Age | Commit message (Collapse) | Author |
|
CVE-2016-5636.patch and avoid_parallel_make_races_on_pgen.patch were
removed from SRC_URI as handled upstream in adf4266524d0d.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Rebased:
- python-native/multilib.patch
- python/multilib.patch
- python/01-use-proper-tools-for-cross-build.patch
Upstream:
- CVE-2016-1000110
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport a patch from 2.7 branch to fix a regression with glibc
2.24 causing "OSError: [Errno 38] Function not implemented" when
calling urandom() with older kernels.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport patch to fix CVE-2016-1000110 from python upstream:
for python2.7
https://hg.python.org/cpython/rev/ba915d561667/
for python3
https://hg.python.org/cpython/rev/a0ac52ed8f79
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
LICENSE did not change, only dates were changed
Rebases:
- multilib.patch
- 01-use-proper-tools-for-cross-build.patch
Upstream:
- avoid_parallel_make_races_on_pgen.patch
- CVE-2016-5636.patch
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Affects python2 < 2.7.11
Base score (4.4) Medium
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Enforce the correct tag names across all of oe-core for consistency.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
BUILD_SYS variables
The code that utilized them was superseded by the code (in the same patch!)
that is utilizing STAGING_LIBDIR/STAGING_INCDIR, and wasn't correct in the
first place as HOST_SYS is not necessarily the same as the sysroot directory
name.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
* restore changes from:
http://git.openembedded.org/openembedded-core/commit/?id=53ae544cfdac22c82af452b8c7ebe6664296bd9b
* which were shamelessly removed in upgrade to 2.7.9:
http://git.openembedded.org/openembedded-core/commit/?id=d4ad95f0d5f08891637c644e85b09da9c4585059
and then spread to python3 as well
* fixes following issues reported by test-dependencies
WARN: python3: python3-tkinter rdepends on glibc, but it isn't a build dependency?
WARN: python3: python3-tkinter rdepends on libpython3, but it isn't a build dependency?
WARN: python3: python3-tkinter rdepends on tcl-lib, but it isn't a build dependency?
WARN: python: python-tkinter rdepends on glibc, but it isn't a build dependency?
WARN: python: python-tkinter rdepends on libpython2, but it isn't a build dependency?
WARN: python: python-tkinter rdepends on tcl-lib, but it isn't a build dependency?
and following QA warnings in normal builds:
python-2.7.11: python-tkinter rdepends on tcl-lib, but it isn't a build dependency, missing tcl in DEPENDS or PACKAGECONFIG? [build-deps]
python-2.7.11: /usr/lib/python2.7/lib-dynload/_tkinter.so contained in package python-tkinter requires libtk8.6.so, but no providers found in RDEPENDS_python-tkinter? [file-rdeps]
python3-3.5.1: python3-tkinter rdepends on tcl-lib, but it isn't a build dependency, missing tcl in DEPENDS or PACKAGECONFIG? [build-deps]
python3-3.5.1: /usr/lib/python3.5/lib-dynload/_tkinter.cpython-35m-arm-linux-gnueabi.so contained in package python3-tkinter requires libtk8.6.so, but no providers found in RDEPENDS_python3-tkinter? [file-rdeps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- no license change, just dates
Rebased:
- check-if-target-is-64b-not-host.patch
- add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If the target and host have the same type, the system
may try to execute the instructions from the target
version. This can lead to illegal instructions
as well as the wrong copy of the code running.
Add CROSSPYTHONPATH for PYTHON_FOR_BUILD and export
the correct path to fix it.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix a variety of problems such as typos, bad punctuations, or incorrect
Upstream-Status values.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Parallel make races when linking PGEN affects target's python
compilation as well, adds patch from python-native to modify the
Makefile and avoid parallel make races, also updates upstream status
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Based on Paul Eggletons work to partially upgrade to Python 2.7.6
Modified:
default-versions.inc: switched to python 2.7.9
generate-manifest-2.7.py: fixed _sysconfigdata
python-2.7-manifest.inc: fixed _sysconfigdata
python.inc: Updated checksums and source, no LICENSE
change just updated some dates
python-native_2.7.3 -> python-native_2.7.9 and updated patches
python_2.7.3 -> python_2.7.9, and added ac_cv_file__dev_ptmx=no
ac_cv_file__dev_ptc=no in EXTRA_OECONF to solve python
issue #3754, only needed when cross compiling, also updated patches
use_sysroot_ncurses_instead_of_host.patch: New patch to use ncursesw
from sysroot instead of hosts, introduced by fix for python issue #15268
Rebased:
01-use-proper-tools-for-cross-build.patch
03-fix-tkinter-detection.patch
05-enable-ctypes-cross-build.patch
06-avoid_usr_lib_termcap_path_in_linking.patch
avoid_warning_about_tkinter.patch
builddir.patch
fix_for_using_different_libdir.patch
host_include_contamination.patch
multilib.patch
nohostlibs.patch
search_db_h_in_inc_dirs_and_avoid_warning.patch
Deleted (fixed on upstream):
06-ctypes-libffi-fix-configure.patch
CVE-2013-4073_py27.patch
gcc-4.8-fix-configure-Wformat.patch
json-flaw-fix.patch
posix_close.patch
pypirc-secure.patch
python-2.7.3-CVE-2012-2135.patch
python-2.7.3-CVE-2013-1752-smtplib-fix.patch
python-2.7.3-CVE-2014-1912.patch
python-2.7.3-CVE-2014-7185.patch
python-2.7.3-berkeley-db-5.3.patch
python-fix-build-error-with-Readline-6.3.patch
remove-BOM-insection-code.patch
remove_sqlite_rpath.patch
python2.7.3-nossl3.patch
[YOCTO #7059]
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
|
|
This is related to "SSLv3 POODLE vulnerability" CVE-2014-3566
Building python without SSLv3 support when openssl is built without
any support for SSLv3 (e.g. by adding EXTRA_OECONF = " -no-ssl3" in
the openssl recipes).
Backport from:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768611#22
[python2.7-nossl3.patch] only Modules/_ssl.c is backported.
References:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7015
https://bugzilla.yoctoproject.org/show_bug.cgi?id=6843
http://bugs.python.org/issue22638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.
This back-ported patch fixes CVE-2014-7185
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport patch from:
https://hg.python.org/cpython/rev/af46a001d5ec
SysLogHandler converts message to utf8 and adds BOM, supposedly
to conform with RFC5424, but the implementation is broken:
the RFC specifies that the BOM should prefix only unstructured
message part, but current Python implementation puts it in the
middle of structured part, thus confusing RFC-compliant receivers.
Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
musl has posix_close which conflicts in python
so lets rename it.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
http://bugs.python.org/issue21529
Python 2 and 3 are susceptible to arbitrary process memory reading by
a user or adversary due to a bug in the _json module caused by
insufficient bounds checking.
The sole prerequisites of this attack are that the attacker is able to
control or influence the two parameters of the default scanstring
function: the string to be decoded and the index.
The bug is caused by allowing the user to supply a negative index
value. The index value is then used directly as an index to an array
in the C code; internally the address of the array and its index are
added to each other in order to yield the address of the value that is
desired. However, by supplying a negative index value and adding this
to the address of the array, the processor's register value wraps
around and the calculated value will point to a position in memory
which isn't within the bounds of the supplied string, causing the
function to access other parts of the process memory.
Signed-off-by: Benjamin Peterson <benjamin@python.org>
Applied to python-native recipe in order to fix the above mentioned
vulnerability.
Upstream-Status: Submitted
Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Avoids the determinism problem shown with the warnings:
WARNING: QA Issue: python-tkinter rdepends on libx11 but its not a build dependency? [build-deps]
WARNING: QA Issue: python-tkinter rdepends on tcl-lib but its not a build dependency? [build-deps
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A remote user can send specially crafted data to trigger a buffer overflow
in socket.recvfrom_into() and execute arbitrary code on the target system.
The code will run with the privileges of the target service.
This back-ported patch fixes CVE-2014-1912
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport two patches from upstream:
use new readline function types (closes #20374)
Issue #20374: Avoid compiler warnings when compiling readline with libedit.
[YOCTO #6107]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This back ported patch fixes CVE-2013-1752 for smtplib
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Reviewed-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When using make -j with the 'install' target, it's possible for altbininstall
(which normally creates BINDIR) and libainstall (which doesn't, though it
installs python-config there) to race, resulting in a failure due to
attempting to install python-config into a nonexistent BINDIR. Ensure it also
exists in the libainstall target.
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These are back ports of 2 patches from upstream to address
CVE-2011-4944
CVE-2013-4238
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Install python test suite and run it as ptest
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This fixes errors in packages using python( build with gcc 4.8)
|
/home/jenkins/oe/shr-core-branches/shr-core/tmp-eglibc/sysroots/qemuarm/usr/include/python2.7/modsupport.h:27:1:
error: 'PyArg_ParseTuple' is an unrecognized format function type
[-Werror=format=]
| PyAPI_FUNC(int) PyArg_ParseTuple(PyObject *, const char *, ...)
Py_FORMAT_PARSETUPLE(PyArg_ParseTuple, 2, 3);
| ^
| cc1: all warnings being treated as errors
| cc1: all warnings being treated as errors
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We had hard coded python-native and python's default optimization to 1,
which made the "assert" statement didn't work, and removed the "-O/-OO"
(optimization options), the target python had a "-N" option to disable
the default optimization, but the native python didn't.
I think that we can set the environment variable PYTHONOPTIMIZE or use
"python -O" if we need to optimize, but I'm not sure whether we need to
set it by default, it would confuse the user or cause/hide unexpected
problems if the "assert" doesn't work.
[YOCTO #4427]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Reference:http://bugs.python.org/issue14579
The utf-16 decoder in Python 3.1 through 3.3 does not update the
aligned_end variable after calling the unicode_decode_call_errorhandler
function, which allows remote attackers to obtain sensitive information
(process memory) or cause a denial of service (memory corruption and crash)
via unspecified vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
[YOCTO #3450]
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Its bad practise to poke into the sysroot without knowledge of sstate.
This adds a patch to python allowing us to account for cross compiling
and allow it to find the Makefile/pyconfig.h files without needing them
in the sysroot for do_compile/do_install to complete.
Tested on two architectures and compared with buildhistory with no
significant delta.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
On non-gplv3 builds, gdbm gets built different due to the different version
which triggers a different codepath in python's db support and then hence
triggers an invalid RPATH QA issue. This change extends the appropriate patch
to cover the code paths we need it to cover and avoid adding the problematic
RPATH.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
_bsddb module in python 2.7 could be built only with db version
between 4.1 and 4.7. A patch was added to avoid build warning
about this for [YOCTO #1937] but not actually fixed it.
This patch enable _bsddb module be built with db 5.3, and remove
--disable-statistics from the DB5_CONFIG to fix segmentation fault
when using _bsddb module in python.
[YOCTO #2749]
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
bin/python2 link is provided by the python install process,
so no need to create it.
rebase these patches to the newer code:
fix_for_using_different_libdir.patch
04-default-is-optimized.patch
remove this patch as it is upstream now:
sys_platform_is_now_always_linux2.patch
Change default python version to 2.7.3 in the distro config
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
|
|
sunaudiodev module is sunos specific so we avoid a warning by not.
adding this module to missing variable.
[YOCTO #1937]
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
_tkinter module needs tk module along with tcl. tk is not yet integrated
in yocto so we skip the check for this module.
Avoid a warning by not adding this module to missing variable.
[YOCTO #1937]
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
_bsddb module can be built only with db version between 4.1 and 4.7.
Avoid a warning by not adding this module to missing variable.
[YOCTO #1937]
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
python should search for db.h in inc_dirs and not in a hardcoded path.
If db.h is found but HASHVERSION is not 2 we avoid a warning by not.
adding this module to missing variable.
[YOCTO #1937]
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch was added for 64bit host machines. In the compile process python
is checking if platform is a 64bit platform using sys.maxint which is the host's
value. The patch fixes this issue so that python would check if TARGET machine
is 64bit not the HOST machine. In this way will have "dl" and "imageop" modules
built if HOST machine is 64bit but the target machine is 32bit.
[YOCTO #1937]
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The move of libcrypto to /lib instead of /usr/lib has broken the _hashlib module
compilation. There were also a number of other failing modules which should
have been building correctly. This turned out partly to be the /lib issue
but also due to a number of native paths creeping into compiler commandlines.
These changes add in /lib as part of the searh directory and remove
a number of host contamination issues within setup.py. Post release we
should really further go through this file and just delete large sections
of it as its hard to be sure what strange paths python is injecting as
search paths.
This patch also fixes issues where re-execution of the compile task
would corrupt the Makefile in various ways, again leading to puzzling
paths within the configuration.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This commit fixes python's install issue of not finding the
native pythong binray modules.
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
|
|
* Fixes many problems with linux2 vs. linux3. At least:
- Detected version was from build-host instead of target-host.
- linuxaudiodev and ossaudiodev were disabled for linux3.
- Files were missing in /usr/lib/python2.7/plat-linux3.
* Imported from upstream HG rev c816479f6aaf
* Bugtracker URL: http://bugs.python.org/issue12326
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The problem is due to mixing of headers from host system
thusly corrected in setup.py by checkinng if we are cross
compiling
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The internal md5 module is needed for using "waf" to install
other python packages such as pycairo.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
build_extension() in setup.py, as part of the build process, does an
'import check' on the built extension. The import check in turn
dlopen()'s the shared library associated with the extension, which
isn't something that makes sense if that library was cross-compiled
for a different architecture.
This was noticed with an x86_64 target that was compiled with avx
support, because it caused 'illegal instruction' exceptions:
| /bin/sh: line 1: 14575 Illegal instruction ... -E ./setup.py -q build
For other target architectures, it doesn't necessarily cause illegal
instruction exceptions, but still fails. For example, on arm, the
failure pathway causes this warning:
*** WARNING: renaming "cmath" since importing it failed: .../cmath.so:
wrong ELF class: ELFCLASS32
This patch to setup.py and the associated recipe changes allow the
whole 'import check' logic to be skipped when cross-compiling.
Signed-off-by: Tom Zanussi <tom.zanussi@intel.com>
|
|
Rebased these patches to the newer code
modified: python-native/nohostlibs.patch
modified: python/01-use-proper-tools-for-cross-build.patch
modified: python/06-avoid_usr_lib_termcap_path_in_linking.patch
modified: python/06-ctypes-libffi-fix-configure.patch
modified: python/multilib.patch
Deleted these patches are the are now upstream
deleted: python/02-remove-test-for-cross.patch
deleted: python/security_issue_2254_fix.patch
Added this patch to python-native
new file: python-native/multilib.patch
Updated site config file for python
modified: ../../site/common-linux : add ac_cv_have_long_long_format for python
avoid this error in python:
Include/pyport.h:243:13: error: #error "This platform's pyconfig.h needs to define PY_FORMAT_LONG_LONG"
Updated default python version
modified: ../../conf/distro/include/default-versions.inc
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
By default cgi.py attempts to use /usr/local/bin/python as its
interpreter. However, on my Linux systems, including OE-Core,
python is installed into {bindir}. Adjust this one file based on
the comment at the top of the upstream file.
This resolves an issue where a runtime dependency discovered during
RPM packaging breaks the rootfs construction.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This Fixes bug: [Yocto #1254]
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1015
Issue #2254: Fix CGIHTTPServer information disclosure. Relative paths are
now collapsed within the url properly before looking in cgi_directories.
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
|