diff options
Diffstat (limited to 'poky/meta/recipes-devtools/python')
-rw-r--r-- | poky/meta/recipes-devtools/python/python-smmap.inc | 2 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3-dbusmock_0.22.0.bb (renamed from poky/meta/recipes-devtools/python/python3-dbusmock_0.19.bb) | 2 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3-git_3.1.12.bb (renamed from poky/meta/recipes-devtools/python/python3-git_3.1.11.bb) | 2 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3-hypothesis_6.0.2.bb (renamed from poky/meta/recipes-devtools/python/python3-hypothesis_5.41.4.bb) | 4 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3-importlib-metadata_3.4.0.bb (renamed from poky/meta/recipes-devtools/python/python3-importlib-metadata_3.1.0.bb) | 8 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3-mako_1.1.4.bb (renamed from poky/meta/recipes-devtools/python/python3-mako_1.1.3.bb) | 4 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3-packaging_20.9.bb (renamed from poky/meta/recipes-devtools/python/python3-packaging_20.4.bb) | 3 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3-py_1.10.0.bb (renamed from poky/meta/recipes-devtools/python/python3-py_1.9.0.bb) | 3 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3-pygments_2.7.4.bb (renamed from poky/meta/recipes-devtools/python/python3-pygments_2.7.2.bb) | 4 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3-pytest/0001-setup.py-remove-the-setup_requires-for-setuptools-scm.patch | 17 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3-pytest_6.2.1.bb (renamed from poky/meta/recipes-devtools/python/python3-pytest_6.1.2.bb) | 2 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3-setuptools-scm_5.0.1.bb (renamed from poky/meta/recipes-devtools/python/python3-setuptools-scm_4.1.2.bb) | 5 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3-setuptools_52.0.0.bb (renamed from poky/meta/recipes-devtools/python/python3-setuptools_50.3.2.bb) | 16 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3-smmap_4.0.0.bb (renamed from poky/meta/recipes-devtools/python/python3-smmap_3.0.4.bb) | 0 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3/CVE-2020-27619.patch | 69 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3/CVE-2021-3177.patch | 191 | ||||
-rw-r--r-- | poky/meta/recipes-devtools/python/python3_3.9.1.bb (renamed from poky/meta/recipes-devtools/python/python3_3.9.0.bb) | 18 |
17 files changed, 230 insertions, 120 deletions
diff --git a/poky/meta/recipes-devtools/python/python-smmap.inc b/poky/meta/recipes-devtools/python/python-smmap.inc index 7703722bc..2a2ac76f2 100644 --- a/poky/meta/recipes-devtools/python/python-smmap.inc +++ b/poky/meta/recipes-devtools/python/python-smmap.inc @@ -11,7 +11,7 @@ inherit pypi PYPI_PACKAGE = "smmap" -SRC_URI[sha256sum] = "9c98bbd1f9786d22f14b3d4126894d56befb835ec90cef151af566c7e19b5d24" +SRC_URI[sha256sum] = "7e65386bd122d45405ddf795637b7f7d2b532e7e401d46bbe3fb49b9986d5182" RDEPENDS_${PN} += "${PYTHON_PN}-codecs \ ${PYTHON_PN}-mmap \ diff --git a/poky/meta/recipes-devtools/python/python3-dbusmock_0.19.bb b/poky/meta/recipes-devtools/python/python3-dbusmock_0.22.0.bb index d297dbc1d..b1feee841 100644 --- a/poky/meta/recipes-devtools/python/python3-dbusmock_0.19.bb +++ b/poky/meta/recipes-devtools/python/python3-dbusmock_0.22.0.bb @@ -3,7 +3,7 @@ SUMMARY = "With this program/Python library you can easily create mock objects o LICENSE = "GPL-3.0" LIC_FILES_CHKSUM = "file://COPYING;md5=e6a600fd5e1d9cbde2d983680233ad02" -SRC_URI[sha256sum] = "497f30eed2fcd5deaa2633b9622e4e99af4bdfba4e972b350ba630bac6fc86c2" +SRC_URI[sha256sum] = "2191919cc411fb94953b36e46bfd55ee5ad4162432ee0d0892bc2c4770ff5d7c" PYPI_PACKAGE = "python-dbusmock" diff --git a/poky/meta/recipes-devtools/python/python3-git_3.1.11.bb b/poky/meta/recipes-devtools/python/python3-git_3.1.12.bb index 7c636572f..c0c460540 100644 --- a/poky/meta/recipes-devtools/python/python3-git_3.1.11.bb +++ b/poky/meta/recipes-devtools/python/python3-git_3.1.12.bb @@ -12,7 +12,7 @@ PYPI_PACKAGE = "GitPython" inherit pypi setuptools3 -SRC_URI[sha256sum] = "befa4d101f91bad1b632df4308ec64555db684c360bd7d2130b4807d49ce86b8" +SRC_URI[sha256sum] = "42dbefd8d9e2576c496ed0059f3103dcef7125b9ce16f9d5f9c834aed44a1dac" DEPENDS += " ${PYTHON_PN}-gitdb" diff --git a/poky/meta/recipes-devtools/python/python3-hypothesis_5.41.4.bb b/poky/meta/recipes-devtools/python/python3-hypothesis_6.0.2.bb index 416acc8d7..fd163401a 100644 --- a/poky/meta/recipes-devtools/python/python3-hypothesis_5.41.4.bb +++ b/poky/meta/recipes-devtools/python/python3-hypothesis_6.0.2.bb @@ -7,8 +7,8 @@ PYPI_PACKAGE = "hypothesis" inherit pypi setuptools3 -SRC_URI[sha256sum] = "7ef22dd2ae4a906ef1e237dcd6806aa7f97e30c37f924a0e6d595f4639350b53" +SRC_URI[sha256sum] = "ae616551c8ebe897454e2de5183e325f6a109f70d45b7380154ed974ce8d4772" -RDEPENDS_${PN} += "python3-core" +RDEPENDS_${PN} += "python3-attrs python3-core python3-sortedcontainers" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-importlib-metadata_3.1.0.bb b/poky/meta/recipes-devtools/python/python3-importlib-metadata_3.4.0.bb index d89621bed..81f24e55c 100644 --- a/poky/meta/recipes-devtools/python/python3-importlib-metadata_3.1.0.bb +++ b/poky/meta/recipes-devtools/python/python3-importlib-metadata_3.4.0.bb @@ -5,12 +5,14 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e88ae122f3925d8bde8319060f2ddb8e" inherit pypi setuptools3 -SRC_URI = "https://files.pythonhosted.org/packages/7d/d4/dbc58eed92be61bae65a7d80a7604d35bf6ded3e3c53c14f2d45b4a28831/importlib_metadata-3.1.0.tar.gz" -SRC_URI[sha256sum] = "d9b8a46a0885337627a6430db287176970fff18ad421becec1d64cfc763c2099" +PYPI_PACKAGE = "importlib_metadata" +UPSTREAM_CHECK_REGEX = "/importlib-metadata/(?P<pver>(\d+[\.\-_]*)+)/" + +SRC_URI[sha256sum] = "fa5daa4477a7414ae34e95942e4dd07f62adf589143c875c133c1e53c4eff38d" S = "${WORKDIR}/importlib_metadata-${PV}" -DEPENDS += "${PYTHON_PN}-setuptools-scm-native" +DEPENDS += "${PYTHON_PN}-setuptools-scm-native ${PYTHON_PN}-toml-native" RDEPENDS_${PN} += "${PYTHON_PN}-zipp ${PYTHON_PN}-pathlib2" RDEPENDS_${PN}_append_class-target = " python3-misc" RDEPENDS_${PN}_append_class-nativesdk = " python3-misc" diff --git a/poky/meta/recipes-devtools/python/python3-mako_1.1.3.bb b/poky/meta/recipes-devtools/python/python3-mako_1.1.4.bb index cda4e9922..1645f37da 100644 --- a/poky/meta/recipes-devtools/python/python3-mako_1.1.3.bb +++ b/poky/meta/recipes-devtools/python/python3-mako_1.1.4.bb @@ -8,13 +8,11 @@ PYPI_PACKAGE = "Mako" inherit pypi setuptools3 -SRC_URI[sha256sum] = "8195c8c1400ceb53496064314c6736719c6f25e7479cd24c77be3d9361cddc27" +SRC_URI[sha256sum] = "17831f0b7087c313c0ffae2bcbbd3c1d5ba9eeac9c38f2eb7b50e8c99fe9d5ab" RDEPENDS_${PN} = "${PYTHON_PN}-html \ ${PYTHON_PN}-netclient \ ${PYTHON_PN}-threading \ " -RDEPENDS_${PN}_class-native = "" - BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-packaging_20.4.bb b/poky/meta/recipes-devtools/python/python3-packaging_20.9.bb index c75707e69..92cf6a25f 100644 --- a/poky/meta/recipes-devtools/python/python3-packaging_20.4.bb +++ b/poky/meta/recipes-devtools/python/python3-packaging_20.9.bb @@ -3,8 +3,7 @@ HOMEPAGE = "https://github.com/pypa/packaging" LICENSE = "Apache-2.0 & BSD" LIC_FILES_CHKSUM = "file://LICENSE;md5=faadaedca9251a90b205c9167578ce91" -SRC_URI[md5sum] = "3208229da731c5d8e29d4d8941e75005" -SRC_URI[sha256sum] = "4357f74f47b9c12db93624a82154e9b120fa8293699949152b22065d556079f8" +SRC_URI[sha256sum] = "5b327ac1320dc863dca72f4514ecc086f31186744b84a230374cc1fd776feae5" inherit pypi setuptools3 diff --git a/poky/meta/recipes-devtools/python/python3-py_1.9.0.bb b/poky/meta/recipes-devtools/python/python3-py_1.10.0.bb index 794ec2a87..4e16ad174 100644 --- a/poky/meta/recipes-devtools/python/python3-py_1.9.0.bb +++ b/poky/meta/recipes-devtools/python/python3-py_1.10.0.bb @@ -3,8 +3,7 @@ HOMEPAGE = "http://py.readthedocs.io/" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=a6bb0320b04a0a503f12f69fea479de9" -SRC_URI[md5sum] = "b80db4e61eef724f49feb4d20b649e62" -SRC_URI[sha256sum] = "9ca6883ce56b4e8da7e79ac18787889fa5206c79dcc67fb065376cd2fe03f342" +SRC_URI[sha256sum] = "21b81bda15b66ef5e1a777a21c4dcd9c20ad3efd0b3f817e7a809035269e1bd3" DEPENDS += "${PYTHON_PN}-setuptools-scm-native" diff --git a/poky/meta/recipes-devtools/python/python3-pygments_2.7.2.bb b/poky/meta/recipes-devtools/python/python3-pygments_2.7.4.bb index 00e5dc6e3..24bbaaf38 100644 --- a/poky/meta/recipes-devtools/python/python3-pygments_2.7.2.bb +++ b/poky/meta/recipes-devtools/python/python3-pygments_2.7.4.bb @@ -2,10 +2,10 @@ SUMMARY = "Pygments is a syntax highlighting package written in Python." DESCRIPTION = "Pygments is a syntax highlighting package written in Python." HOMEPAGE = "http://pygments.org/" LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=1f5d0c4cf38dfc8122c00d6f1a97a0cc" +LIC_FILES_CHKSUM = "file://LICENSE;md5=98419e351433ac106a24e3ad435930bc" inherit setuptools3 -SRC_URI[sha256sum] = "381985fcc551eb9d37c52088a32914e00517e57f4a21609f48141ba08e193fa0" +SRC_URI[sha256sum] = "df49d09b498e83c1a73128295860250b0b7edd4c723a32e9bc0d295c7c2ec337" DEPENDS += "\ ${PYTHON_PN} \ diff --git a/poky/meta/recipes-devtools/python/python3-pytest/0001-setup.py-remove-the-setup_requires-for-setuptools-scm.patch b/poky/meta/recipes-devtools/python/python3-pytest/0001-setup.py-remove-the-setup_requires-for-setuptools-scm.patch index 8c5c17247..1abd531c6 100644 --- a/poky/meta/recipes-devtools/python/python3-pytest/0001-setup.py-remove-the-setup_requires-for-setuptools-scm.patch +++ b/poky/meta/recipes-devtools/python/python3-pytest/0001-setup.py-remove-the-setup_requires-for-setuptools-scm.patch @@ -1,8 +1,7 @@ -From ff784f4803ab33f5e3389e40d038d52d1e211843 Mon Sep 17 00:00:00 2001 +From ead04f2da75efeca3369feff6161ea4a8baecbc9 Mon Sep 17 00:00:00 2001 From: Yuan Chao <yuanc.fnst@cn.fujitsu.com> Date: Wed, 28 Aug 2019 16:12:27 +0900 -Subject: [PATCH] [PATCH] setup.py: remove the setup_requires for - setuptools-scm +Subject: [PATCH] setup.py: remove the setup_requires for setuptools-scm The setup_requires argument forces the download of the egg file for setuptools-scm during the do_compile phase. This download is incompatible with the typical fetch @@ -18,22 +17,20 @@ Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com> Rebase for pytest 6.1.0. Signed-off-by: Kai Kang <kai.kang@windriver.com> + --- setup.cfg | 1 - 1 file changed, 1 deletion(-) diff --git a/setup.cfg b/setup.cfg -index 60f6564..c4d1471 100644 +index 6ed0792..0137090 100644 --- a/setup.cfg +++ b/setup.cfg -@@ -55,7 +55,6 @@ package_dir = +@@ -53,7 +53,6 @@ package_dir = =src setup_requires = - setuptools>=40.0 -- setuptools-scm + setuptools>=>=42.0 +- setuptools-scm>=3.4 zip_safe = no [options.entry_points] --- -2.17.1 - diff --git a/poky/meta/recipes-devtools/python/python3-pytest_6.1.2.bb b/poky/meta/recipes-devtools/python/python3-pytest_6.2.1.bb index 6fc3b6f32..6843b4da2 100644 --- a/poky/meta/recipes-devtools/python/python3-pytest_6.1.2.bb +++ b/poky/meta/recipes-devtools/python/python3-pytest_6.2.1.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=81eb9f71d006c6b268cf4388e3c98f7b" SRC_URI_append = " file://0001-setup.py-remove-the-setup_requires-for-setuptools-scm.patch " -SRC_URI[sha256sum] = "c0a7e94a8cdbc5422a51ccdad8e6f1024795939cc89159a0ae7f0b316ad3823e" +SRC_URI[sha256sum] = "66e419b1899bc27346cb2c993e12c5e5e8daba9073c1fbce33b9807abc95c306" inherit update-alternatives pypi setuptools3 diff --git a/poky/meta/recipes-devtools/python/python3-setuptools-scm_4.1.2.bb b/poky/meta/recipes-devtools/python/python3-setuptools-scm_5.0.1.bb index 48bad2b99..406404ec6 100644 --- a/poky/meta/recipes-devtools/python/python3-setuptools-scm_4.1.2.bb +++ b/poky/meta/recipes-devtools/python/python3-setuptools-scm_5.0.1.bb @@ -2,8 +2,7 @@ SUMMARY = "the blessed package to manage your versions by scm tags" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://PKG-INFO;beginline=8;endline=8;md5=8227180126797a0148f94f483f3e1489" -SRC_URI[md5sum] = "e6c9fad17c90516d640868eb833d5150" -SRC_URI[sha256sum] = "a8994582e716ec690f33fec70cca0f85bd23ec974e3f783233e4879090a7faa8" +SRC_URI[sha256sum] = "c85b6b46d0edd40d2301038cdea96bb6adc14d62ef943e75afb08b3e7bcf142a" PYPI_PACKAGE = "setuptools_scm" inherit pypi setuptools3 @@ -15,9 +14,11 @@ RDEPENDS_${PN} = "\ ${PYTHON_PN}-json \ ${PYTHON_PN}-py \ ${PYTHON_PN}-setuptools \ + ${PYTHON_PN}-toml \ " RDEPENDS_${PN}_class-native = "\ ${PYTHON_PN}-setuptools-native \ + ${PYTHON_PN}-toml-native \ " BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-setuptools_50.3.2.bb b/poky/meta/recipes-devtools/python/python3-setuptools_52.0.0.bb index 4480d5677..118f41665 100644 --- a/poky/meta/recipes-devtools/python/python3-setuptools_50.3.2.bb +++ b/poky/meta/recipes-devtools/python/python3-setuptools_52.0.0.bb @@ -2,9 +2,7 @@ SUMMARY = "Download, build, install, upgrade, and uninstall Python packages" HOMEPAGE = "https://pypi.org/project/setuptools" SECTION = "devel/python" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=19;md5=9a33897f1bca1160d7aad3835152e158" - -PYPI_PACKAGE_EXT = "zip" +LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=19;md5=7a7126e068206290f3fe9f8d6c713ea6" inherit pypi setuptools3 @@ -12,7 +10,7 @@ SRC_URI_append_class-native = " file://0001-conditionally-do-not-fetch-code-by-e SRC_URI += "file://0001-change-shebang-to-python3.patch" -SRC_URI[sha256sum] = "ed0519d27a243843b05d82a5e9d01b0b083d9934eaa3d02779a23da18077bd3c" +SRC_URI[sha256sum] = "fb3a1ee622509550dbf1d419f241296169d7f09cb1eb5b1736f2f10965932b96" DEPENDS += "${PYTHON_PN}" @@ -28,6 +26,7 @@ RDEPENDS_${PN} = "\ ${PYTHON_PN}-netserver \ ${PYTHON_PN}-numbers \ ${PYTHON_PN}-pickle \ + ${PYTHON_PN}-pkg-resources \ ${PYTHON_PN}-pkgutil \ ${PYTHON_PN}-plistlib \ ${PYTHON_PN}-shell \ @@ -41,10 +40,6 @@ do_install_prepend() { install -d ${D}${PYTHON_SITEPACKAGES_DIR} } -do_install_append() { - mv ${D}${bindir}/easy_install ${D}${bindir}/easy3_install -} - BBCLASSEXTEND = "native nativesdk" # The pkg-resources module can be used by itself, without the package downloader @@ -58,8 +53,3 @@ RDEPENDS_${PYTHON_PN}-pkg-resources = "\ ${PYTHON_PN}-plistlib \ ${PYTHON_PN}-pprint \ " -# Due to the way OE-Core implemented native recipes, the native class cannot -# have a dependency on something that is not a recipe name. Work around that by -# manually setting RPROVIDES. -RDEPENDS_${PN}_append = " ${PYTHON_PN}-pkg-resources" -RPROVIDES_append_class-native = " ${PYTHON_PN}-pkg-resources-native" diff --git a/poky/meta/recipes-devtools/python/python3-smmap_3.0.4.bb b/poky/meta/recipes-devtools/python/python3-smmap_4.0.0.bb index 5f0f341d6..5f0f341d6 100644 --- a/poky/meta/recipes-devtools/python/python3-smmap_3.0.4.bb +++ b/poky/meta/recipes-devtools/python/python3-smmap_4.0.0.bb diff --git a/poky/meta/recipes-devtools/python/python3/CVE-2020-27619.patch b/poky/meta/recipes-devtools/python/python3/CVE-2020-27619.patch deleted file mode 100644 index b2053e7a4..000000000 --- a/poky/meta/recipes-devtools/python/python3/CVE-2020-27619.patch +++ /dev/null @@ -1,69 +0,0 @@ -From b664a1df4ee71d3760ab937653b10997081b1794 Mon Sep 17 00:00:00 2001 -From: "Miss Skeleton (bot)" <31488909+miss-islington@users.noreply.github.com> -Date: Tue, 6 Oct 2020 05:37:36 -0700 -Subject: [PATCH] bpo-41944: No longer call eval() on content received via HTTP - in the CJK codec tests (GH-22566) - -(cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8) - -Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> - -Upstream-Status: Backport [https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794] -CVE: CVE-2020-27619 -Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> - ---- - Lib/test/multibytecodec_support.py | 22 +++++++------------ - .../2020-10-05-17-43-46.bpo-41944.rf1dYb.rst | 1 + - 2 files changed, 9 insertions(+), 14 deletions(-) - create mode 100644 Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst - -diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py -index cca8af67d6d1d..f76c0153f5ecf 100644 ---- a/Lib/test/multibytecodec_support.py -+++ b/Lib/test/multibytecodec_support.py -@@ -305,29 +305,23 @@ def test_mapping_file(self): - self._test_mapping_file_plain() - - def _test_mapping_file_plain(self): -- unichrs = lambda s: ''.join(map(chr, map(eval, s.split('+')))) -+ def unichrs(s): -+ return ''.join(chr(int(x, 16)) for x in s.split('+')) -+ - urt_wa = {} - - with self.open_mapping_file() as f: - for line in f: - if not line: - break -- data = line.split('#')[0].strip().split() -+ data = line.split('#')[0].split() - if len(data) != 2: - continue - -- csetval = eval(data[0]) -- if csetval <= 0x7F: -- csetch = bytes([csetval & 0xff]) -- elif csetval >= 0x1000000: -- csetch = bytes([(csetval >> 24), ((csetval >> 16) & 0xff), -- ((csetval >> 8) & 0xff), (csetval & 0xff)]) -- elif csetval >= 0x10000: -- csetch = bytes([(csetval >> 16), ((csetval >> 8) & 0xff), -- (csetval & 0xff)]) -- elif csetval >= 0x100: -- csetch = bytes([(csetval >> 8), (csetval & 0xff)]) -- else: -+ if data[0][:2] != '0x': -+ self.fail(f"Invalid line: {line!r}") -+ csetch = bytes.fromhex(data[0][2:]) -+ if len(csetch) == 1 and 0x80 <= csetch[0]: - continue - - unich = unichrs(data[1]) -diff --git a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst -new file mode 100644 -index 0000000000000..4f9782f1c85af ---- /dev/null -+++ b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst -@@ -0,0 +1 @@ -+Tests for CJK codecs no longer call ``eval()`` on content received via HTTP. diff --git a/poky/meta/recipes-devtools/python/python3/CVE-2021-3177.patch b/poky/meta/recipes-devtools/python/python3/CVE-2021-3177.patch new file mode 100644 index 000000000..a48207162 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3/CVE-2021-3177.patch @@ -0,0 +1,191 @@ +From c347cbe694743cee120457aa6626712f7799a932 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 18 Jan 2021 13:29:31 -0800 +Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode + formatting in ctypes param reprs. (GH-24247) + +(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7) + +Co-authored-by: Benjamin Peterson <benjamin@python.org> + +Co-authored-by: Benjamin Peterson <benjamin@python.org> + +CVE: CVE-2021-3177 +Upstream-Status: Backport [https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++ + .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 + + Modules/_ctypes/callproc.c | 51 +++++++------------ + 3 files changed, 64 insertions(+), 32 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst + +diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py +index e4c25fd880cef..531894fdec838 100644 +--- a/Lib/ctypes/test/test_parameters.py ++++ b/Lib/ctypes/test/test_parameters.py +@@ -201,6 +201,49 @@ def __dict__(self): + with self.assertRaises(ZeroDivisionError): + WorseStruct().__setstate__({}, b'foo') + ++ def test_parameter_repr(self): ++ from ctypes import ( ++ c_bool, ++ c_char, ++ c_wchar, ++ c_byte, ++ c_ubyte, ++ c_short, ++ c_ushort, ++ c_int, ++ c_uint, ++ c_long, ++ c_ulong, ++ c_longlong, ++ c_ulonglong, ++ c_float, ++ c_double, ++ c_longdouble, ++ c_char_p, ++ c_wchar_p, ++ c_void_p, ++ ) ++ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' at 0x[A-Fa-f0-9]+>$") ++ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>") ++ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at 0x[A-Fa-f0-9]+>$") ++ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>") ++ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>") ++ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>") ++ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>") ++ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]' \(20000\)>$") ++ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$") ++ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]' \(20000\)>$") ++ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$") ++ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam '[liq]' \(20000\)>$") ++ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam '[LIQ]' \(20000\)>$") ++ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>") ++ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>") ++ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (1e+300)>") ++ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$") ++ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z' \(0x[A-Fa-f0-9]+\)>$") ++ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z' \(0x[A-Fa-f0-9]+\)>$") ++ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' \(0x0*12\)>$") ++ + ################################################################ + + if __name__ == '__main__': +diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst +new file mode 100644 +index 0000000000000..7df65a156feab +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst +@@ -0,0 +1,2 @@ ++Avoid static buffers when computing the repr of :class:`ctypes.c_double` and ++:class:`ctypes.c_longdouble` values. +diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c +index b0a36a30248f7..f2506de54498e 100644 +--- a/Modules/_ctypes/callproc.c ++++ b/Modules/_ctypes/callproc.c +@@ -489,58 +489,47 @@ is_literal_char(unsigned char c) + static PyObject * + PyCArg_repr(PyCArgObject *self) + { +- char buffer[256]; + switch(self->tag) { + case 'b': + case 'B': +- sprintf(buffer, "<cparam '%c' (%d)>", ++ return PyUnicode_FromFormat("<cparam '%c' (%d)>", + self->tag, self->value.b); +- break; + case 'h': + case 'H': +- sprintf(buffer, "<cparam '%c' (%d)>", ++ return PyUnicode_FromFormat("<cparam '%c' (%d)>", + self->tag, self->value.h); +- break; + case 'i': + case 'I': +- sprintf(buffer, "<cparam '%c' (%d)>", ++ return PyUnicode_FromFormat("<cparam '%c' (%d)>", + self->tag, self->value.i); +- break; + case 'l': + case 'L': +- sprintf(buffer, "<cparam '%c' (%ld)>", ++ return PyUnicode_FromFormat("<cparam '%c' (%ld)>", + self->tag, self->value.l); +- break; + + case 'q': + case 'Q': +- sprintf(buffer, +-#ifdef MS_WIN32 +- "<cparam '%c' (%I64d)>", +-#else +- "<cparam '%c' (%lld)>", +-#endif ++ return PyUnicode_FromFormat("<cparam '%c' (%lld)>", + self->tag, self->value.q); +- break; + case 'd': +- sprintf(buffer, "<cparam '%c' (%f)>", +- self->tag, self->value.d); +- break; +- case 'f': +- sprintf(buffer, "<cparam '%c' (%f)>", +- self->tag, self->value.f); +- break; +- ++ case 'f': { ++ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d); ++ if (f == NULL) { ++ return NULL; ++ } ++ PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>", self->tag, f); ++ Py_DECREF(f); ++ return result; ++ } + case 'c': + if (is_literal_char((unsigned char)self->value.c)) { +- sprintf(buffer, "<cparam '%c' ('%c')>", ++ return PyUnicode_FromFormat("<cparam '%c' ('%c')>", + self->tag, self->value.c); + } + else { +- sprintf(buffer, "<cparam '%c' ('\\x%02x')>", ++ return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>", + self->tag, (unsigned char)self->value.c); + } +- break; + + /* Hm, are these 'z' and 'Z' codes useful at all? + Shouldn't they be replaced by the functionality of c_string +@@ -549,22 +538,20 @@ PyCArg_repr(PyCArgObject *self) + case 'z': + case 'Z': + case 'P': +- sprintf(buffer, "<cparam '%c' (%p)>", ++ return PyUnicode_FromFormat("<cparam '%c' (%p)>", + self->tag, self->value.p); + break; + + default: + if (is_literal_char((unsigned char)self->tag)) { +- sprintf(buffer, "<cparam '%c' at %p>", ++ return PyUnicode_FromFormat("<cparam '%c' at %p>", + (unsigned char)self->tag, (void *)self); + } + else { +- sprintf(buffer, "<cparam 0x%02x at %p>", ++ return PyUnicode_FromFormat("<cparam 0x%02x at %p>", + (unsigned char)self->tag, (void *)self); + } +- break; + } +- return PyUnicode_FromString(buffer); + } + + static PyMemberDef PyCArgType_members[] = { + diff --git a/poky/meta/recipes-devtools/python/python3_3.9.0.bb b/poky/meta/recipes-devtools/python/python3_3.9.1.bb index 19a8950f1..ad032e97a 100644 --- a/poky/meta/recipes-devtools/python/python3_3.9.0.bb +++ b/poky/meta/recipes-devtools/python/python3_3.9.1.bb @@ -29,7 +29,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-Makefile-do-not-compile-.pyc-in-parallel.patch \ file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ file://0001-Lib-sysconfig.py-use-libdir-values-from-configuratio.patch \ - file://CVE-2020-27619.patch \ + file://CVE-2021-3177.patch \ " SRC_URI_append_class-native = " \ @@ -37,8 +37,7 @@ SRC_URI_append_class-native = " \ file://12-distutils-prefix-is-inside-staging-area.patch \ file://0001-Don-t-search-system-for-headers-libraries.patch \ " - -SRC_URI[sha256sum] = "9c73e63c99855709b9be0b3cc9e5b072cb60f37311e8c4e50f15576a0bf82854" +SRC_URI[sha256sum] = "991c3f8ac97992f3d308fefeb03a64db462574eadbff34ce8bc5bb583d9903ff" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" @@ -242,7 +241,7 @@ python(){ # First set RPROVIDES for -native case # Hardcoded since it cant be python3-native-foo, should be python3-foo-native pn = 'python3' - rprovides = d.getVar('RPROVIDES').split() + rprovides = (d.getVar('RPROVIDES') or "").split() # ${PN}-misc-native is not in the manifest rprovides.append(pn + '-misc-native') @@ -317,11 +316,8 @@ do_create_manifest() { } # bitbake python -c create_manifest -addtask do_create_manifest - # Make sure we have native python ready when we create a new manifest -do_create_manifest[depends] += "${PN}:do_prepare_recipe_sysroot" -do_create_manifest[depends] += "${PN}:do_patch" +addtask do_create_manifest after do_patch do_prepare_recipe_sysroot # manual dependency additions RRECOMMENDS_${PN}-core_append_class-nativesdk = " nativesdk-python3-modules" @@ -374,3 +370,9 @@ RDEPENDS_${PN}-dev = "" RDEPENDS_${PN}-tests_append_class-target = " ${MLPREFIX}bash" RDEPENDS_${PN}-tests_append_class-nativesdk = " ${MLPREFIX}bash" + +# Python's tests contain large numbers of files we don't need in the recipe sysroots +SYSROOT_PREPROCESS_FUNCS += " py3_sysroot_cleanup" +py3_sysroot_cleanup () { + rm -rf ${SYSROOT_DESTDIR}${libdir}/python${PYTHON_MAJMIN}/test +} |