From 08902b01500fb82ac050ec2dce9b6c4358075a17 Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Tue, 20 Aug 2019 09:16:51 -0400 Subject: poky: subtree update:835f7eac06..20946c63c2 Aaron Chan (1): python3-dbus: Add native and nativesdk variants Adrian Bunk (8): gnome: Remove the gnome class bind: Remove RECIPE_NO_UPDATE_REASON and follow the ESV releases webkitgtk: Reenable on mips mtd-utils: Upgrade to 2.1.1 Change ftp:// URIs to http(s):// webkitgtk: Stop disabling gold on aarch64 and mips grub/libmpc/gdb: Use GNU_MIRROR in more recipes screen: Backport fix for an implicit function declaration Alexander Kanavin (28): btrfs-tools: update 5.1.1 -> 5.2.1 libmodulemd: update to 2.6.0 libwebp: upgrade 1.0.2 -> 1.0.3 createrepo-c: upgrade 0.14.2 -> 0.14.3 webkitgtk: upgrade 2.24.2 -> 2.24.3 bzip2: fix upstream version check stress-ng: add a recipe that replaces the original stress meson: update 0.50.1 -> 0.51.1 meson.bbclass: do not pass native compiler/linker flags via command line meson: add a backported patch to address vala cross-compilation errors libedit: fix upstream verison check maintainers.inc: assign acpica to Ross stress-ng: add a patch to remove unneeded bash dependency elfutils: use PRIVATE_LIBS for the ptest package apt: add a missing perl runtime dependency attr: add a missing perl runtime dependency ofono: correct the python3 runtime dependency bluez5: correct the python3 runtime dependency local.conf.sample: do not add sdl to nativesdk qemu config maintainers.inc: give python recipes to Oleksandr Kravchuk python-numpy: remove the python 2.x version of the recipe python-scons: remove the python 2.x version of the recipe python-nose: remove the python 2.x version of the recipe lib/oeqa/utils/qemurunner.py: add runqemuparams after kvm/nographic/snapshot/slirp mesa: enable glx-tls option in native and nativesdk builds insane.bbclass: in file-rdeps do not look into RDEPENDS recursively sudo: correct SRC_URI ovmf: fix upstream version check Andreas Obergschwandtner (1): bzip2: set the autoconf package version to the recipe version Anuj Mittal (11): mpg123: upgrade 1.25.10 -> 1.25.11 libsdl: remove pulseaudio: don't include consolekit when systemd is enabled libsdl2: upgrade 2.0.9 -> 2.0.10 grub: upgrade 2.02 -> 2.04 patch: fix CVE-2019-13636 python: fix CVE-2018-20852 python: CVE-2019-9947 is same as CVE-2019-9740 libtasn1: upgrade 4.13 -> 4.14 pango: upgrade 1.42.4 -> 1.44.3 harfbuzz: upgrade 2.4.0 -> 2.5.3 Bartosz Golaszewski (1): qemu: add a patch fixing the native build on newer kernels Bedel, Alban (3): rng-tools: start rngd early in the boot process again kernel-uboot: remove useless special casing of arm64 Image boost: Fix build and enable context and coroutines on aarch64 Bruce Ashfield (2): linux-yocto/4.19: update to v4.19.61 linux-yocto-dev: bump to 5.3-rcX Changqing Li (6): runqemu: add lockfile for port used when slirp enabled runqemu: fix get portlock fail for multi users qemuboot-x86: move QB_SYSTEM_NAME to corresponding conf genericx86-64.conf/genericx86.conf: add QB_SYSTEM_NAME grub/grub-efi: fix conflict for aach64 go-runtime: remove conflict files from -dev packages Chen Qi (1): sudo: use nonarch_libdir instead of libdir for tmpfiles.d Chin Huat Ang (1): cve-update-db-native: fix https proxy issues Chris Laplante via bitbake-devel (1): bitbake: fetch2/wget: avoid 'maximum recursion depth' RuntimeErrors when handling 403 codes Daniel Ammann (2): image_types: Remove remnants of hdddirect bitbake: toaster: Sync list of fs_types with oe-core Denys Dmytriyenko (2): wayland-protocols: upgrade 1.17 -> 1.18 weston: upgrade 6.0.0 -> 6.0.1 Diego Rondini (1): image_types.bbclass: make gzipped images rsyncable Dmitry Eremin-Solenikov (1): kernel.bbclass: fix installation of modules signing certificates Frederic Ouellet (1): systemd: Add partial support of drop-in configuration files to systemd-systemctl-native Hongxu Jia (1): grub: add grub-native Jason Wessel (6): sqlite3: Fix zlib determinism problem pseudo: Fix openat() with a symlink pointing to a directory image_types_wic.bbclass: Copy the .wks and .env files to deploy image dir wic: Add partition type for msdos partition tables wic: Make disk partition size consistently computed dpkg: Provide update-alternative for start-stop-daemon Johann Fridriksson (1): ruby: Adding zlib-native to native dependencies Joshua Lock via Openembedded-core (3): sstate: fix log message classes/sstate: don't use unsigned sstate when verification enabled classes/sstate: regenerate sstate when signing enabled Joshua Watt (1): bitbake: hashserv: SQL Optimizations Kai Kang (3): subversion: add packageconfig boost epiphany: set imcompatible with tune mips e2fsprogs: 1.44.5 -> 1.45.3 Khem Raj (23): strace: Upgrade to 5.2 linux-libc-header: Fix ptrace.h and prctl.h conflict on aarch64 libnss-nis: Fix build with glibc 2.30 lttng-ust: Check for gettid libc API ltp: Fix build with glibc 2.30 lttng-tools: Fix build with glibc 2.30 xserver-xorg: Backport patch to remove using sys/io.h Apache-2.0-with-LLVM-exception: Add new license file libedit: Move from meta-oe groff: Fix math.h inclusion from system headers issue webkitgtk: Fix compile failures with clang glibc: Update to glibc 2.30 virglrender: Fix endianness check on musl syslinux: Override hardcoded toolnames in Makefile systemd-boot: Add option to specify cross objcopy and use it mesa,llvm,meson: Update llvm to 8.0.1 plus define and use LLVM version globally musl: Update to master tip oeqa/buildgalculator.py: Add dependency on gtk+3 oeqa/parselogs: grep for exact errors list keywords gcc-runtime: Move content from gcclibdir into libdir gdb: Do not set musl specific CFLAGS linuxloader: Add entries for riscv64 musl: Delete GLIBC_LDSO before creating symlink with lnr Luca Boccassi (1): python3-pygobject: remove python3-setuptools from RDEPENDS Mads Andreasen (1): bitbake: fetch2/npm: Use npm pack to download node modules instead of wget Mark Hatle (2): glibc-package.inc: Add linux-libc-headers-dev to glibc-dev bitbake: layerindexlib: Fix parsing of recursive layer dependencies Martin Jansa (3): icecc.bbclass: catch subprocess.CalledProcessError powertop: import a fix from buildroot meson: backport fix for builds with -Werror=return-type Ming Liu (5): libx11-compose-data: add recipe libxkbcommon: RDEPENDS on libx11 compose data weston: change to use meson build system license_image.bbclass: drop invalid comments opensbi: handle deploy task under sstate Naveen Saini (2): gdk-pixbuf: enable x11 PACKAGECONFIG option image_types_wic: add syslinux-native dependency conditional Oleksandr Kravchuk (17): python3-pip: update to 19.2.1 python3-git: update to 2.1.12 ethtool: update to 5.2 python3-git: update to 2.1.13 xorgproto: update to 2019.1 xserver-xorg: update to 1.20.5 ell: update to 0.21 libinput: update to 1.14.0 wpa-supplicant: update to 2.9 aspell: update to 0.60.7 linux-firmware: add PE back xf86-input-libinput: update to 0.29.0 git: update to 2.22.1 xrandr: update to 1.5.1 python3-git: update to 3.0.0 librepo: update to 1.10.5 libevent: update to 2.1.11 Pascal Bach (2): cmake: 3.14.5 -> 3.15.1 cmake: 3.15.1 -> 3.15.2 Paul Eggleton (2): scripts/create-pull-request: improve handling of non-SSH remote URLs scripts/create-pull-request: fix putting subject containing / into cover letter Piotr Tworek (2): pulseaudio: Backport upstream fix new alsa compatibility. libdrm: Move amdgpu.ids file into libdrm-amdgpu package. Randy MacLeod (1): ptest-runner: update from 2.3.1 to 2.3.2 Rasmus Villemoes (1): iproute2: drop pointless configure-cross.patch Ricardo Neri (5): ovmf: Update to version edk2-stable201905 ovmf: Set PV ovmf: Use HOSTTOOLS' python3 ovmf: Generate test Platform key and first Key Exchange Key runqemu: Add support to handle EnrollDefaultKeys PK/KEK1 certificate Ricardo Ribalda Delgado (2): packagegroup-core-base-utils: Make it machine specific inetutils: Fix abort on invalid files Richard Purdie (50): package: Improve determinism sstate: Reduce race windows bitbake: siggen: Import unihash code from OE-Core bitbake: cache: Add SimpleCache class bitbake: runqueue: Improve scenequeue processing logic bitbake: siggen: Add new unitaskhashes data variable which is cached bitbake: siggen: Convert to use self.unitaskhashes bitbake: runqueue: Enable dynamic task adjustment to hash equivalency bitbake: runqueue: Improve determinism bitbake: cooker/hashserv: Allow autostarting of a local hash server using BB_HASHSERVE bitbake: hashserv: Turn off sqlite synchronous mode bitbake: prserv: Use a memory journal bitbake: hashserv: Use separate threads for answering requests and handling them bitbake: hashserv: Switch from threads to multiprocessing bitbake: runqueue: Clean up BB_HASHCHECK_FUNCTION API bitbake: siggen: Clean up task reference formats bitbake: build/utils: Drop bb.build.FuncFailed bitbake: tests/runqueue: Add hashserv+runqueue test bitbake: bitbake: Bump version to 1.43.1 for API changes sanity.conf: Require bitbake 1.43.1 classes/lib: Remove bb.build.FuncFailed sstatesig: Move unihash siggen code to bitbake sstatesig: Add debug for incorrect hash server settings sstatesig: Adpat to recent bitbake hash equiv runqueue changes sstatesig: Update to handle BB_HASHSERVE sstate/sstatesig: Update to new form of BB_HASHCHECK_FUNCTION sstatesig: Updates to match bitbake siggen changes gstreamer: Add fix for glibc 2.30 sstatesig: Fix leftover splitting issue from siggen change python3-pygobject: Add missing pkgutil RDEPENDS bitbake: runqueue: Fix corruption issue bitbake: runqueue: Improve setscene task handling logic bitbake: tests/runqueue: Add further hash equivalence tests bitbake: cooker: Improve hash server startup code to avoid exit tracebacks bitbake: runqueue: Wait for covered tasks to complete before trying setscene bitbake: runqueue: Fix next_buildable_task performance problem bitbake: runqueue: Improve scenequeue debugging bitbake: runqueue: Recompute holdoff tasks from scratch bitbake: runqueue: Fix event timing race bitbake: runqueue: Drop debug statement causing performance issues bitbake: runqueue: Add further debug information bitbake: runqueue: Add missing setscene task corner case bitbake: runqueue: Ensure we clear the stamp cache poky: Retire opensuse 42.3 from SANITY_TESTED_DISTROS gcc-cross-canadian: Drop obsolete shlibs exclusion bitbake: tests/runqueue: Fix tests bitbake: runqueue: Fix data corruption problem bitbake: runqueue: Ensure data is handled correctly bitbake: hashserv: Ensure we don't accumulate sockets in TIME_WAIT state bitbake: runqueue: Ensure target_tids is filtered Robert Yang (3): bitbake: cooker: Cleanup the queue before call process.join() bitbake: knotty: Fix for the Second Keyboard Interrupt bitbake: bitbake: server/process: Handle BBHandledException to avoid unexpected exceptions Ross Burton (23): libidn2: remove build paths from libidn2.pc gnutls: don't use HOSTTOOLS_DIR/bash as a shell on target libical: upgrade to 3.0.5 perl: fix whitespace perl: add PACKAGECONFIG for db fortran-helloworld: neaten recipe python3: remove empty python3-distutils-staticdev python3: support recommends in manifest python3: split out the Windows distutils installer stubs insane: check if the recipe incorrectly uses DEPENDS_${PN} libxx86misc: remove this now redundant library xserver-xorg: clean up xorgproto dependencies xserver-xorg: add PACKAGECONFIG for DGA xdpyinfo: don't depend on DGA libxx86dga: remove obsolete client libary xserver-xorg: remove embedded build path in the source libx11: update to 1.6.8 sanity: update for new bb.build.exec_func() behaviour libx11-diet: remove qemu: fix patch Upstream-Status xserver-xorg: refresh build path removal patch waffle: upgrade 1.5.2 -> 1.6.0 libx11: replace libtool patch with upstreamed patch Tim Blechmann (1): deb: allow custom dpkg command Trevor Gamblin (2): gzip: update ptest package dependencies patch: fix CVE-2019-13638 Wenlin Kang (1): db: add switch for building database verification Will Page (1): uboot: fixes to uboot-extlinux-config attribute values William Bourque (1): meta/lib/oeqa: Remove ext4 for bootimg-biosplusefi Yi Zhao (1): libx11-compose-data: upgrade 1.6.7 -> 1.6.8 Yuan Chao (4): glib-2.0:upgrade 2.60.5 -> 2.60.6 nettle:upgrade 3.4.1 -> 3.5.1 python3-pbr:upgrade 5.4.1 -> 5.4.2 gpgme:upgrade 1.13.0 -> 1.13.1 Zang Ruochen (8): msmtp: upgrade 1.8.4 -> 1.8.5 curl: upgrade 7.65.2 -> 7.65.3 iso-codes: upgrade 4.2 -> 4.3 python-scons:upgrade 3.0.5 -> 3.1.0 libgudev:upgrade 232 -> 233 libglu:upgrade 9.0.0 -> 9.0.1 man-db:upgrade 2.8.5 -> 2.8.6.1 libnewt:upgrade 0.52.20 -> 0.52.21 Zheng Ruoqin (1): python3-mako: 1.0.14 -> 1.1.0 Zoltan Kuscsik (1): kmscube: update to latest revision Change-Id: I2cd1a0d59da46725b1aba5a79b63eb6121b3c79e Signed-off-by: Brad Bishop --- poky/meta/recipes-devtools/python/python-git.inc | 32 ------ .../recipes-devtools/python/python-nose_1.3.7.bb | 6 - .../python/python-scons-native_3.0.5.bb | 8 -- .../recipes-devtools/python/python-scons_3.0.5.bb | 24 ---- poky/meta/recipes-devtools/python/python.inc | 1 + .../python/python/CVE-2018-20852.patch | 123 +++++++++++++++++++++ .../python/python/CVE-2019-9740.patch | 1 + .../recipes-devtools/python/python3-dbus_1.2.8.bb | 2 + .../recipes-devtools/python/python3-git_2.1.11.bb | 2 - .../recipes-devtools/python/python3-git_3.0.0.bb | 33 ++++++ .../recipes-devtools/python/python3-mako_1.0.14.bb | 21 ---- .../recipes-devtools/python/python3-mako_1.1.0.bb | 21 ++++ .../recipes-devtools/python/python3-pbr_5.4.1.bb | 5 - .../recipes-devtools/python/python3-pbr_5.4.2.bb | 5 + .../recipes-devtools/python/python3-pip_19.1.1.bb | 30 ----- .../recipes-devtools/python/python3-pip_19.2.1.bb | 30 +++++ .../python/python3-pygobject_3.32.2.bb | 4 +- .../python/python3/python3-manifest.json | 13 ++- poky/meta/recipes-devtools/python/python3_3.7.4.bb | 10 +- 19 files changed, 233 insertions(+), 138 deletions(-) delete mode 100644 poky/meta/recipes-devtools/python/python-git.inc delete mode 100644 poky/meta/recipes-devtools/python/python-nose_1.3.7.bb delete mode 100644 poky/meta/recipes-devtools/python/python-scons-native_3.0.5.bb delete mode 100644 poky/meta/recipes-devtools/python/python-scons_3.0.5.bb create mode 100644 poky/meta/recipes-devtools/python/python/CVE-2018-20852.patch delete mode 100644 poky/meta/recipes-devtools/python/python3-git_2.1.11.bb create mode 100644 poky/meta/recipes-devtools/python/python3-git_3.0.0.bb delete mode 100644 poky/meta/recipes-devtools/python/python3-mako_1.0.14.bb create mode 100644 poky/meta/recipes-devtools/python/python3-mako_1.1.0.bb delete mode 100644 poky/meta/recipes-devtools/python/python3-pbr_5.4.1.bb create mode 100644 poky/meta/recipes-devtools/python/python3-pbr_5.4.2.bb delete mode 100644 poky/meta/recipes-devtools/python/python3-pip_19.1.1.bb create mode 100644 poky/meta/recipes-devtools/python/python3-pip_19.2.1.bb (limited to 'poky/meta/recipes-devtools/python') diff --git a/poky/meta/recipes-devtools/python/python-git.inc b/poky/meta/recipes-devtools/python/python-git.inc deleted file mode 100644 index f973e9f42..000000000 --- a/poky/meta/recipes-devtools/python/python-git.inc +++ /dev/null @@ -1,32 +0,0 @@ -SUMMARY = "Python library used to interact with Git repositories" -DESCRIPTION = "GitPython provides object model read and write access to \ -a git repository. Access repository information conveniently, alter the \ -index directly, handle remotes, or go down to low-level object database \ -access with big-files support." -HOMEPAGE = "http://github.com/gitpython-developers/GitPython" -SECTION = "devel/python" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=8b8d26c37c1d5a04f9b0186edbebc183" - -PYPI_PACKAGE = "GitPython" - -inherit pypi - -SRC_URI[md5sum] = "cee43a39a1468084d49d1c49fb675204" -SRC_URI[sha256sum] = "8237dc5bfd6f1366abeee5624111b9d6879393d84745a507de0fda86043b65a8" - -DEPENDS = "${PYTHON_PN}-gitdb" - -RDEPENDS_${PN} += " \ - ${PYTHON_PN}-datetime \ - ${PYTHON_PN}-gitdb \ - ${PYTHON_PN}-io \ - ${PYTHON_PN}-logging \ - ${PYTHON_PN}-math \ - ${PYTHON_PN}-netclient \ - ${PYTHON_PN}-stringold \ - ${PYTHON_PN}-unittest \ - ${PYTHON_PN}-unixadmin \ - git \ -" -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python-nose_1.3.7.bb b/poky/meta/recipes-devtools/python/python-nose_1.3.7.bb deleted file mode 100644 index fab609df9..000000000 --- a/poky/meta/recipes-devtools/python/python-nose_1.3.7.bb +++ /dev/null @@ -1,6 +0,0 @@ -inherit setuptools -require python-nose.inc - -do_install_append() { - rm ${D}${bindir}/nosetests -} diff --git a/poky/meta/recipes-devtools/python/python-scons-native_3.0.5.bb b/poky/meta/recipes-devtools/python/python-scons-native_3.0.5.bb deleted file mode 100644 index 68b63c935..000000000 --- a/poky/meta/recipes-devtools/python/python-scons-native_3.0.5.bb +++ /dev/null @@ -1,8 +0,0 @@ -require python-scons_${PV}.bb -inherit native pythonnative -DEPENDS = "python-native" -RDEPENDS_${PN} = "" - -do_install_append() { - create_wrapper ${D}${bindir}/scons SCONS_LIB_DIR='${STAGING_DIR_HOST}/${PYTHON_SITEPACKAGES_DIR}' PYTHONNOUSERSITE='1' -} diff --git a/poky/meta/recipes-devtools/python/python-scons_3.0.5.bb b/poky/meta/recipes-devtools/python/python-scons_3.0.5.bb deleted file mode 100644 index 939c15bcc..000000000 --- a/poky/meta/recipes-devtools/python/python-scons_3.0.5.bb +++ /dev/null @@ -1,24 +0,0 @@ -SUMMARY = "Software Construction tool (make/autotools replacement)" -SECTION = "devel/python" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=37bb53a08e6beaea0c90e7821d731284" - -SRC_URI = "${SOURCEFORGE_MIRROR}/scons/scons-${PV}.tar.gz" -SRC_URI[md5sum] = "9f9c163e8bd48cf8cd92f03e85ca6395" -SRC_URI[sha256sum] = "df676f23dc6d4bfa384fc389d95dcd21ab907e6349d4c848958ba4befb73c73e" - -S = "${WORKDIR}/scons-${PV}" - -UPSTREAM_CHECK_URI = "http://scons.org/pages/download.html" -UPSTREAM_CHECK_REGEX = "(?P\d+(\.\d+)+)\.tar" - -inherit setuptools - -RDEPENDS_${PN} = "\ - python-fcntl \ - python-io \ - python-json \ - python-subprocess \ - python-shell \ - python-pprint \ - " diff --git a/poky/meta/recipes-devtools/python/python.inc b/poky/meta/recipes-devtools/python/python.inc index 8d0e90862..70481002b 100644 --- a/poky/meta/recipes-devtools/python/python.inc +++ b/poky/meta/recipes-devtools/python/python.inc @@ -13,6 +13,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://bpo-36216-cve-2019-9636.patch \ file://bpo-36216-cve-2019-9636-fix.patch \ file://CVE-2019-9740.patch \ + file://CVE-2018-20852.patch \ " SRC_URI[md5sum] = "30157d85a2c0479c09ea2cbe61f2aaf5" diff --git a/poky/meta/recipes-devtools/python/python/CVE-2018-20852.patch b/poky/meta/recipes-devtools/python/python/CVE-2018-20852.patch new file mode 100644 index 000000000..23c784a21 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python/CVE-2018-20852.patch @@ -0,0 +1,123 @@ +From 979daae300916adb399ab5b51410b6ebd0888f13 Mon Sep 17 00:00:00 2001 +From: Xtreak +Date: Sat, 15 Jun 2019 20:59:43 +0530 +Subject: [PATCH] [2.7] bpo-35121: prefix dot in domain for proper subdomain + validation (GH-10258) (GH-13426) + +This is a manual backport of ca7fe5063593958e5efdf90f068582837f07bd14 since 2.7 has `http.cookiejar` in `cookielib` + + +https://bugs.python.org/issue35121 +CVE: CVE-2018-20852 +Upstream-Status: Backport [https://github.com/python/cpython/pull/13426] +Signed-off-by: Anuj Mittal +--- + Lib/cookielib.py | 13 ++++++-- + Lib/test/test_cookielib.py | 30 +++++++++++++++++++ + .../2019-05-20-00-35-12.bpo-35121.RRi-HU.rst | 4 +++ + 3 files changed, 45 insertions(+), 2 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2019-05-20-00-35-12.bpo-35121.RRi-HU.rst + +diff --git a/Lib/cookielib.py b/Lib/cookielib.py +index 2dd7c48728e0..0b471a42f296 100644 +--- a/Lib/cookielib.py ++++ b/Lib/cookielib.py +@@ -1139,6 +1139,11 @@ def return_ok_domain(self, cookie, request): + req_host, erhn = eff_request_host(request) + domain = cookie.domain + ++ if domain and not domain.startswith("."): ++ dotdomain = "." + domain ++ else: ++ dotdomain = domain ++ + # strict check of non-domain cookies: Mozilla does this, MSIE5 doesn't + if (cookie.version == 0 and + (self.strict_ns_domain & self.DomainStrictNonDomain) and +@@ -1151,7 +1156,7 @@ def return_ok_domain(self, cookie, request): + _debug(" effective request-host name %s does not domain-match " + "RFC 2965 cookie domain %s", erhn, domain) + return False +- if cookie.version == 0 and not ("."+erhn).endswith(domain): ++ if cookie.version == 0 and not ("."+erhn).endswith(dotdomain): + _debug(" request-host %s does not match Netscape cookie domain " + "%s", req_host, domain) + return False +@@ -1165,7 +1170,11 @@ def domain_return_ok(self, domain, request): + req_host = "."+req_host + if not erhn.startswith("."): + erhn = "."+erhn +- if not (req_host.endswith(domain) or erhn.endswith(domain)): ++ if domain and not domain.startswith("."): ++ dotdomain = "." + domain ++ else: ++ dotdomain = domain ++ if not (req_host.endswith(dotdomain) or erhn.endswith(dotdomain)): + #_debug(" request domain %s does not match cookie domain %s", + # req_host, domain) + return False +diff --git a/Lib/test/test_cookielib.py b/Lib/test/test_cookielib.py +index f2dd9727d137..7f7ff614d61d 100644 +--- a/Lib/test/test_cookielib.py ++++ b/Lib/test/test_cookielib.py +@@ -368,6 +368,7 @@ def test_domain_return_ok(self): + ("http://foo.bar.com/", ".foo.bar.com", True), + ("http://foo.bar.com/", "foo.bar.com", True), + ("http://foo.bar.com/", ".bar.com", True), ++ ("http://foo.bar.com/", "bar.com", True), + ("http://foo.bar.com/", "com", True), + ("http://foo.com/", "rhubarb.foo.com", False), + ("http://foo.com/", ".foo.com", True), +@@ -378,6 +379,8 @@ def test_domain_return_ok(self): + ("http://foo/", "foo", True), + ("http://foo/", "foo.local", True), + ("http://foo/", ".local", True), ++ ("http://barfoo.com", ".foo.com", False), ++ ("http://barfoo.com", "foo.com", False), + ]: + request = urllib2.Request(url) + r = pol.domain_return_ok(domain, request) +@@ -938,6 +941,33 @@ def test_domain_block(self): + c.add_cookie_header(req) + self.assertFalse(req.has_header("Cookie")) + ++ c.clear() ++ ++ pol.set_blocked_domains([]) ++ req = Request("http://acme.com/") ++ res = FakeResponse(headers, "http://acme.com/") ++ cookies = c.make_cookies(res, req) ++ c.extract_cookies(res, req) ++ self.assertEqual(len(c), 1) ++ ++ req = Request("http://acme.com/") ++ c.add_cookie_header(req) ++ self.assertTrue(req.has_header("Cookie")) ++ ++ req = Request("http://badacme.com/") ++ c.add_cookie_header(req) ++ self.assertFalse(pol.return_ok(cookies[0], req)) ++ self.assertFalse(req.has_header("Cookie")) ++ ++ p = pol.set_blocked_domains(["acme.com"]) ++ req = Request("http://acme.com/") ++ c.add_cookie_header(req) ++ self.assertFalse(req.has_header("Cookie")) ++ ++ req = Request("http://badacme.com/") ++ c.add_cookie_header(req) ++ self.assertFalse(req.has_header("Cookie")) ++ + def test_secure(self): + from cookielib import CookieJar, DefaultCookiePolicy + +diff --git a/Misc/NEWS.d/next/Security/2019-05-20-00-35-12.bpo-35121.RRi-HU.rst b/Misc/NEWS.d/next/Security/2019-05-20-00-35-12.bpo-35121.RRi-HU.rst +new file mode 100644 +index 000000000000..77251806163b +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2019-05-20-00-35-12.bpo-35121.RRi-HU.rst +@@ -0,0 +1,4 @@ ++Don't send cookies of domain A without Domain attribute to domain B when ++domain A is a suffix match of domain B while using a cookiejar with ++:class:`cookielib.DefaultCookiePolicy` policy. Patch by Karthikeyan ++Singaravelan. diff --git a/poky/meta/recipes-devtools/python/python/CVE-2019-9740.patch b/poky/meta/recipes-devtools/python/python/CVE-2019-9740.patch index 066ac6829..95f43e038 100644 --- a/poky/meta/recipes-devtools/python/python/CVE-2019-9740.patch +++ b/poky/meta/recipes-devtools/python/python/CVE-2019-9740.patch @@ -31,6 +31,7 @@ Notes on backport to Python 2.7: Upstream-Status: Backport CVE: CVE-2019-9740 +CVE: CVE-2019-9947 Signed-off-by: Anuj Mittal --- Lib/httplib.py | 16 ++++++ diff --git a/poky/meta/recipes-devtools/python/python3-dbus_1.2.8.bb b/poky/meta/recipes-devtools/python/python3-dbus_1.2.8.bb index 923da3c00..2fb1eae96 100644 --- a/poky/meta/recipes-devtools/python/python3-dbus_1.2.8.bb +++ b/poky/meta/recipes-devtools/python/python3-dbus_1.2.8.bb @@ -22,3 +22,5 @@ EXTRA_OECONF += "--disable-documentation" RDEPENDS_${PN} = "python3-io python3-logging python3-stringold python3-threading python3-xml" FILES_${PN}-dev += "${libdir}/pkgconfig" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-git_2.1.11.bb b/poky/meta/recipes-devtools/python/python3-git_2.1.11.bb deleted file mode 100644 index ac320fa56..000000000 --- a/poky/meta/recipes-devtools/python/python3-git_2.1.11.bb +++ /dev/null @@ -1,2 +0,0 @@ -require python-git.inc -inherit setuptools3 diff --git a/poky/meta/recipes-devtools/python/python3-git_3.0.0.bb b/poky/meta/recipes-devtools/python/python3-git_3.0.0.bb new file mode 100644 index 000000000..b6c837cdf --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-git_3.0.0.bb @@ -0,0 +1,33 @@ +SUMMARY = "Python library used to interact with Git repositories" +DESCRIPTION = "GitPython provides object model read and write access to \ +a git repository. Access repository information conveniently, alter the \ +index directly, handle remotes, or go down to low-level object database \ +access with big-files support." +HOMEPAGE = "http://github.com/gitpython-developers/GitPython" +SECTION = "devel/python" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8b8d26c37c1d5a04f9b0186edbebc183" + +PYPI_PACKAGE = "GitPython" + +inherit pypi setuptools3 + +SRC_URI[md5sum] = "9412ae9665fd29328f2afc6df887ae81" +SRC_URI[sha256sum] = "629867ebf609cef21bb9d849039e281e25963fb7d714a2f6bacc1ecce4800293" + +DEPENDS += " ${PYTHON_PN}-gitdb" + +RDEPENDS_${PN} += " \ + ${PYTHON_PN}-datetime \ + ${PYTHON_PN}-gitdb \ + ${PYTHON_PN}-io \ + ${PYTHON_PN}-logging \ + ${PYTHON_PN}-math \ + ${PYTHON_PN}-netclient \ + ${PYTHON_PN}-stringold \ + ${PYTHON_PN}-unittest \ + ${PYTHON_PN}-unixadmin \ + git \ +" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-mako_1.0.14.bb b/poky/meta/recipes-devtools/python/python3-mako_1.0.14.bb deleted file mode 100644 index d2f5188cc..000000000 --- a/poky/meta/recipes-devtools/python/python3-mako_1.0.14.bb +++ /dev/null @@ -1,21 +0,0 @@ -SUMMARY = "Templating library for Python" -HOMEPAGE = "http://www.makotemplates.org/" -SECTION = "devel/python" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=df7e6c7c82990acf0228a55e00d29bc9" - -PYPI_PACKAGE = "Mako" - -inherit pypi setuptools3 - -SRC_URI[md5sum] = "e162578170331f0cc6a4adb063c7c0f6" -SRC_URI[sha256sum] = "f5a642d8c5699269ab62a68b296ff990767eb120f51e2e8f3d6afb16bdb57f4b" - -RDEPENDS_${PN} = "${PYTHON_PN}-html \ - ${PYTHON_PN}-netclient \ - ${PYTHON_PN}-threading \ -" - -RDEPENDS_${PN}_class-native = "" - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-mako_1.1.0.bb b/poky/meta/recipes-devtools/python/python3-mako_1.1.0.bb new file mode 100644 index 000000000..b139e5ab0 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-mako_1.1.0.bb @@ -0,0 +1,21 @@ +SUMMARY = "Templating library for Python" +HOMEPAGE = "http://www.makotemplates.org/" +SECTION = "devel/python" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=df7e6c7c82990acf0228a55e00d29bc9" + +PYPI_PACKAGE = "Mako" + +inherit pypi setuptools3 + +SRC_URI[md5sum] = "6c3f2da0b74af529a4c4a537d0848bf2" +SRC_URI[sha256sum] = "a36919599a9b7dc5d86a7a8988f23a9a3a3d083070023bab23d64f7f1d1e0a4b" + +RDEPENDS_${PN} = "${PYTHON_PN}-html \ + ${PYTHON_PN}-netclient \ + ${PYTHON_PN}-threading \ +" + +RDEPENDS_${PN}_class-native = "" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-pbr_5.4.1.bb b/poky/meta/recipes-devtools/python/python3-pbr_5.4.1.bb deleted file mode 100644 index 338ac8b70..000000000 --- a/poky/meta/recipes-devtools/python/python3-pbr_5.4.1.bb +++ /dev/null @@ -1,5 +0,0 @@ -inherit setuptools3 -require python-pbr.inc - -SRC_URI[md5sum] = "ab6e26026ab306989a636ec2d50a435a" -SRC_URI[sha256sum] = "0ca44dc9fd3b04a22297c2a91082d8df2894862e8f4c86a49dac69eae9e85ca0" diff --git a/poky/meta/recipes-devtools/python/python3-pbr_5.4.2.bb b/poky/meta/recipes-devtools/python/python3-pbr_5.4.2.bb new file mode 100644 index 000000000..d59e744e6 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-pbr_5.4.2.bb @@ -0,0 +1,5 @@ +inherit setuptools3 +require python-pbr.inc + +SRC_URI[md5sum] = "ea90e1118a0132da752d45e68d10b2b8" +SRC_URI[sha256sum] = "9b321c204a88d8ab5082699469f52cc94c5da45c51f114113d01b3d993c24cdf" diff --git a/poky/meta/recipes-devtools/python/python3-pip_19.1.1.bb b/poky/meta/recipes-devtools/python/python3-pip_19.1.1.bb deleted file mode 100644 index baf32f472..000000000 --- a/poky/meta/recipes-devtools/python/python3-pip_19.1.1.bb +++ /dev/null @@ -1,30 +0,0 @@ -SUMMARY = "The PyPA recommended tool for installing Python packages" -HOMEPAGE = "https://pypi.python.org/pypi/pip" -SECTION = "devel/python" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8ba06d529c955048e5ddd7c45459eb2e" - -DEPENDS += "python3 python3-setuptools-native" - -SRC_URI[md5sum] = "4fb98a060f21c731d6743b90a714fc73" -SRC_URI[sha256sum] = "44d3d7d3d30a1eb65c7e5ff1173cdf8f7467850605ac7cc3707b6064bddd0958" - -inherit pypi distutils3 - -do_install_append() { - # Install as pip3 and leave pip2 as default - rm ${D}/${bindir}/pip -} - -RDEPENDS_${PN} = "\ - python3-compile \ - python3-io \ - python3-html \ - python3-json \ - python3-netserver \ - python3-setuptools \ - python3-unixadmin \ - python3-xmlrpc \ -" - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-pip_19.2.1.bb b/poky/meta/recipes-devtools/python/python3-pip_19.2.1.bb new file mode 100644 index 000000000..ebf1f25c1 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-pip_19.2.1.bb @@ -0,0 +1,30 @@ +SUMMARY = "The PyPA recommended tool for installing Python packages" +HOMEPAGE = "https://pypi.python.org/pypi/pip" +SECTION = "devel/python" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8ba06d529c955048e5ddd7c45459eb2e" + +DEPENDS += "python3 python3-setuptools-native" + +SRC_URI[md5sum] = "e9ac3e030e88b6c076a20ab371a30742" +SRC_URI[sha256sum] = "258d702483dd749400aec59c23d638a5b2249ae28a0f478b6cab12ad45681a80" + +inherit pypi distutils3 + +do_install_append() { + # Install as pip3 and leave pip2 as default + rm ${D}/${bindir}/pip +} + +RDEPENDS_${PN} = "\ + python3-compile \ + python3-io \ + python3-html \ + python3-json \ + python3-netserver \ + python3-setuptools \ + python3-unixadmin \ + python3-xmlrpc \ +" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-pygobject_3.32.2.bb b/poky/meta/recipes-devtools/python/python3-pygobject_3.32.2.bb index 05688be60..476957e88 100644 --- a/poky/meta/recipes-devtools/python/python3-pygobject_3.32.2.bb +++ b/poky/meta/recipes-devtools/python/python3-pygobject_3.32.2.bb @@ -23,11 +23,11 @@ S = "${WORKDIR}/${SRCNAME}-${PV}" PACKAGECONFIG ??= "${@bb.utils.contains_any('DISTRO_FEATURES', [ 'directfb', 'wayland', 'x11' ], 'cairo', '', d)}" +RDEPENDS_${PN} += "python3-pkgutil" + # python3-pycairo is checked on configuration -> DEPENDS # we don't link against python3-pycairo -> RDEPENDS PACKAGECONFIG[cairo] = "-Dpycairo=true,-Dpycairo=false, cairo python3-pycairo, python3-pycairo" -RDEPENDS_${PN} += "python3-setuptools" - BBCLASSEXTEND = "native" PACKAGECONFIG_class-native = "" diff --git a/poky/meta/recipes-devtools/python/python3/python3-manifest.json b/poky/meta/recipes-devtools/python/python3/python3-manifest.json index 0803ac003..ec28c2dbb 100644 --- a/poky/meta/recipes-devtools/python/python3/python3-manifest.json +++ b/poky/meta/recipes-devtools/python/python3/python3-manifest.json @@ -512,17 +512,15 @@ "${libdir}/python${PYTHON_MAJMIN}/__pycache__/difflib.*.pyc" ] }, - "distutils-staticdev": { - "cached": [ - "${libdir}/python${PYTHON_MAJMIN}/config/__pycache__/lib*.a" - ], + "distutils-windows": { + "cached": [], "files": [ - "${libdir}/python${PYTHON_MAJMIN}/config/lib*.a" + "${libdir}/python${PYTHON_MAJMIN}/distutils/command/wininst-*.exe" ], "rdepends": [ "distutils" ], - "summary": "Python distribution utilities (static libraries)" + "summary": "Python distribution utilities (Windows installer stubs)" }, "distutils": { "summary": "Python Distribution Utilities", @@ -801,6 +799,9 @@ "xml", "xmlrpc" ], + "rrecommends": [ + "distutils-windows" + ], "summary": "All Python modules" }, "multiprocessing": { diff --git a/poky/meta/recipes-devtools/python/python3_3.7.4.bb b/poky/meta/recipes-devtools/python/python3_3.7.4.bb index a63abfd6c..59d702498 100644 --- a/poky/meta/recipes-devtools/python/python3_3.7.4.bb +++ b/poky/meta/recipes-devtools/python/python3_3.7.4.bb @@ -229,7 +229,7 @@ python(){ newpackages=[] for key in python_manifest: - pypackage= pn + '-' + key + pypackage = pn + '-' + key if pypackage not in packages: # We need to prepend, otherwise python-misc gets everything @@ -249,8 +249,14 @@ python(){ for value in python_manifest[key]['rdepends']: # Make it work with or without $PN if '${PN}' in value: - value=value.split('-')[1] + value=value.split('-', 1)[1] d.appendVar('RDEPENDS_' + pypackage, ' ' + pn + '-' + value) + + for value in python_manifest[key].get('rrecommends', ()): + if '${PN}' in value: + value=value.split('-', 1)[1] + d.appendVar('RRECOMMENDS_' + pypackage, ' ' + pn + '-' + value) + d.setVar('SUMMARY_' + pypackage, python_manifest[key]['summary']) # Prepending so to avoid python-misc getting everything -- cgit v1.2.3