diff options
Diffstat (limited to 'poky/meta/recipes-devtools/python')
17 files changed, 574 insertions, 18 deletions
diff --git a/poky/meta/recipes-devtools/python/python3-bcrypt_4.0.1.bb b/poky/meta/recipes-devtools/python/python3-bcrypt_4.0.1.bb index 9f5b81330b..42d5d4dfce 100644 --- a/poky/meta/recipes-devtools/python/python3-bcrypt_4.0.1.bb +++ b/poky/meta/recipes-devtools/python/python3-bcrypt_4.0.1.bb @@ -4,6 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=8f7bb094c7232b058c7e9f2e431f389c" HOMEPAGE = "https://pypi.org/project/bcrypt/" DEPENDS += "${PYTHON_PN}-cffi-native" +LDFLAGS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', ' -fuse-ld=bfd', '', d)}" SRC_URI[sha256sum] = "27d375903ac8261cfe4047f6709d16f7d18d39b1ec92aaf72af989552a650ebd" diff --git a/poky/meta/recipes-devtools/python/python3-certifi_2022.12.7.bb b/poky/meta/recipes-devtools/python/python3-certifi_2023.7.22.bb index dca3d26811..f63b0b6cb8 100644 --- a/poky/meta/recipes-devtools/python/python3-certifi_2022.12.7.bb +++ b/poky/meta/recipes-devtools/python/python3-certifi_2023.7.22.bb @@ -7,7 +7,7 @@ HOMEPAGE = " http://certifi.io/" LICENSE = "ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=3c2b7404369c587c3559afb604fce2f2" -SRC_URI[sha256sum] = "35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3" +SRC_URI[sha256sum] = "539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082" inherit pypi setuptools3 diff --git a/poky/meta/recipes-devtools/python/python3-git_3.1.31.bb b/poky/meta/recipes-devtools/python/python3-git_3.1.37.bb index 08b9f66bcb..56a335a79e 100644 --- a/poky/meta/recipes-devtools/python/python3-git_3.1.31.bb +++ b/poky/meta/recipes-devtools/python/python3-git_3.1.37.bb @@ -6,13 +6,13 @@ access with big-files support." HOMEPAGE = "http://github.com/gitpython-developers/GitPython" SECTION = "devel/python" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=8b8d26c37c1d5a04f9b0186edbebc183" +LIC_FILES_CHKSUM = "file://LICENSE;md5=5279a7ab369ba336989dcf2a107e5c8e" PYPI_PACKAGE = "GitPython" inherit pypi python_setuptools_build_meta -SRC_URI[sha256sum] = "8ce3bcf69adfdf7c7d503e78fd3b1c492af782d58893b650adb2ac8912ddd573" +SRC_URI[sha256sum] = "f9b9ddc0761c125d5780eab2d64be4873fc6817c2899cbcb34b02344bdc7bc54" DEPENDS += " ${PYTHON_PN}-gitdb" diff --git a/poky/meta/recipes-devtools/python/python3-numpy/0001-simd.inc.src-Change-NPY_INLINE-to-inline.patch b/poky/meta/recipes-devtools/python/python3-numpy/0001-simd.inc.src-Change-NPY_INLINE-to-inline.patch new file mode 100644 index 0000000000..d733dda333 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-numpy/0001-simd.inc.src-Change-NPY_INLINE-to-inline.patch @@ -0,0 +1,135 @@ +From f2a722aa30a29709bb9b5f60fc6d20a10fe6b4f5 Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Wed, 28 Jun 2023 17:58:52 +0800 +Subject: [PATCH] simd.inc.src: Change NPY_INLINE to inline +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes: + | numpy/core/src/umath/simd.inc.src:977:20: note: called from here + | 977 | @vtype@ zeros = _mm512_setzero_@vsuffix@(); + | ^~~~~~~~~~~~~~~~~~~ + | numpy/core/src/umath/simd.inc.src:596:1: error: inlining failed in call to ‘always_inline’ ‘avx512_get_full_load_mask_ps’: target specific option mismatch + 596 | avx512_get_full_load_mask_ps(void) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | numpy/core/src/umath/simd.inc.src:976:27: note: called from here + 976 | @mask@ load_mask = avx512_get_full_load_mask_@vsuffix@(); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + | /usr/lib/gcc/x86_64-redhat-linux/13/include/avx512fintrin.h:6499:1: error: inlining failed in call to ‘always_inline’ ‘_mm512_loadu_si512’: target specific option mismatch + +Upstream-Status: Inappropriate [The file simd.inc.src have been removed in new version as + https://github.com/numpy/numpy/commit/640e85017aa8eac3e9be68b475acf27d623b16b7] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + numpy/core/src/umath/simd.inc.src | 24 ++++++++++++------------ + 1 file changed, 12 insertions(+), 12 deletions(-) + +diff --git a/numpy/core/src/umath/simd.inc.src b/numpy/core/src/umath/simd.inc.src +index d6c9a7e..39aec9a 100644 +--- a/numpy/core/src/umath/simd.inc.src ++++ b/numpy/core/src/umath/simd.inc.src +@@ -61,11 +61,11 @@ + */ + + #if defined HAVE_ATTRIBUTE_TARGET_AVX512F_WITH_INTRINSICS && defined NPY_HAVE_SSE2_INTRINSICS +-static NPY_INLINE NPY_GCC_TARGET_AVX512F void ++static inline NPY_GCC_TARGET_AVX512F void + AVX512F_@func@_@TYPE@(@type@*, @type@*, const npy_intp n, const npy_intp stride); + #endif + +-static NPY_INLINE int ++static inline int + run_unary_avx512f_@func@_@TYPE@(char **args, const npy_intp *dimensions, const npy_intp *steps) + { + #if defined HAVE_ATTRIBUTE_TARGET_AVX512F_WITH_INTRINSICS && defined NPY_HAVE_SSE2_INTRINSICS +@@ -99,11 +99,11 @@ run_unary_avx512f_@func@_@TYPE@(char **args, const npy_intp *dimensions, const n + */ + + #if defined HAVE_ATTRIBUTE_TARGET_AVX512_SKX_WITH_INTRINSICS && defined NPY_HAVE_SSE2_INTRINSICS && @EXISTS@ +-static NPY_INLINE NPY_GCC_TARGET_AVX512_SKX void ++static inline NPY_GCC_TARGET_AVX512_SKX void + AVX512_SKX_@func@_@TYPE@(npy_bool*, @type@*, const npy_intp n, const npy_intp stride); + #endif + +-static NPY_INLINE int ++static inline int + run_@func@_avx512_skx_@TYPE@(char **args, npy_intp const *dimensions, npy_intp const *steps) + { + #if defined HAVE_ATTRIBUTE_TARGET_AVX512_SKX_WITH_INTRINSICS && defined NPY_HAVE_SSE2_INTRINSICS && @EXISTS@ +@@ -144,7 +144,7 @@ sse2_@func@_@TYPE@(@type@ *, @type@ *, const npy_intp n); + + #endif + +-static NPY_INLINE int ++static inline int + run_@name@_simd_@func@_@TYPE@(char **args, npy_intp const *dimensions, npy_intp const *steps) + { + #if @vector@ && defined NPY_HAVE_SSE2_INTRINSICS +@@ -169,7 +169,7 @@ sse2_@kind@_@TYPE@(npy_bool * op, @type@ * ip1, npy_intp n); + + #endif + +-static NPY_INLINE int ++static inline int + run_@kind@_simd_@TYPE@(char **args, npy_intp const *dimensions, npy_intp const *steps) + { + #if @vector@ && defined NPY_HAVE_SSE2_INTRINSICS +@@ -205,7 +205,7 @@ static void + sse2_reduce_@kind@_BOOL(npy_bool * op, npy_bool * ip, npy_intp n); + #endif + +-static NPY_INLINE int ++static inline int + run_binary_simd_@kind@_BOOL(char **args, npy_intp const *dimensions, npy_intp const *steps) + { + #if defined NPY_HAVE_SSE2_INTRINSICS +@@ -220,7 +220,7 @@ run_binary_simd_@kind@_BOOL(char **args, npy_intp const *dimensions, npy_intp co + } + + +-static NPY_INLINE int ++static inline int + run_reduce_simd_@kind@_BOOL(char **args, npy_intp const *dimensions, npy_intp const *steps) + { + #if defined NPY_HAVE_SSE2_INTRINSICS +@@ -245,7 +245,7 @@ static void + sse2_@kind@_BOOL(npy_bool *, npy_bool *, const npy_intp n); + #endif + +-static NPY_INLINE int ++static inline int + run_unary_simd_@kind@_BOOL(char **args, npy_intp const *dimensions, npy_intp const *steps) + { + #if defined NPY_HAVE_SSE2_INTRINSICS +@@ -875,7 +875,7 @@ NPY_FINLINE NPY_GCC_OPT_3 NPY_GCC_TARGET_@ISA@ @vtype@d + */ + + #if defined HAVE_ATTRIBUTE_TARGET_AVX512_SKX_WITH_INTRINSICS && defined NPY_HAVE_SSE2_INTRINSICS +-static NPY_INLINE NPY_GCC_TARGET_AVX512_SKX void ++static inline NPY_GCC_TARGET_AVX512_SKX void + AVX512_SKX_@func@_@TYPE@(npy_bool* op, @type@* ip, const npy_intp array_size, const npy_intp steps) + { + const npy_intp stride_ip = steps/(npy_intp)sizeof(@type@); +@@ -954,7 +954,7 @@ AVX512_SKX_@func@_@TYPE@(npy_bool* op, @type@* ip, const npy_intp array_size, co + */ + + #if defined HAVE_ATTRIBUTE_TARGET_AVX512F_WITH_INTRINSICS && defined NPY_HAVE_SSE2_INTRINSICS +-static NPY_GCC_OPT_3 NPY_INLINE NPY_GCC_TARGET_AVX512F void ++static NPY_GCC_OPT_3 inline NPY_GCC_TARGET_AVX512F void + AVX512F_@func@_@TYPE@(@type@ * op, + @type@ * ip, + const npy_intp array_size, +@@ -1001,7 +1001,7 @@ AVX512F_@func@_@TYPE@(@type@ * op, + /**end repeat1**/ + + #if defined HAVE_ATTRIBUTE_TARGET_AVX512F_WITH_INTRINSICS && defined NPY_HAVE_SSE2_INTRINSICS +-static NPY_GCC_OPT_3 NPY_INLINE NPY_GCC_TARGET_AVX512F void ++static NPY_GCC_OPT_3 inline NPY_GCC_TARGET_AVX512F void + AVX512F_absolute_@TYPE@(@type@ * op, + @type@ * ip, + const npy_intp array_size, +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/python/python3-numpy_1.24.2.bb b/poky/meta/recipes-devtools/python/python3-numpy_1.24.2.bb index bfcfc52729..5f88948de2 100644 --- a/poky/meta/recipes-devtools/python/python3-numpy_1.24.2.bb +++ b/poky/meta/recipes-devtools/python/python3-numpy_1.24.2.bb @@ -10,6 +10,7 @@ SRCNAME = "numpy" SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${SRCNAME}-${PV}.tar.gz \ file://0001-Don-t-search-usr-and-so-on-for-libraries-by-default-.patch \ file://0001-numpy-core-Define-RISCV-32-support.patch \ + file://0001-simd.inc.src-Change-NPY_INLINE-to-inline.patch \ file://run-ptest \ " SRC_URI[sha256sum] = "003a9f530e880cb2cd177cba1af7220b9aa42def9c4afc2a2fc3ee6be7eb2b22" diff --git a/poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0001.patch b/poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0001.patch new file mode 100644 index 0000000000..d7fc87fec8 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0001.patch @@ -0,0 +1,49 @@ +From 9a73f2a80e5cf869d473ddcbfceaab229fb99b5e Mon Sep 17 00:00:00 2001 +From: Narpat Mali <narpat.mali@windriver.com> +Date: Mon, 28 Aug 2023 15:04:14 +0000 +Subject: [PATCH] SQL+Jinja: use a simpler regex in analyse_text + +Fixes catastrophic backtracking + +Fixes #2355 + +CVE: CVE-2022-40896 + +Upstream-Status: Backport [https://github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + CHANGES | 1 + + pygments/lexers/templates.py | 6 +----- + 2 files changed, 2 insertions(+), 5 deletions(-) + +diff --git a/CHANGES b/CHANGES +index 2aa54fa..4c84fa6 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -61,6 +61,7 @@ Version 2.14.0 + * Spice: Add ``enum`` keyword and fix a bug regarding binary, + hexadecimal and octal number tokens (#2227) + * YAML: Accept colons in key names (#2277) ++ * SQL+Jinja (``analyse_text`` method): fix catastrophic backtracking [Backported] + + - Fix `make mapfiles` when Pygments is not installed in editable mode + (#2223) +diff --git a/pygments/lexers/templates.py b/pygments/lexers/templates.py +index 1fcf708..1066294 100644 +--- a/pygments/lexers/templates.py ++++ b/pygments/lexers/templates.py +@@ -2291,10 +2291,6 @@ class SqlJinjaLexer(DelegatingLexer): + if re.search(r'\{\{\s*source\(.*\)\s*\}\}', text): + rv += 0.25 + # Jinja macro +- if re.search( +- r'\{%-?\s*macro \w+\(.*\)\s*-?%\}\s+.*\s+\{%-?\s*endmacro\s*-?%\}', +- text, +- re.S, +- ): ++ if re.search(r'\{%-?\s*macro \w+\(.*\)\s*-?%\}', text): + rv += 0.15 + return rv +-- +2.40.0 diff --git a/poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0002.patch b/poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0002.patch new file mode 100644 index 0000000000..61ebe5dad5 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896-0002.patch @@ -0,0 +1,301 @@ +From 45ff8eabe0363f829c397372aefc3b23aeb135b3 Mon Sep 17 00:00:00 2001 +From: Narpat Mali <narpat.mali@windriver.com> +Date: Tue, 29 Aug 2023 10:45:34 +0000 +Subject: [PATCH] Improve Java properties lexer (#2404) + +Use special lexer rules for escapes; fixes catastrophic backtracking, +and highlights them too. + +Fixes #2356 + +CVE: CVE-2022-40896 + +Upstream-Status: Backport [https://github.com/pygments/pygments/commit/fdf182a7af85b1deeeb637ca970d31935e7c9d52] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + pygments/lexers/configs.py | 50 +++++--- + tests/examplefiles/properties/java.properties | 11 ++ + .../properties/java.properties.output | 110 +++++++++++++++--- + .../test_escaped_space_in_value.txt | 4 +- + .../properties/test_just_key_with_space.txt | 4 +- + 5 files changed, 143 insertions(+), 36 deletions(-) + +diff --git a/pygments/lexers/configs.py b/pygments/lexers/configs.py +index e04c722..b28b56a 100644 +--- a/pygments/lexers/configs.py ++++ b/pygments/lexers/configs.py +@@ -129,26 +129,42 @@ class PropertiesLexer(RegexLexer): + + tokens = { + 'root': [ +- (r'\s+', Whitespace), ++ # comments + (r'[!#].*|/{2}.*', Comment.Single), +- # search for first separator +- (r'([^\\\n]|\\.)*?(?=[ \f\t=:])', Name.Attribute, "separator"), +- # empty key +- (r'.+?$', Name.Attribute), ++ # ending a comment or whitespace-only line ++ (r'\n', Whitespace), ++ # eat whitespace at the beginning of a line ++ (r'^[^\S\n]+', Whitespace), ++ # start lexing a key ++ default('key'), + ], +- 'separator': [ +- # search for line continuation escape +- (r'([ \f\t]*)([=:]*)([ \f\t]*)(.*(?<!\\)(?:\\{2})*)(\\)(?!\\)$', +- bygroups(Whitespace, Operator, Whitespace, String, Text), "value", "#pop"), +- (r'([ \f\t]*)([=:]*)([ \f\t]*)(.*)', +- bygroups(Whitespace, Operator, Whitespace, String), "#pop"), ++ 'key': [ ++ # non-escaped key characters ++ (r'[^\\:=\s]+', Name.Attribute), ++ # escapes ++ include('escapes'), ++ # separator is the first non-escaped whitespace or colon or '=' on the line; ++ # if it's whitespace, = and : are gobbled after it ++ (r'([^\S\n]*)([:=])([^\S\n]*)', ++ bygroups(Whitespace, Operator, Whitespace), ++ ('#pop', 'value')), ++ (r'[^\S\n]+', Whitespace, ('#pop', 'value')), ++ # maybe we got no value after all ++ (r'\n', Whitespace, '#pop'), + ], +- 'value': [ # line continuation +- (r'\s+', Whitespace), +- # search for line continuation escape +- (r'(\s*)(.*(?<!\\)(?:\\{2})*)(\\)(?!\\)([ \t]*)', +- bygroups(Whitespace, String, Text, Whitespace)), +- (r'.*$', String, "#pop"), ++ 'value': [ ++ # non-escaped value characters ++ (r'[^\\\n]+', String), ++ # escapes ++ include('escapes'), ++ # end the value on an unescaped newline ++ (r'\n', Whitespace, '#pop'), ++ ], ++ 'escapes': [ ++ # line continuations; these gobble whitespace at the beginning of the next line ++ (r'(\\\n)([^\S\n]*)', bygroups(String.Escape, Whitespace)), ++ # other escapes ++ (r'\\(.|\n)', String.Escape), + ], + } + +diff --git a/tests/examplefiles/properties/java.properties b/tests/examplefiles/properties/java.properties +index d5b594e..7fe915c 100644 +--- a/tests/examplefiles/properties/java.properties ++++ b/tests/examplefiles/properties/java.properties +@@ -14,6 +14,8 @@ key = \ + and value2\\ + key\ 2 = value + key\\ 3 = value3 ++key \ ++ = value + + ! empty keys and edge cases + key1 = +@@ -22,3 +24,12 @@ key3 the value3 + key4 the:value4 + key5 the=value5 + key6=the value6 ++ ++! escapes in keys ++key\ with\ spaces = value ++key\nwith\nnewlines = value\nwith\nnewlines ++ ++ ! indented comment ++ ++! line continuations do \ ++not = work for comments +diff --git a/tests/examplefiles/properties/java.properties.output b/tests/examplefiles/properties/java.properties.output +index 0c1fdee..4822575 100644 +--- a/tests/examplefiles/properties/java.properties.output ++++ b/tests/examplefiles/properties/java.properties.output +@@ -2,13 +2,17 @@ + '\n' Text.Whitespace + + '# mixing spaces' Comment.Single +-'\n\t' Text.Whitespace ++'\n' Text.Whitespace ++ ++'\t' Text.Whitespace + 'Truth' Name.Attribute + ' ' Text.Whitespace + '=' Operator + ' ' Text.Whitespace + 'Beauty' Literal.String +-'\n ' Text.Whitespace ++'\n' Text.Whitespace ++ ++' ' Text.Whitespace + 'Truth' Name.Attribute + ':' Operator + 'Beauty' Literal.String +@@ -23,18 +27,24 @@ + ' ' Text.Whitespace + ':' Operator + 'Beauty' Literal.String +-'\n \n' Text.Whitespace ++'\n' Text.Whitespace ++ ++'\n' Text.Whitespace + + '! line continuations and escapes' Comment.Single +-'\n ' Text.Whitespace ++'\n' Text.Whitespace ++ ++' ' Text.Whitespace + 'fruits' Name.Attribute + ' ' Text.Whitespace + 'apple, banana, pear, ' Literal.String +-'\\' Text +-'\n ' Text.Whitespace ++'\\\n' Literal.String.Escape ++ ++' ' Text.Whitespace + 'cantaloupe, watermelon, ' Literal.String +-'\\' Text +-'\n ' Text.Whitespace ++'\\\n' Literal.String.Escape ++ ++' ' Text.Whitespace + 'kiwi, mango' Literal.String + '\n' Text.Whitespace + +@@ -42,25 +52,42 @@ + ' ' Text.Whitespace + '=' Operator + ' ' Text.Whitespace +-'\\' Text +-'\n ' Text.Whitespace +-'value1 \\\\' Literal.String +-'\\' Text +-'\n ' Text.Whitespace +-'and value2\\\\' Literal.String ++'\\\n' Literal.String.Escape ++ ++' ' Text.Whitespace ++'value1 ' Literal.String ++'\\\\' Literal.String.Escape ++'\\\n' Literal.String.Escape ++ ++' ' Text.Whitespace ++'and value2' Literal.String ++'\\\\' Literal.String.Escape + '\n' Text.Whitespace + +-'key\\ 2' Name.Attribute ++'key' Name.Attribute ++'\\ ' Literal.String.Escape ++'2' Name.Attribute + ' ' Text.Whitespace + '=' Operator + ' ' Text.Whitespace + 'value' Literal.String + '\n' Text.Whitespace + +-'key\\\\' Name.Attribute ++'key' Name.Attribute ++'\\\\' Literal.String.Escape + ' ' Text.Whitespace + '3 = value3' Literal.String +-'\n\n' Text.Whitespace ++'\n' Text.Whitespace ++ ++'key' Name.Attribute ++' ' Text.Whitespace ++'\\\n' Literal.String.Escape ++ ++' ' Text.Whitespace ++'= value' Literal.String ++'\n' Text.Whitespace ++ ++'\n' Text.Whitespace + + '! empty keys and edge cases' Comment.Single + '\n' Text.Whitespace +@@ -92,3 +119,52 @@ + '=' Operator + 'the value6' Literal.String + '\n' Text.Whitespace ++ ++'\n' Text.Whitespace ++ ++'! escapes in keys' Comment.Single ++'\n' Text.Whitespace ++ ++'key' Name.Attribute ++'\\ ' Literal.String.Escape ++'with' Name.Attribute ++'\\ ' Literal.String.Escape ++'spaces' Name.Attribute ++' ' Text.Whitespace ++'=' Operator ++' ' Text.Whitespace ++'value' Literal.String ++'\n' Text.Whitespace ++ ++'key' Name.Attribute ++'\\n' Literal.String.Escape ++'with' Name.Attribute ++'\\n' Literal.String.Escape ++'newlines' Name.Attribute ++' ' Text.Whitespace ++'=' Operator ++' ' Text.Whitespace ++'value' Literal.String ++'\\n' Literal.String.Escape ++'with' Literal.String ++'\\n' Literal.String.Escape ++'newlines' Literal.String ++'\n' Text.Whitespace ++ ++'\n' Text.Whitespace ++ ++' ' Text.Whitespace ++'! indented comment' Comment.Single ++'\n' Text.Whitespace ++ ++'\n' Text.Whitespace ++ ++'! line continuations do \\' Comment.Single ++'\n' Text.Whitespace ++ ++'not' Name.Attribute ++' ' Text.Whitespace ++'=' Operator ++' ' Text.Whitespace ++'work for comments' Literal.String ++'\n' Text.Whitespace +diff --git a/tests/snippets/properties/test_escaped_space_in_value.txt b/tests/snippets/properties/test_escaped_space_in_value.txt +index f76507f..44772d8 100644 +--- a/tests/snippets/properties/test_escaped_space_in_value.txt ++++ b/tests/snippets/properties/test_escaped_space_in_value.txt +@@ -6,5 +6,7 @@ key = doubleword\ value + ' ' Text.Whitespace + '=' Operator + ' ' Text.Whitespace +-'doubleword\\ value' Literal.String ++'doubleword' Literal.String ++'\\ ' Literal.String.Escape ++'value' Literal.String + '\n' Text.Whitespace +diff --git a/tests/snippets/properties/test_just_key_with_space.txt b/tests/snippets/properties/test_just_key_with_space.txt +index 660c37c..833fe40 100644 +--- a/tests/snippets/properties/test_just_key_with_space.txt ++++ b/tests/snippets/properties/test_just_key_with_space.txt +@@ -2,5 +2,7 @@ + just\ key + + ---tokens--- +-'just\\ key' Name.Attribute ++'just' Name.Attribute ++'\\ ' Literal.String.Escape ++'key' Name.Attribute + '\n' Text.Whitespace +-- +2.40.0 diff --git a/poky/meta/recipes-devtools/python/python3-pygments_2.14.0.bb b/poky/meta/recipes-devtools/python/python3-pygments_2.14.0.bb index 16769e9263..b5b8abc113 100644 --- a/poky/meta/recipes-devtools/python/python3-pygments_2.14.0.bb +++ b/poky/meta/recipes-devtools/python/python3-pygments_2.14.0.bb @@ -7,6 +7,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=36a13c90514e2899f1eba7f41c3ee592" inherit setuptools3 SRC_URI[sha256sum] = "b3ed06a9e8ac9a9aae5a6f5dbe78a8a58655d17b43b93c078f094ddc476ae297" +SRC_URI += "file://CVE-2022-40896-0001.patch \ + file://CVE-2022-40896-0002.patch \ + " + DEPENDS += "\ ${PYTHON_PN} \ " diff --git a/poky/meta/recipes-devtools/python/python3-requests/CVE-2023-32681.patch b/poky/meta/recipes-devtools/python/python3-requests/CVE-2023-32681.patch new file mode 100644 index 0000000000..0110615572 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-requests/CVE-2023-32681.patch @@ -0,0 +1,61 @@ +From 74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5 Mon Sep 17 00:00:00 2001 +From: Nate Prewitt <nate.prewitt@gmail.com> +Date: Mon, 22 May 2023 08:08:57 -0700 +Subject: [PATCH] Merge pull request from GHSA-j8r2-6x86-q33q + +CVE: CVE-2023-32681 +Upstream-Status: Backport +[https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5] +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +--- + requests/sessions.py | 4 +++- + tests/test_requests.py | 20 ++++++++++++++++++++ + 2 files changed, 23 insertions(+), 1 deletion(-) + +diff --git a/requests/sessions.py b/requests/sessions.py +index 6cb3b4dae3..dbcf2a7b0e 100644 +--- a/requests/sessions.py ++++ b/requests/sessions.py +@@ -324,7 +324,9 @@ def rebuild_proxies(self, prepared_request, proxies): + except KeyError: + username, password = None, None + +- if username and password: ++ # urllib3 handles proxy authorization for us in the standard adapter. ++ # Avoid appending this to TLS tunneled requests where it may be leaked. ++ if not scheme.startswith('https') and username and password: + headers["Proxy-Authorization"] = _basic_auth_str(username, password) + + return new_proxies +diff --git a/tests/test_requests.py b/tests/test_requests.py +index b1c8dd4534..b420c44d73 100644 +--- a/tests/test_requests.py ++++ b/tests/test_requests.py +@@ -647,6 +647,26 @@ def test_proxy_authorization_preserved_on_request(self, httpbin): + + assert sent_headers.get("Proxy-Authorization") == proxy_auth_value + ++ ++ @pytest.mark.parametrize( ++ "url,has_proxy_auth", ++ ( ++ ('http://example.com', True), ++ ('https://example.com', False), ++ ), ++ ) ++ def test_proxy_authorization_not_appended_to_https_request(self, url, has_proxy_auth): ++ session = requests.Session() ++ proxies = { ++ 'http': 'http://test:pass@localhost:8080', ++ 'https': 'http://test:pass@localhost:8090', ++ } ++ req = requests.Request('GET', url) ++ prep = req.prepare() ++ session.rebuild_proxies(prep, proxies) ++ ++ assert ('Proxy-Authorization' in prep.headers) is has_proxy_auth ++ + def test_basicauth_with_netrc(self, httpbin): + auth = ("user", "pass") + wrong_auth = ("wronguser", "wrongpass") diff --git a/poky/meta/recipes-devtools/python/python3-requests_2.28.2.bb b/poky/meta/recipes-devtools/python/python3-requests_2.28.2.bb index 2f397ddaad..b57f71673c 100644 --- a/poky/meta/recipes-devtools/python/python3-requests_2.28.2.bb +++ b/poky/meta/recipes-devtools/python/python3-requests_2.28.2.bb @@ -5,6 +5,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658" SRC_URI[sha256sum] = "98b1b2782e3c6c4904938b84c0eb932721069dfdb9134313beff7c83c2df24bf" +SRC_URI += " file://CVE-2023-32681.patch" + inherit pypi setuptools3 RDEPENDS:${PN} += " \ diff --git a/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch b/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch index 96e5e81342..222a567dd5 100644 --- a/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch +++ b/poky/meta/recipes-devtools/python/python3/0001-Don-t-search-system-for-headers-libraries.patch @@ -1,4 +1,4 @@ -From 7d296dc635ad3ac2792955ce37e140a4104b098f Mon Sep 17 00:00:00 2001 +From aa8f1709c54557d2b51a9a37d15ccc3de62e90cb Mon Sep 17 00:00:00 2001 From: Jeremy Puhlman <jpuhlman@mvista.com> Date: Wed, 4 Mar 2020 00:06:42 +0000 Subject: [PATCH] Don't search system for headers/libraries diff --git a/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch b/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch index df5179e877..07c6aef9b9 100644 --- a/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch +++ b/poky/meta/recipes-devtools/python/python3/0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch @@ -1,4 +1,4 @@ -From 86061629f4a179e740a17e53dd2c98ab47af2fe2 Mon Sep 17 00:00:00 2001 +From 7b0a14e7320078ac891d415cab9b7568e3f52ad8 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex@linutronix.de> Date: Thu, 16 Sep 2021 16:35:37 +0200 Subject: [PATCH] Lib/pty.py: handle stdin I/O errors same way as master I/O @@ -30,18 +30,18 @@ Signed-off-by: Alexander Kanavin <alex@linutronix.de> 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Lib/pty.py b/Lib/pty.py -index 8d8ce40..35439c6 100644 +index fefb63a..4cef056 100644 --- a/Lib/pty.py +++ b/Lib/pty.py -@@ -154,7 +154,10 @@ def _copy(master_fd, master_read=_read, stdin_read=_read): - os.write(STDOUT_FILENO, data) +@@ -184,7 +184,10 @@ def _copy(master_fd, master_read=_read, stdin_read=_read): + i_buf = i_buf[n:] - if STDIN_FILENO in rfds: + if stdin_avail and STDIN_FILENO in rfds: - data = stdin_read(STDIN_FILENO) + try: + data = stdin_read(STDIN_FILENO) + except OSError: + data = b"" if not data: - fds.remove(STDIN_FILENO) + stdin_avail = False else: diff --git a/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch b/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch index 86971f4048..a0f3d72992 100644 --- a/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch +++ b/poky/meta/recipes-devtools/python/python3/0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch @@ -1,4 +1,4 @@ -From cab8b8b1390165a93dfb27c48c1cc4c3e4280dfd Mon Sep 17 00:00:00 2001 +From 512c617bd00b74b30a80dd56a12391de46e2b6cf Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex@linutronix.de> Date: Fri, 10 Sep 2021 12:28:31 +0200 Subject: [PATCH] Lib/sysconfig.py: use prefix value from build configuration diff --git a/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch b/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch index e080b5c562..bbdd8b586e 100644 --- a/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch +++ b/poky/meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch @@ -1,4 +1,4 @@ -From 79e7ed59750612e57647847957ab85709307ea38 Mon Sep 17 00:00:00 2001 +From 843574d5a5b0818e83e20f8c0389d567bd4733fb Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Tue, 14 May 2013 15:00:26 -0700 Subject: [PATCH] python3: Add target and native recipes diff --git a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py index 0ca687d2eb..8e432b49af 100644 --- a/poky/meta/recipes-devtools/python/python3/get_module_deps3.py +++ b/poky/meta/recipes-devtools/python/python3/get_module_deps3.py @@ -32,7 +32,7 @@ def fix_path(dep_path): dep_path = dep_path[dep_path.find(pivot)+len(pivot):] if '/usr/bin' in dep_path: - dep_path = dep_path.replace('/usr/bin''${bindir}') + dep_path = dep_path.replace('/usr/bin','${bindir}') # Handle multilib, is there a better way? if '/usr/lib32' in dep_path: diff --git a/poky/meta/recipes-devtools/python/python3/makerace.patch b/poky/meta/recipes-devtools/python/python3/makerace.patch index 979fc9dc36..c71c1e15de 100644 --- a/poky/meta/recipes-devtools/python/python3/makerace.patch +++ b/poky/meta/recipes-devtools/python/python3/makerace.patch @@ -1,4 +1,4 @@ -From 4f52aaf2a548b3356c6f1369c62b11335dc27464 Mon Sep 17 00:00:00 2001 +From dde5cb74f55b6dd39d25cff639d16940d9dad505 Mon Sep 17 00:00:00 2001 From: Richard Purdie <richard.purdie@linuxfoundation.org> Date: Tue, 13 Jul 2021 23:19:29 +0100 Subject: [PATCH] python3: Fix make race @@ -18,11 +18,11 @@ Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.pre.in b/Makefile.pre.in -index 7558f0c..8cec819 100644 +index c6d7e85..205af6c 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -2005,7 +2005,7 @@ TESTSUBDIRS= ctypes/test \ - unittest/test unittest/test/testmock +@@ -2045,7 +2045,7 @@ TESTSUBDIRS= ctypes/test \ + unittest/test/testmock TEST_MODULES=@TEST_MODULES@ -libinstall: all $(srcdir)/Modules/xxmodule.c diff --git a/poky/meta/recipes-devtools/python/python3_3.11.2.bb b/poky/meta/recipes-devtools/python/python3_3.11.5.bb index 5bd8d32b14..b1ab307804 100644 --- a/poky/meta/recipes-devtools/python/python3_3.11.2.bb +++ b/poky/meta/recipes-devtools/python/python3_3.11.5.bb @@ -39,7 +39,7 @@ SRC_URI:append:class-native = " \ file://12-distutils-prefix-is-inside-staging-area.patch \ file://0001-Don-t-search-system-for-headers-libraries.patch \ " -SRC_URI[sha256sum] = "29e4b8f5f1658542a8c13e2dd277358c9c48f2b2f7318652ef1675e402b9d2af" +SRC_URI[sha256sum] = "85cd12e9cf1d6d5a45f17f7afe1cebe7ee628d3282281c492e86adf636defa3f" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" @@ -56,6 +56,8 @@ CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488" # The mailcap module is insecure by design, so this can't be fixed in a meaningful way. # The module will be removed in the future and flaws documented. CVE_CHECK_IGNORE += "CVE-2015-20107" +# Not an issue, in fact expected behaviour +CVE_CHECK_IGNORE += "CVE-2023-36632" PYTHON_MAJMIN = "3.11" |