diff options
Diffstat (limited to 'poky/meta/recipes-devtools/python')
16 files changed, 158 insertions, 63 deletions
diff --git a/poky/meta/recipes-devtools/python/python-nose_1.3.7.bb b/poky/meta/recipes-devtools/python/python-nose_1.3.7.bb deleted file mode 100644 index fab609df9..000000000 --- a/poky/meta/recipes-devtools/python/python-nose_1.3.7.bb +++ /dev/null @@ -1,6 +0,0 @@ -inherit setuptools -require python-nose.inc - -do_install_append() { - rm ${D}${bindir}/nosetests -} diff --git a/poky/meta/recipes-devtools/python/python-scons-native_3.0.5.bb b/poky/meta/recipes-devtools/python/python-scons-native_3.0.5.bb deleted file mode 100644 index 68b63c935..000000000 --- a/poky/meta/recipes-devtools/python/python-scons-native_3.0.5.bb +++ /dev/null @@ -1,8 +0,0 @@ -require python-scons_${PV}.bb -inherit native pythonnative -DEPENDS = "python-native" -RDEPENDS_${PN} = "" - -do_install_append() { - create_wrapper ${D}${bindir}/scons SCONS_LIB_DIR='${STAGING_DIR_HOST}/${PYTHON_SITEPACKAGES_DIR}' PYTHONNOUSERSITE='1' -} diff --git a/poky/meta/recipes-devtools/python/python-scons_3.0.5.bb b/poky/meta/recipes-devtools/python/python-scons_3.0.5.bb deleted file mode 100644 index 939c15bcc..000000000 --- a/poky/meta/recipes-devtools/python/python-scons_3.0.5.bb +++ /dev/null @@ -1,24 +0,0 @@ -SUMMARY = "Software Construction tool (make/autotools replacement)" -SECTION = "devel/python" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=37bb53a08e6beaea0c90e7821d731284" - -SRC_URI = "${SOURCEFORGE_MIRROR}/scons/scons-${PV}.tar.gz" -SRC_URI[md5sum] = "9f9c163e8bd48cf8cd92f03e85ca6395" -SRC_URI[sha256sum] = "df676f23dc6d4bfa384fc389d95dcd21ab907e6349d4c848958ba4befb73c73e" - -S = "${WORKDIR}/scons-${PV}" - -UPSTREAM_CHECK_URI = "http://scons.org/pages/download.html" -UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar" - -inherit setuptools - -RDEPENDS_${PN} = "\ - python-fcntl \ - python-io \ - python-json \ - python-subprocess \ - python-shell \ - python-pprint \ - " diff --git a/poky/meta/recipes-devtools/python/python.inc b/poky/meta/recipes-devtools/python/python.inc index 8d0e90862..70481002b 100644 --- a/poky/meta/recipes-devtools/python/python.inc +++ b/poky/meta/recipes-devtools/python/python.inc @@ -13,6 +13,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://bpo-36216-cve-2019-9636.patch \ file://bpo-36216-cve-2019-9636-fix.patch \ file://CVE-2019-9740.patch \ + file://CVE-2018-20852.patch \ " SRC_URI[md5sum] = "30157d85a2c0479c09ea2cbe61f2aaf5" diff --git a/poky/meta/recipes-devtools/python/python/CVE-2018-20852.patch b/poky/meta/recipes-devtools/python/python/CVE-2018-20852.patch new file mode 100644 index 000000000..23c784a21 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python/CVE-2018-20852.patch @@ -0,0 +1,123 @@ +From 979daae300916adb399ab5b51410b6ebd0888f13 Mon Sep 17 00:00:00 2001 +From: Xtreak <tir.karthi@gmail.com> +Date: Sat, 15 Jun 2019 20:59:43 +0530 +Subject: [PATCH] [2.7] bpo-35121: prefix dot in domain for proper subdomain + validation (GH-10258) (GH-13426) + +This is a manual backport of ca7fe5063593958e5efdf90f068582837f07bd14 since 2.7 has `http.cookiejar` in `cookielib` + + +https://bugs.python.org/issue35121 +CVE: CVE-2018-20852 +Upstream-Status: Backport [https://github.com/python/cpython/pull/13426] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + Lib/cookielib.py | 13 ++++++-- + Lib/test/test_cookielib.py | 30 +++++++++++++++++++ + .../2019-05-20-00-35-12.bpo-35121.RRi-HU.rst | 4 +++ + 3 files changed, 45 insertions(+), 2 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2019-05-20-00-35-12.bpo-35121.RRi-HU.rst + +diff --git a/Lib/cookielib.py b/Lib/cookielib.py +index 2dd7c48728e0..0b471a42f296 100644 +--- a/Lib/cookielib.py ++++ b/Lib/cookielib.py +@@ -1139,6 +1139,11 @@ def return_ok_domain(self, cookie, request): + req_host, erhn = eff_request_host(request) + domain = cookie.domain + ++ if domain and not domain.startswith("."): ++ dotdomain = "." + domain ++ else: ++ dotdomain = domain ++ + # strict check of non-domain cookies: Mozilla does this, MSIE5 doesn't + if (cookie.version == 0 and + (self.strict_ns_domain & self.DomainStrictNonDomain) and +@@ -1151,7 +1156,7 @@ def return_ok_domain(self, cookie, request): + _debug(" effective request-host name %s does not domain-match " + "RFC 2965 cookie domain %s", erhn, domain) + return False +- if cookie.version == 0 and not ("."+erhn).endswith(domain): ++ if cookie.version == 0 and not ("."+erhn).endswith(dotdomain): + _debug(" request-host %s does not match Netscape cookie domain " + "%s", req_host, domain) + return False +@@ -1165,7 +1170,11 @@ def domain_return_ok(self, domain, request): + req_host = "."+req_host + if not erhn.startswith("."): + erhn = "."+erhn +- if not (req_host.endswith(domain) or erhn.endswith(domain)): ++ if domain and not domain.startswith("."): ++ dotdomain = "." + domain ++ else: ++ dotdomain = domain ++ if not (req_host.endswith(dotdomain) or erhn.endswith(dotdomain)): + #_debug(" request domain %s does not match cookie domain %s", + # req_host, domain) + return False +diff --git a/Lib/test/test_cookielib.py b/Lib/test/test_cookielib.py +index f2dd9727d137..7f7ff614d61d 100644 +--- a/Lib/test/test_cookielib.py ++++ b/Lib/test/test_cookielib.py +@@ -368,6 +368,7 @@ def test_domain_return_ok(self): + ("http://foo.bar.com/", ".foo.bar.com", True), + ("http://foo.bar.com/", "foo.bar.com", True), + ("http://foo.bar.com/", ".bar.com", True), ++ ("http://foo.bar.com/", "bar.com", True), + ("http://foo.bar.com/", "com", True), + ("http://foo.com/", "rhubarb.foo.com", False), + ("http://foo.com/", ".foo.com", True), +@@ -378,6 +379,8 @@ def test_domain_return_ok(self): + ("http://foo/", "foo", True), + ("http://foo/", "foo.local", True), + ("http://foo/", ".local", True), ++ ("http://barfoo.com", ".foo.com", False), ++ ("http://barfoo.com", "foo.com", False), + ]: + request = urllib2.Request(url) + r = pol.domain_return_ok(domain, request) +@@ -938,6 +941,33 @@ def test_domain_block(self): + c.add_cookie_header(req) + self.assertFalse(req.has_header("Cookie")) + ++ c.clear() ++ ++ pol.set_blocked_domains([]) ++ req = Request("http://acme.com/") ++ res = FakeResponse(headers, "http://acme.com/") ++ cookies = c.make_cookies(res, req) ++ c.extract_cookies(res, req) ++ self.assertEqual(len(c), 1) ++ ++ req = Request("http://acme.com/") ++ c.add_cookie_header(req) ++ self.assertTrue(req.has_header("Cookie")) ++ ++ req = Request("http://badacme.com/") ++ c.add_cookie_header(req) ++ self.assertFalse(pol.return_ok(cookies[0], req)) ++ self.assertFalse(req.has_header("Cookie")) ++ ++ p = pol.set_blocked_domains(["acme.com"]) ++ req = Request("http://acme.com/") ++ c.add_cookie_header(req) ++ self.assertFalse(req.has_header("Cookie")) ++ ++ req = Request("http://badacme.com/") ++ c.add_cookie_header(req) ++ self.assertFalse(req.has_header("Cookie")) ++ + def test_secure(self): + from cookielib import CookieJar, DefaultCookiePolicy + +diff --git a/Misc/NEWS.d/next/Security/2019-05-20-00-35-12.bpo-35121.RRi-HU.rst b/Misc/NEWS.d/next/Security/2019-05-20-00-35-12.bpo-35121.RRi-HU.rst +new file mode 100644 +index 000000000000..77251806163b +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2019-05-20-00-35-12.bpo-35121.RRi-HU.rst +@@ -0,0 +1,4 @@ ++Don't send cookies of domain A without Domain attribute to domain B when ++domain A is a suffix match of domain B while using a cookiejar with ++:class:`cookielib.DefaultCookiePolicy` policy. Patch by Karthikeyan ++Singaravelan. diff --git a/poky/meta/recipes-devtools/python/python/CVE-2019-9740.patch b/poky/meta/recipes-devtools/python/python/CVE-2019-9740.patch index 066ac6829..95f43e038 100644 --- a/poky/meta/recipes-devtools/python/python/CVE-2019-9740.patch +++ b/poky/meta/recipes-devtools/python/python/CVE-2019-9740.patch @@ -31,6 +31,7 @@ Notes on backport to Python 2.7: Upstream-Status: Backport CVE: CVE-2019-9740 +CVE: CVE-2019-9947 Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> --- Lib/httplib.py | 16 ++++++ diff --git a/poky/meta/recipes-devtools/python/python3-dbus_1.2.8.bb b/poky/meta/recipes-devtools/python/python3-dbus_1.2.8.bb index 923da3c00..2fb1eae96 100644 --- a/poky/meta/recipes-devtools/python/python3-dbus_1.2.8.bb +++ b/poky/meta/recipes-devtools/python/python3-dbus_1.2.8.bb @@ -22,3 +22,5 @@ EXTRA_OECONF += "--disable-documentation" RDEPENDS_${PN} = "python3-io python3-logging python3-stringold python3-threading python3-xml" FILES_${PN}-dev += "${libdir}/pkgconfig" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-git_2.1.11.bb b/poky/meta/recipes-devtools/python/python3-git_2.1.11.bb deleted file mode 100644 index ac320fa56..000000000 --- a/poky/meta/recipes-devtools/python/python3-git_2.1.11.bb +++ /dev/null @@ -1,2 +0,0 @@ -require python-git.inc -inherit setuptools3 diff --git a/poky/meta/recipes-devtools/python/python-git.inc b/poky/meta/recipes-devtools/python/python3-git_3.0.0.bb index f973e9f42..b6c837cdf 100644 --- a/poky/meta/recipes-devtools/python/python-git.inc +++ b/poky/meta/recipes-devtools/python/python3-git_3.0.0.bb @@ -10,12 +10,12 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=8b8d26c37c1d5a04f9b0186edbebc183" PYPI_PACKAGE = "GitPython" -inherit pypi +inherit pypi setuptools3 -SRC_URI[md5sum] = "cee43a39a1468084d49d1c49fb675204" -SRC_URI[sha256sum] = "8237dc5bfd6f1366abeee5624111b9d6879393d84745a507de0fda86043b65a8" +SRC_URI[md5sum] = "9412ae9665fd29328f2afc6df887ae81" +SRC_URI[sha256sum] = "629867ebf609cef21bb9d849039e281e25963fb7d714a2f6bacc1ecce4800293" -DEPENDS = "${PYTHON_PN}-gitdb" +DEPENDS += " ${PYTHON_PN}-gitdb" RDEPENDS_${PN} += " \ ${PYTHON_PN}-datetime \ @@ -29,4 +29,5 @@ RDEPENDS_${PN} += " \ ${PYTHON_PN}-unixadmin \ git \ " + BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-mako_1.0.14.bb b/poky/meta/recipes-devtools/python/python3-mako_1.1.0.bb index d2f5188cc..b139e5ab0 100644 --- a/poky/meta/recipes-devtools/python/python3-mako_1.0.14.bb +++ b/poky/meta/recipes-devtools/python/python3-mako_1.1.0.bb @@ -8,8 +8,8 @@ PYPI_PACKAGE = "Mako" inherit pypi setuptools3 -SRC_URI[md5sum] = "e162578170331f0cc6a4adb063c7c0f6" -SRC_URI[sha256sum] = "f5a642d8c5699269ab62a68b296ff990767eb120f51e2e8f3d6afb16bdb57f4b" +SRC_URI[md5sum] = "6c3f2da0b74af529a4c4a537d0848bf2" +SRC_URI[sha256sum] = "a36919599a9b7dc5d86a7a8988f23a9a3a3d083070023bab23d64f7f1d1e0a4b" RDEPENDS_${PN} = "${PYTHON_PN}-html \ ${PYTHON_PN}-netclient \ diff --git a/poky/meta/recipes-devtools/python/python3-pbr_5.4.1.bb b/poky/meta/recipes-devtools/python/python3-pbr_5.4.1.bb deleted file mode 100644 index 338ac8b70..000000000 --- a/poky/meta/recipes-devtools/python/python3-pbr_5.4.1.bb +++ /dev/null @@ -1,5 +0,0 @@ -inherit setuptools3 -require python-pbr.inc - -SRC_URI[md5sum] = "ab6e26026ab306989a636ec2d50a435a" -SRC_URI[sha256sum] = "0ca44dc9fd3b04a22297c2a91082d8df2894862e8f4c86a49dac69eae9e85ca0" diff --git a/poky/meta/recipes-devtools/python/python3-pbr_5.4.2.bb b/poky/meta/recipes-devtools/python/python3-pbr_5.4.2.bb new file mode 100644 index 000000000..d59e744e6 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-pbr_5.4.2.bb @@ -0,0 +1,5 @@ +inherit setuptools3 +require python-pbr.inc + +SRC_URI[md5sum] = "ea90e1118a0132da752d45e68d10b2b8" +SRC_URI[sha256sum] = "9b321c204a88d8ab5082699469f52cc94c5da45c51f114113d01b3d993c24cdf" diff --git a/poky/meta/recipes-devtools/python/python3-pip_19.1.1.bb b/poky/meta/recipes-devtools/python/python3-pip_19.2.1.bb index baf32f472..ebf1f25c1 100644 --- a/poky/meta/recipes-devtools/python/python3-pip_19.1.1.bb +++ b/poky/meta/recipes-devtools/python/python3-pip_19.2.1.bb @@ -6,8 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8ba06d529c955048e5ddd7c45459eb2e" DEPENDS += "python3 python3-setuptools-native" -SRC_URI[md5sum] = "4fb98a060f21c731d6743b90a714fc73" -SRC_URI[sha256sum] = "44d3d7d3d30a1eb65c7e5ff1173cdf8f7467850605ac7cc3707b6064bddd0958" +SRC_URI[md5sum] = "e9ac3e030e88b6c076a20ab371a30742" +SRC_URI[sha256sum] = "258d702483dd749400aec59c23d638a5b2249ae28a0f478b6cab12ad45681a80" inherit pypi distutils3 diff --git a/poky/meta/recipes-devtools/python/python3-pygobject_3.32.2.bb b/poky/meta/recipes-devtools/python/python3-pygobject_3.32.2.bb index 05688be60..476957e88 100644 --- a/poky/meta/recipes-devtools/python/python3-pygobject_3.32.2.bb +++ b/poky/meta/recipes-devtools/python/python3-pygobject_3.32.2.bb @@ -23,11 +23,11 @@ S = "${WORKDIR}/${SRCNAME}-${PV}" PACKAGECONFIG ??= "${@bb.utils.contains_any('DISTRO_FEATURES', [ 'directfb', 'wayland', 'x11' ], 'cairo', '', d)}" +RDEPENDS_${PN} += "python3-pkgutil" + # python3-pycairo is checked on configuration -> DEPENDS # we don't link against python3-pycairo -> RDEPENDS PACKAGECONFIG[cairo] = "-Dpycairo=true,-Dpycairo=false, cairo python3-pycairo, python3-pycairo" -RDEPENDS_${PN} += "python3-setuptools" - BBCLASSEXTEND = "native" PACKAGECONFIG_class-native = "" diff --git a/poky/meta/recipes-devtools/python/python3/python3-manifest.json b/poky/meta/recipes-devtools/python/python3/python3-manifest.json index 0803ac003..ec28c2dbb 100644 --- a/poky/meta/recipes-devtools/python/python3/python3-manifest.json +++ b/poky/meta/recipes-devtools/python/python3/python3-manifest.json @@ -512,17 +512,15 @@ "${libdir}/python${PYTHON_MAJMIN}/__pycache__/difflib.*.pyc" ] }, - "distutils-staticdev": { - "cached": [ - "${libdir}/python${PYTHON_MAJMIN}/config/__pycache__/lib*.a" - ], + "distutils-windows": { + "cached": [], "files": [ - "${libdir}/python${PYTHON_MAJMIN}/config/lib*.a" + "${libdir}/python${PYTHON_MAJMIN}/distutils/command/wininst-*.exe" ], "rdepends": [ "distutils" ], - "summary": "Python distribution utilities (static libraries)" + "summary": "Python distribution utilities (Windows installer stubs)" }, "distutils": { "summary": "Python Distribution Utilities", @@ -801,6 +799,9 @@ "xml", "xmlrpc" ], + "rrecommends": [ + "distutils-windows" + ], "summary": "All Python modules" }, "multiprocessing": { diff --git a/poky/meta/recipes-devtools/python/python3_3.7.4.bb b/poky/meta/recipes-devtools/python/python3_3.7.4.bb index a63abfd6c..59d702498 100644 --- a/poky/meta/recipes-devtools/python/python3_3.7.4.bb +++ b/poky/meta/recipes-devtools/python/python3_3.7.4.bb @@ -229,7 +229,7 @@ python(){ newpackages=[] for key in python_manifest: - pypackage= pn + '-' + key + pypackage = pn + '-' + key if pypackage not in packages: # We need to prepend, otherwise python-misc gets everything @@ -249,8 +249,14 @@ python(){ for value in python_manifest[key]['rdepends']: # Make it work with or without $PN if '${PN}' in value: - value=value.split('-')[1] + value=value.split('-', 1)[1] d.appendVar('RDEPENDS_' + pypackage, ' ' + pn + '-' + value) + + for value in python_manifest[key].get('rrecommends', ()): + if '${PN}' in value: + value=value.split('-', 1)[1] + d.appendVar('RRECOMMENDS_' + pypackage, ' ' + pn + '-' + value) + d.setVar('SUMMARY_' + pypackage, python_manifest[key]['summary']) # Prepending so to avoid python-misc getting everything |