python2.7/modsupport.h:27:1:
error: 'PyArg_ParseTuple' is an unrecognized format function type
[-Werror=format=]
| PyAPI_FUNC(int) PyArg_ParseTuple(PyObject *, const char *, ...)
Py_FORMAT_PARSETUPLE(PyArg_ParseTuple, 2, 3);
| ^
| cc1: all warnings being treated as errors
| cc1: all warnings being treated as errors
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We had hard coded python-native and python's default optimization to 1,
which made the "assert" statement didn't work, and removed the "-O/-OO"
(optimization options), the target python had a "-N" option to disable
the default optimization, but the native python didn't.
I think that we can set the environment variable PYTHONOPTIMIZE or use
"python -O" if we need to optimize, but I'm not sure whether we need to
set it by default, it would confuse the user or cause/hide unexpected
problems if the "assert" doesn't work.
[YOCTO #4427]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Reference:http://bugs.python.org/issue14579
The utf-16 decoder in Python 3.1 through 3.3 does not update the
aligned_end variable after calling the unicode_decode_call_errorhandler
function, which allows remote attackers to obtain sensitive information
(process memory) or cause a denial of service (memory corruption and crash)
via unspecified vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
[YOCTO #3450]
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Its bad practise to poke into the sysroot without knowledge of sstate.
This adds a patch to python allowing us to account for cross compiling
and allow it to find the Makefile/pyconfig.h files without needing them
in the sysroot for do_compile/do_install to complete.
Tested on two architectures and compared with buildhistory with no
significant delta.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
On non-gplv3 builds, gdbm gets built different due to the different version
which triggers a different codepath in python's db support and then hence
triggers an invalid RPATH QA issue. This change extends the appropriate patch
to cover the code paths we need it to cover and avoid adding the problematic
RPATH.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
_bsddb module in python 2.7 could be built only with db version
between 4.1 and 4.7. A patch was added to avoid build warning
about this for [YOCTO #1937] but not actually fixed it.
This patch enable _bsddb module be built with db 5.3, and remove
--disable-statistics from the DB5_CONFIG to fix segmentation fault
when using _bsddb module in python.
[YOCTO #2749]
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
bin/python2 link is provided by the python install process,
so no need to create it.
rebase these patches to the newer code:
fix_for_using_different_libdir.patch
04-default-is-optimized.patch
remove this patch as it is upstream now:
sys_platform_is_now_always_linux2.patch
Change default python version to 2.7.3 in the distro config
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
|
|
sunaudiodev module is sunos specific so we avoid a warning by not.
adding this module to missing variable.
[YOCTO #1937]
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
_tkinter module needs tk module along with tcl. tk is not yet integrated
in yocto so we skip the check for this module.
Avoid a warning by not adding this module to missing variable.
[YOCTO #1937]
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
_bsddb module can be built only with db version between 4.1 and 4.7.
Avoid a warning by not adding this module to missing variable.
[YOCTO #1937]
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
python should search for db.h in inc_dirs and not in a hardcoded path.
If db.h is found but HASHVERSION is not 2 we avoid a warning by not.
adding this module to missing variable.
[YOCTO #1937]
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch was added for 64bit host machines. In the compile process python
is checking if platform is a 64bit platform using sys.maxint which is the host's
value. The patch fixes this issue so that python would check if TARGET machine
is 64bit not the HOST machine. In this way will have "dl" and "imageop" modules
built if HOST machine is 64bit but the target machine is 32bit.
[YOCTO #1937]
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The move of libcrypto to /lib instead of /usr/lib has broken the _hashlib module
compilation. There were also a number of other failing modules which should
have been building correctly. This turned out partly to be the /lib issue
but also due to a number of native paths creeping into compiler commandlines.
These changes add in /lib as part of the searh directory and remove
a number of host contamination issues within setup.py. Post release we
should really further go through this file and just delete large sections
of it as its hard to be sure what strange paths python is injecting as
search paths.
This patch also fixes issues where re-execution of the compile task
would corrupt the Makefile in various ways, again leading to puzzling
paths within the configuration.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This commit fixes python's install issue of not finding the
native pythong binray modules.
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
|
|
* Fixes many problems with linux2 vs. linux3. At least:
- Detected version was from build-host instead of target-host.
- linuxaudiodev and ossaudiodev were disabled for linux3.
- Files were missing in /usr/lib/python2.7/plat-linux3.
* Imported from upstream HG rev c816479f6aaf
* Bugtracker URL: http://bugs.python.org/issue12326
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The problem is due to mixing of headers from host system
thusly corrected in setup.py by checkinng if we are cross
compiling
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The internal md5 module is needed for using "waf" to install
other python packages such as pycairo.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
build_extension() in setup.py, as part of the build process, does an
'import check' on the built extension. The import check in turn
dlopen()'s the shared library associated with the extension, which
isn't something that makes sense if that library was cross-compiled
for a different architecture.
This was noticed with an x86_64 target that was compiled with avx
support, because it caused 'illegal instruction' exceptions:
| /bin/sh: line 1: 14575 Illegal instruction ... -E ./setup.py -q build
For other target architectures, it doesn't necessarily cause illegal
instruction exceptions, but still fails. For example, on arm, the
failure pathway causes this warning:
*** WARNING: renaming "cmath" since importing it failed: .../cmath.so:
wrong ELF class: ELFCLASS32
This patch to setup.py and the associated recipe changes allow the
whole 'import check' logic to be skipped when cross-compiling.
Signed-off-by: Tom Zanussi <tom.zanussi@intel.com>
|
|
Rebased these patches to the newer code
modified: python-native/nohostlibs.patch
modified: python/01-use-proper-tools-for-cross-build.patch
modified: python/06-avoid_usr_lib_termcap_path_in_linking.patch
modified: python/06-ctypes-libffi-fix-configure.patch
modified: python/multilib.patch
Deleted these patches are the are now upstream
deleted: python/02-remove-test-for-cross.patch
deleted: python/security_issue_2254_fix.patch
Added this patch to python-native
new file: python-native/multilib.patch
Updated site config file for python
modified: ../../site/common-linux : add ac_cv_have_long_long_format for python
avoid this error in python:
Include/pyport.h:243:13: error: #error "This platform's pyconfig.h needs to define PY_FORMAT_LONG_LONG"
Updated default python version
modified: ../../conf/distro/include/default-versions.inc
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
By default cgi.py attempts to use /usr/local/bin/python as its
interpreter. However, on my Linux systems, including OE-Core,
python is installed into {bindir}. Adjust this one file based on
the comment at the top of the upstream file.
This resolves an issue where a runtime dependency discovered during
RPM packaging breaks the rootfs construction.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This Fixes bug: [Yocto #1254]
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1015
Issue #2254: Fix CGIHTTPServer information disclosure. Relative paths are
now collapsed within the url properly before looking in cgi_directories.
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
python has several place hard code "lib" which breaks build
when libdir=/usr/lib64. SUSE has a patch to fix this issue.
So this patch add the SUSE patch to address this issue
Signed-off-by: Yu Ke <ke.yu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
python: update upstream-status for patches
binutils: update upstream-status for patches
gcc 4.5.1 4.6.0: update upstream-status for patches
autoconf: update upstream-status for patches
automake: update upstream-status for patches
bison: update upstream-status for patches
distcc: update upstream-status of patches
fstests: update upstream-status for patches
gdb: update upstream-status of patches
intltool: update upstream-status of patches
libtool: update upstream status of patches
linux-libc-headers: update upstream-status for patches
make: update upstream-status for patches
perl: update upstream-status for patches
python-pycurl: update upstream-status for patches
python-pygobject: update upstream status for patches
python-pyrex: update upstream-status for patches
quilt: update upstream-status of patches
tcl: update upstream-status for patches
gnu-config: update upstream-status for patches
gmp: update upstream-status for patches
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
|
|
Contributed by Martin Jansa via OE
Fixes [YOCTO #1003]
Signed-off-by: Antonio Ospite <ospite@studenti.unina.it>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Removed these patch:
python-native-2.6.5/00-fix-bindir-libdir-for-cross.patch
python/00-fix-bindir-libdir-for-cross.patch
The upstream code has changed, and it does not need the above 2 patches
(fixes) anymore.
Patches rebased to the newer code:
python/01-use-proper-tools-for-cross-build.patch
python/04-default-is-optimized.patch
python/06-avoid_usr_lib_termcap_path_in_linking.patch
python/99-ignore-optimization-flag.patch
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
|
|
This fixes [BUGID #385]
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
|
|
Having one monolithic packages directory makes it hard to find things
and is generally overwhelming. This commit splits it into several
logical sections roughly based on function, recipes.txt gives more
information about the classifications used.
The opportunity is also used to switch from "packages" to "recipes"
as used in OpenEmbedded as the term "packages" can be confusing to
people and has many different meanings.
Not all recipes have been classified yet, this is just a first pass
at separating things out. Some packages are moved to meta-extras as
they're no longer actively used or maintained.
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
|
Sona Sarmadi
Maxin B. John
Chong Lu
Christopher Larson
Saul Wold
Tudor Florea
Khem Raj
Robert Yang
yanjun.zhu
Richard Purdie
Jackie Huang
Nitin A Kamble
Andrei Gherzan
Andreas Oberritter
Tom Zanussi
Mark Hatle
Martin Jansa
Yu Ke
Richard Purdie