diff options
Diffstat (limited to 'poky/meta/recipes-devtools/python')
15 files changed, 399 insertions, 2 deletions
diff --git a/poky/meta/recipes-devtools/python/python-pycryptodome.inc b/poky/meta/recipes-devtools/python/python-pycryptodome.inc new file mode 100644 index 0000000000..68b084eb04 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python-pycryptodome.inc @@ -0,0 +1,26 @@ +SUMMARY = "Cryptographic library for Python" +DESCRIPTION = "PyCryptodome is a self-contained Python package of low-level\ + cryptographic primitives." +HOMEPAGE = "http://www.pycryptodome.org" +LICENSE = "PD & BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=6dc0e2a13d2f25d6f123c434b761faba" + +inherit pypi + +RDEPENDS_${PN} += " \ + ${PYTHON_PN}-io \ + ${PYTHON_PN}-math \ +" + +RDEPENDS_${PN}-tests += " \ + ${PYTHON_PN}-unittest \ +" + +PACKAGES =+ "${PN}-tests" + +FILES_${PN}-tests = " \ + ${PYTHON_SITEPACKAGES_DIR}/Crypto/SelfTest/ \ + ${PYTHON_SITEPACKAGES_DIR}/Crypto/SelfTest/__pycache__/ \ +" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python-setuptools.inc b/poky/meta/recipes-devtools/python/python-setuptools.inc index 58267966ba..29be852f66 100644 --- a/poky/meta/recipes-devtools/python/python-setuptools.inc +++ b/poky/meta/recipes-devtools/python/python-setuptools.inc @@ -16,6 +16,7 @@ SRC_URI[sha256sum] = "89c6e6011ec2f6d57d43a3f9296c4ef022c2cbf49bab26b407fe67992a DEPENDS += "${PYTHON_PN}" RDEPENDS_${PN} = "\ + ${PYTHON_PN}-2to3 \ ${PYTHON_PN}-compile \ ${PYTHON_PN}-compression \ ${PYTHON_PN}-ctypes \ @@ -25,6 +26,7 @@ RDEPENDS_${PN} = "\ ${PYTHON_PN}-json \ ${PYTHON_PN}-netserver \ ${PYTHON_PN}-numbers \ + ${PYTHON_PN}-pickle \ ${PYTHON_PN}-pkgutil \ ${PYTHON_PN}-plistlib \ ${PYTHON_PN}-shell \ diff --git a/poky/meta/recipes-devtools/python/python3-jinja2/run-ptest b/poky/meta/recipes-devtools/python/python3-jinja2/run-ptest new file mode 100644 index 0000000000..5cec711696 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-jinja2/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +pytest diff --git a/poky/meta/recipes-devtools/python/python3-jinja2_2.11.2.bb b/poky/meta/recipes-devtools/python/python3-jinja2_2.11.2.bb new file mode 100644 index 0000000000..89538d2f27 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-jinja2_2.11.2.bb @@ -0,0 +1,45 @@ +DESCRIPTION = "Python Jinja2: A small but fast and easy to use stand-alone template engine written in pure python." + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462" + +SRC_URI[sha256sum] = "89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0" + +PYPI_PACKAGE = "Jinja2" + +CLEANBROKEN = "1" + +inherit pypi setuptools3 +# ptest disabled in OE-Core for now due to missing dependencies + + +SRC_URI += " \ + file://run-ptest \ +" + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/tests + cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ +} + +RDEPENDS_${PN}-ptest += " \ + ${PYTHON_PN}-pytest \ + ${PYTHON_PN}-unixadmin \ +" + +RDEPENDS_${PN} += " \ + ${PYTHON_PN}-asyncio \ + ${PYTHON_PN}-crypt \ + ${PYTHON_PN}-io \ + ${PYTHON_PN}-json \ + ${PYTHON_PN}-markupsafe \ + ${PYTHON_PN}-math \ + ${PYTHON_PN}-netclient \ + ${PYTHON_PN}-numbers\ + ${PYTHON_PN}-pickle \ + ${PYTHON_PN}-pprint \ + ${PYTHON_PN}-shell \ + ${PYTHON_PN}-threading \ +" + +BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/python/python3-libarchive-c_2.9.bb b/poky/meta/recipes-devtools/python/python3-libarchive-c_2.9.bb index 4983ae527a..3a2d8733e9 100644 --- a/poky/meta/recipes-devtools/python/python3-libarchive-c_2.9.bb +++ b/poky/meta/recipes-devtools/python/python3-libarchive-c_2.9.bb @@ -12,6 +12,10 @@ inherit pypi setuptools3 SRC_URI[md5sum] = "083bd2cb0043c1e22a52cb9a05e31532" SRC_URI[sha256sum] = "9919344cec203f5db6596a29b5bc26b07ba9662925a05e24980b84709232ef60" -RDEPENDS_${PN} += "libarchive" +RDEPENDS_${PN} += "\ + libarchive \ + ${PYTHON_PN}-ctypes \ + ${PYTHON_PN}-mmap \ +" BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-devtools/python/python3-markupsafe/run-ptest b/poky/meta/recipes-devtools/python/python3-markupsafe/run-ptest new file mode 100644 index 0000000000..5cec711696 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-markupsafe/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +pytest diff --git a/poky/meta/recipes-devtools/python/python3-markupsafe_1.1.1.bb b/poky/meta/recipes-devtools/python/python3-markupsafe_1.1.1.bb new file mode 100644 index 0000000000..403a98a43f --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-markupsafe_1.1.1.bb @@ -0,0 +1,28 @@ +DESCRIPTION = "Implements a XML/HTML/XHTML Markup safe string for Python" +HOMEPAGE = "http://github.com/mitsuhiko/markupsafe" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=ffeffa59c90c9c4a033c7574f8f3fb75" + +SRC_URI[md5sum] = "43fd756864fe42063068e092e220c57b" +SRC_URI[sha256sum] = "29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b" + +PYPI_PACKAGE = "MarkupSafe" +inherit pypi setuptools3 +# ptest disabled in OE-Core for now due to missing dependencies + +RDEPENDS_${PN} += "${PYTHON_PN}-stringold" + +BBCLASSEXTEND = "native nativesdk" + +SRC_URI += " \ + file://run-ptest \ +" + +RDEPENDS_${PN}-ptest += " \ + ${PYTHON_PN}-pytest \ +" + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/tests + cp -f ${S}/tests/* ${D}${PTEST_PATH}/tests/ +} diff --git a/poky/meta/recipes-devtools/python/python3-pycryptodome_3.9.7.bb b/poky/meta/recipes-devtools/python/python3-pycryptodome_3.9.7.bb new file mode 100644 index 0000000000..8f19984bed --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-pycryptodome_3.9.7.bb @@ -0,0 +1,5 @@ +require python-pycryptodome.inc +inherit setuptools3 + +SRC_URI[sha256sum] = "f1add21b6d179179b3c177c33d18a2186a09cc0d3af41ff5ed3f377360b869f2" + diff --git a/poky/meta/recipes-devtools/python/python3-pycryptodomex_3.9.7.bb b/poky/meta/recipes-devtools/python/python3-pycryptodomex_3.9.7.bb new file mode 100644 index 0000000000..abb03b9909 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-pycryptodomex_3.9.7.bb @@ -0,0 +1,9 @@ +require python-pycryptodome.inc +inherit setuptools3 + +SRC_URI[sha256sum] = "50163324834edd0c9ce3e4512ded3e221c969086e10fdd5d3fdcaadac5e24a78" + +FILES_${PN}-tests = " \ + ${PYTHON_SITEPACKAGES_DIR}/Cryptodome/SelfTest/ \ + ${PYTHON_SITEPACKAGES_DIR}/Cryptodome/SelfTest/__pycache__/ \ +" diff --git a/poky/meta/recipes-devtools/python/python3-pyelftools_0.26.bb b/poky/meta/recipes-devtools/python/python3-pyelftools_0.26.bb new file mode 100644 index 0000000000..575dfc4dc9 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-pyelftools_0.26.bb @@ -0,0 +1,14 @@ +DESCRIPTION = "pyelftools is a pure-Python library for parsing and analyzing ELF files and DWARF debugging information" +HOMEPAGE = "https://github.com/eliben/pyelftools" +SECTION = "devel/python" +LICENSE = "PD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=5ce2a2b07fca326bc7c146d10105ccfc" + +SRC_URI[md5sum] = "0ba0de4b47127249c4d632ae299cb0e8" +SRC_URI[sha256sum] = "86ac6cee19f6c945e8dedf78c6ee74f1112bd14da5a658d8c9d4103aed5756a2" + +PYPI_PACKAGE = "pyelftools" + +inherit pypi setuptools3 + +BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-devtools/python/python3/0001-setup.py-pass-missing-libraries-to-Extension-for-mul.patch b/poky/meta/recipes-devtools/python/python3/0001-setup.py-pass-missing-libraries-to-Extension-for-mul.patch index d38ed61dd7..ea0af02e72 100644 --- a/poky/meta/recipes-devtools/python/python3/0001-setup.py-pass-missing-libraries-to-Extension-for-mul.patch +++ b/poky/meta/recipes-devtools/python/python3/0001-setup.py-pass-missing-libraries-to-Extension-for-mul.patch @@ -46,7 +46,7 @@ ValueError: semaphore or lock released too many times And the semaphore issue also caused multiprocessing.Queue().put() hung. -Upstream-Status: Pensing +Upstream-Status: Pending Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> diff --git a/poky/meta/recipes-devtools/python/python3/CVE-2020-14422.patch b/poky/meta/recipes-devtools/python/python3/CVE-2020-14422.patch new file mode 100644 index 0000000000..6889e46da9 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3/CVE-2020-14422.patch @@ -0,0 +1,77 @@ +From dc8ce8ead182de46584cc1ed8a8c51d48240cbd5 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 29 Jun 2020 11:12:50 -0700 +Subject: [PATCH] bpo-41004: Resolve hash collisions for IPv4Interface and + IPv6Interface (GH-21033) + +The __hash__() methods of classes IPv4Interface and IPv6Interface had issue +of generating constant hash values of 32 and 128 respectively causing hash collisions. +The fix uses the hash() function to generate hash values for the objects +instead of XOR operation +(cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28) + +Co-authored-by: Ravi Teja P <rvteja92@gmail.com> + +Upstream-Status: Backport [https://github.com/python/cpython/commit/dc8ce8ead182de46584cc1ed8a8c51d48240cbd5] +CVE: CVE-2020-14422 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + Lib/ipaddress.py | 4 ++-- + Lib/test/test_ipaddress.py | 12 ++++++++++++ + .../2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst | 1 + + 3 files changed, 15 insertions(+), 2 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst + +diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py +index 873c7644081af..a3a04f7f4b309 100644 +--- a/Lib/ipaddress.py ++++ b/Lib/ipaddress.py +@@ -1370,7 +1370,7 @@ def __lt__(self, other): + return False + + def __hash__(self): +- return self._ip ^ self._prefixlen ^ int(self.network.network_address) ++ return hash((self._ip, self._prefixlen, int(self.network.network_address))) + + __reduce__ = _IPAddressBase.__reduce__ + +@@ -2017,7 +2017,7 @@ def __lt__(self, other): + return False + + def __hash__(self): +- return self._ip ^ self._prefixlen ^ int(self.network.network_address) ++ return hash((self._ip, self._prefixlen, int(self.network.network_address))) + + __reduce__ = _IPAddressBase.__reduce__ + +diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py +index de77111705b69..2eba740e5e7a4 100644 +--- a/Lib/test/test_ipaddress.py ++++ b/Lib/test/test_ipaddress.py +@@ -2053,6 +2053,18 @@ def testsixtofour(self): + sixtofouraddr.sixtofour) + self.assertFalse(bad_addr.sixtofour) + ++ # issue41004 Hash collisions in IPv4Interface and IPv6Interface ++ def testV4HashIsNotConstant(self): ++ ipv4_address1 = ipaddress.IPv4Interface("1.2.3.4") ++ ipv4_address2 = ipaddress.IPv4Interface("2.3.4.5") ++ self.assertNotEqual(ipv4_address1.__hash__(), ipv4_address2.__hash__()) ++ ++ # issue41004 Hash collisions in IPv4Interface and IPv6Interface ++ def testV6HashIsNotConstant(self): ++ ipv6_address1 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:1") ++ ipv6_address2 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:2") ++ self.assertNotEqual(ipv6_address1.__hash__(), ipv6_address2.__hash__()) ++ + + if __name__ == '__main__': + unittest.main() +diff --git a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst +new file mode 100644 +index 0000000000000..1380b31fbe9f4 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst +@@ -0,0 +1 @@ ++The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). diff --git a/poky/meta/recipes-devtools/python/python3/CVE-2020-26116.patch b/poky/meta/recipes-devtools/python/python3/CVE-2020-26116.patch new file mode 100644 index 0000000000..c019db2a76 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3/CVE-2020-26116.patch @@ -0,0 +1,104 @@ +From 668d321476d974c4f51476b33aaca870272523bf Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Sat, 18 Jul 2020 13:39:12 -0700 +Subject: [PATCH] bpo-39603: Prevent header injection in http methods + (GH-18485) + +reject control chars in http method in http.client.putrequest to prevent http header injection +(cherry picked from commit 8ca8a2e8fb068863c1138f07e3098478ef8be12e) + +Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com> + +Upstream-Status: Backport [https://github.com/python/cpython/commit/668d321476d974c4f51476b33aaca870272523bf] +CVE: CVE-2020-26116 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + Lib/http/client.py | 15 +++++++++++++ + Lib/test/test_httplib.py | 22 +++++++++++++++++++ + .../2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst | 2 ++ + 3 files changed, 39 insertions(+) + create mode 100644 Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst + +diff --git a/Lib/http/client.py b/Lib/http/client.py +index 019380a720318..c2ad0471bfee5 100644 +--- a/Lib/http/client.py ++++ b/Lib/http/client.py +@@ -147,6 +147,10 @@ + # _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$") + # We are more lenient for assumed real world compatibility purposes. + ++# These characters are not allowed within HTTP method names ++# to prevent http header injection. ++_contains_disallowed_method_pchar_re = re.compile('[\x00-\x1f]') ++ + # We always set the Content-Length header for these methods because some + # servers will otherwise respond with a 411 + _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'} +@@ -1087,6 +1091,8 @@ def putrequest(self, method, url, skip_host=False, + else: + raise CannotSendRequest(self.__state) + ++ self._validate_method(method) ++ + # Save the method for use later in the response phase + self._method = method + +@@ -1177,6 +1183,15 @@ def _encode_request(self, request): + # ASCII also helps prevent CVE-2019-9740. + return request.encode('ascii') + ++ def _validate_method(self, method): ++ """Validate a method name for putrequest.""" ++ # prevent http header injection ++ match = _contains_disallowed_method_pchar_re.search(method) ++ if match: ++ raise ValueError( ++ f"method can't contain control characters. {method!r} " ++ f"(found at least {match.group()!r})") ++ + def _validate_path(self, url): + """Validate a url for putrequest.""" + # Prevent CVE-2019-9740. +diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py +index 8f0e27a1fb836..5a5fcecbc9c15 100644 +--- a/Lib/test/test_httplib.py ++++ b/Lib/test/test_httplib.py +@@ -364,6 +364,28 @@ def test_headers_debuglevel(self): + self.assertEqual(lines[3], "header: Second: val2") + + ++class HttpMethodTests(TestCase): ++ def test_invalid_method_names(self): ++ methods = ( ++ 'GET\r', ++ 'POST\n', ++ 'PUT\n\r', ++ 'POST\nValue', ++ 'POST\nHOST:abc', ++ 'GET\nrHost:abc\n', ++ 'POST\rRemainder:\r', ++ 'GET\rHOST:\n', ++ '\nPUT' ++ ) ++ ++ for method in methods: ++ with self.assertRaisesRegex( ++ ValueError, "method can't contain control characters"): ++ conn = client.HTTPConnection('example.com') ++ conn.sock = FakeSocket(None) ++ conn.request(method=method, url="/") ++ ++ + class TransferEncodingTest(TestCase): + expected_body = b"It's just a flesh wound" + +diff --git a/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst b/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst +new file mode 100644 +index 0000000000000..990affc3edd9d +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst +@@ -0,0 +1,2 @@ ++Prevent http header injection by rejecting control characters in ++http.client.putrequest(...). diff --git a/poky/meta/recipes-devtools/python/python3/CVE-2020-27619.patch b/poky/meta/recipes-devtools/python/python3/CVE-2020-27619.patch new file mode 100644 index 0000000000..bafa1cb999 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3/CVE-2020-27619.patch @@ -0,0 +1,70 @@ +From 6c6c256df3636ff6f6136820afaefa5a10a3ac33 Mon Sep 17 00:00:00 2001 +From: "Miss Skeleton (bot)" <31488909+miss-islington@users.noreply.github.com> +Date: Tue, 6 Oct 2020 05:38:54 -0700 +Subject: [PATCH] bpo-41944: No longer call eval() on content received via HTTP + in the CJK codec tests (GH-22566) (GH-22577) + +(cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8) + +Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> + +Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> + +Upstream-Status: Backport [https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33] +CVE: CVE-2020-27619 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + Lib/test/multibytecodec_support.py | 22 +++++++------------ + .../2020-10-05-17-43-46.bpo-41944.rf1dYb.rst | 1 + + 2 files changed, 9 insertions(+), 14 deletions(-) + create mode 100644 Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst + +diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py +index cca8af67d6d1d..f76c0153f5ecf 100644 +--- a/Lib/test/multibytecodec_support.py ++++ b/Lib/test/multibytecodec_support.py +@@ -305,29 +305,23 @@ def test_mapping_file(self): + self._test_mapping_file_plain() + + def _test_mapping_file_plain(self): +- unichrs = lambda s: ''.join(map(chr, map(eval, s.split('+')))) ++ def unichrs(s): ++ return ''.join(chr(int(x, 16)) for x in s.split('+')) ++ + urt_wa = {} + + with self.open_mapping_file() as f: + for line in f: + if not line: + break +- data = line.split('#')[0].strip().split() ++ data = line.split('#')[0].split() + if len(data) != 2: + continue + +- csetval = eval(data[0]) +- if csetval <= 0x7F: +- csetch = bytes([csetval & 0xff]) +- elif csetval >= 0x1000000: +- csetch = bytes([(csetval >> 24), ((csetval >> 16) & 0xff), +- ((csetval >> 8) & 0xff), (csetval & 0xff)]) +- elif csetval >= 0x10000: +- csetch = bytes([(csetval >> 16), ((csetval >> 8) & 0xff), +- (csetval & 0xff)]) +- elif csetval >= 0x100: +- csetch = bytes([(csetval >> 8), (csetval & 0xff)]) +- else: ++ if data[0][:2] != '0x': ++ self.fail(f"Invalid line: {line!r}") ++ csetch = bytes.fromhex(data[0][2:]) ++ if len(csetch) == 1 and 0x80 <= csetch[0]: + continue + + unich = unichrs(data[1]) +diff --git a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst +new file mode 100644 +index 0000000000000..4f9782f1c85af +--- /dev/null ++++ b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst +@@ -0,0 +1 @@ ++Tests for CJK codecs no longer call ``eval()`` on content received via HTTP. diff --git a/poky/meta/recipes-devtools/python/python3_3.8.2.bb b/poky/meta/recipes-devtools/python/python3_3.8.2.bb index a4a16fd495..1d0b4cdb77 100644 --- a/poky/meta/recipes-devtools/python/python3_3.8.2.bb +++ b/poky/meta/recipes-devtools/python/python3_3.8.2.bb @@ -33,6 +33,9 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \ file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ file://0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch \ + file://CVE-2020-14422.patch \ + file://CVE-2020-26116.patch \ + file://CVE-2020-27619.patch \ " SRC_URI_append_class-native = " \ @@ -52,6 +55,9 @@ CVE_PRODUCT = "python" # This is not exploitable when glibc has CVE-2016-10739 fixed. CVE_CHECK_WHITELIST += "CVE-2019-18348" +# This is windows only issue. +CVE_CHECK_WHITELIST += "CVE-2020-15523" + PYTHON_MAJMIN = "3.8" S = "${WORKDIR}/Python-${PV}" @@ -343,6 +349,7 @@ FILES_${PN}-man = "${datadir}/man" # See https://bugs.python.org/issue18748 and https://bugs.python.org/issue37395 RDEPENDS_libpython3_append_libc-glibc = " libgcc" +RDEPENDS_${PN}-ctypes_append_libc-glibc = " ${MLPREFIX}ldconfig" RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests unzip bzip2 libgcc tzdata-europe coreutils sed" RDEPENDS_${PN}-ptest_append_libc-glibc = " locale-base-tr-tr.iso-8859-9" RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk tk-lib', '', d)}" |