Age | Commit message (Collapse) | Author |
|
Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.
PoC:
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is related to "SSLv3 POODLE vulnerability" CVE-2014-3566
Building python without SSLv3 support when openssl is built without
any support for SSLv3 (e.g. by adding EXTRA_OECONF = " -no-ssl3" in
the openssl recipes).
Backport from:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768611#22
[python2.7-nossl3.patch] only Modules/_ssl.c is backported.
References:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7015
https://bugzilla.yoctoproject.org/show_bug.cgi?id=6843
http://bugs.python.org/issue22638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
If DISTRO_FEATURES contains "largefile", force the size of off_t to 8 as
a workaround for having ac_cv_sizeof_off_t=4 on 32-bit systems. In
future we will likely drop the value from the site file, but for now
this is a slightly safer fix.
Fixes [YOCTO #6813].
(From OE-Core master rev: a8216030ee6c65531de8fbf3eed878a345a94edc)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A remote user can send specially crafted data to trigger a buffer overflow
in socket.recvfrom_into() and execute arbitrary code on the target system.
The code will run with the privileges of the target service.
This back-ported patch fixes CVE-2014-1912
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport two patches from upstream:
use new readline function types (closes #20374)
Issue #20374: Avoid compiler warnings when compiling readline with libedit.
[YOCTO #6107]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This back ported patch fixes CVE-2013-1752 for smtplib
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Reviewed-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
So it can get the correct python direcotries for python2
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
When using make -j with the 'install' target, it's possible for altbininstall
(which normally creates BINDIR) and libainstall (which doesn't, though it
installs python-config there) to race, resulting in a failure due to
attempting to install python-config into a nonexistent BINDIR. Ensure it also
exists in the libainstall target.
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Python recipe did a sed s/ccache/$(CCACHE) on the Makefile, which
replaces all "ccache" including ones that consist of a full path.
This leads to build error when building in a project path with
"ccache" in its name. Fix it by only replacing "ccache " with
"$(CCACHE) ".
Signed-off-by: Lei Liu <lei.liu2@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The run-ptest contained in python uses a Makefile. The path of the
Makefile is changed to ${libdir}/python/ptest in do_install_ptest.
However, the directory is wrong when the project is configured with
"--enable-multilib=lib32"
In addition, do_install_ptest is defined before "inherit ptest", so
it is overriden by the one in ptest.bbclass. do_install_ptest is
moved down.
Signed-off-by: Zhangle Yang <zhangle.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
At the start of install, python swizzles the makefiles around, leading
to chunks of do_compile running again. These race against the install
target, leading to errors if pieces are being recompiled whilst others
are being installed.
For now, workaround this by running the compile target with the new
makefile, then running install ensuring a parallel make race doesn't
happen.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These are back ports of 2 patches from upstream to address
CVE-2011-4944
CVE-2013-4238
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Install python test suite and run it as ptest
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Currently if you build nativesdk-python, install it and try and run it,
you see it search in the default nativesdk path for terminfo files
when the readline module is used.
If terminfo files cannot be found, or if the ones found are incorrect,
the system may emit control characters which confuse commandline
processing.
This patch sets the TERMINFO_DIRS variable to ensure the correct locations
are searched for terminfo files, starting with the nativesdk terminfo files
and falling back to the host systtem's.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This fixes errors in packages using python( build with gcc 4.8)
|
/home/jenkins/oe/shr-core-branches/shr-core/tmp-eglibc/sysroots/qemuarm/usr/include/python2.7/modsupport.h:27:1:
error: 'PyArg_ParseTuple' is an unrecognized format function type
[-Werror=format=]
| PyAPI_FUNC(int) PyArg_ParseTuple(PyObject *, const char *, ...)
Py_FORMAT_PARSETUPLE(PyArg_ParseTuple, 2, 3);
| ^
| cc1: all warnings being treated as errors
| cc1: all warnings being treated as errors
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We had hard coded python-native and python's default optimization to 1,
which made the "assert" statement didn't work, and removed the "-O/-OO"
(optimization options), the target python had a "-N" option to disable
the default optimization, but the native python didn't.
I think that we can set the environment variable PYTHONOPTIMIZE or use
"python -O" if we need to optimize, but I'm not sure whether we need to
set it by default, it would confuse the user or cause/hide unexpected
problems if the "assert" doesn't work.
[YOCTO #4427]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
buildpaths
Running 'python setup.py build' would fail due to the python Makefile having
CC= i586-angstrom-linux-gcc -m32 -march=core2 -msse3 -mtune=generic -mfpmath=sse --sysroot=/home/koen/v2012.12/build/tmp-angstrom_v2012_12-eglibc/sysroots/fri2
CXX= i586-angstrom-linux-g++ -m32 -march=core2 -msse3 -mtune=generic -mfpmath=sse --sysroot=/home/koen/v2012.12/build/tmp-angstrom_v2012_12-eglibc/sysroots/fri2
'--with-libtool-sysroot=/home/koen/v2012.12/build/tmp-angstrom_v2012_12-eglibc/sysroots/fri2'
And more
Multiple users have reported this problem:
http://hipstercircuits.com/?p=499
http://www.gigamegablog.com/2012/09/09/beaglebone-coding-101-spi-output/
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Reference:http://bugs.python.org/issue14579
The utf-16 decoder in Python 3.1 through 3.3 does not update the
aligned_end variable after calling the unicode_decode_call_errorhandler
function, which allows remote attackers to obtain sensitive information
(process memory) or cause a denial of service (memory corruption and crash)
via unspecified vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
[YOCTO #3450]
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Its bad practise to poke into the sysroot without knowledge of sstate.
This adds a patch to python allowing us to account for cross compiling
and allow it to find the Makefile/pyconfig.h files without needing them
in the sysroot for do_compile/do_install to complete.
Tested on two architectures and compared with buildhistory with no
significant delta.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The overrides virtclass-native and virtclass-nativesdk are deprecated,
which should be replaced by class-native and class-nativesdk.
[YOCTO #3297]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
As discussed on the mailing lists, using a suffix to package names is
hard and has lead to many recipes having to do PKGSUFFIX games. Its
looking extremely hard to scale nativesdk much further without hacking
many recipes.
By comparison, using a prefix like multilib does works much better and
doesn't involve "hacking" as many recipes. This change converts nativesdk
to use a prefix using the existing multilib infrastructure.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
_bsddb module in python 2.7 could be built only with db version
between 4.1 and 4.7. A patch was added to avoid build warning
about this for [YOCTO #1937] but not actually fixed it.
This patch enable _bsddb module be built with db 5.3, and remove
--disable-statistics from the DB5_CONFIG to fix segmentation fault
when using _bsddb module in python.
[YOCTO #2749]
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add pythonnative onto the list of inherits and update the paths to the binaries
referenced in the recipe to the new paths.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Without this, python-nativesdk-crypt can depend on openssl which is incorrect.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
bin/python2 link is provided by the python install process,
so no need to create it.
rebase these patches to the newer code:
fix_for_using_different_libdir.patch
04-default-is-optimized.patch
remove this patch as it is upstream now:
sys_platform_is_now_always_linux2.patch
Change default python version to 2.7.3 in the distro config
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
|