diff options
Diffstat (limited to 'meta/recipes-devtools/python')
20 files changed, 284 insertions, 588 deletions
diff --git a/meta/recipes-devtools/python/python-setuptools.inc b/meta/recipes-devtools/python/python-setuptools.inc index 29be852f66..5faf62bc3a 100644 --- a/meta/recipes-devtools/python/python-setuptools.inc +++ b/meta/recipes-devtools/python/python-setuptools.inc | |||
@@ -8,6 +8,8 @@ PYPI_PACKAGE_EXT = "zip" | |||
8 | 8 | ||
9 | inherit pypi | 9 | inherit pypi |
10 | 10 | ||
11 | SRC_URI += " file://CVE-2022-40897.patch " | ||
12 | |||
11 | SRC_URI_append_class-native = " file://0001-conditionally-do-not-fetch-code-by-easy_install.patch" | 13 | SRC_URI_append_class-native = " file://0001-conditionally-do-not-fetch-code-by-easy_install.patch" |
12 | 14 | ||
13 | SRC_URI[md5sum] = "0c956eea142af9c2b02d72e3c042af30" | 15 | SRC_URI[md5sum] = "0c956eea142af9c2b02d72e3c042af30" |
diff --git a/meta/recipes-devtools/python/python3-jinja2_2.11.2.bb b/meta/recipes-devtools/python/python3-jinja2_2.11.3.bb index 89538d2f27..9f054c6024 100644 --- a/meta/recipes-devtools/python/python3-jinja2_2.11.2.bb +++ b/meta/recipes-devtools/python/python3-jinja2_2.11.3.bb | |||
@@ -1,12 +1,15 @@ | |||
1 | DESCRIPTION = "Python Jinja2: A small but fast and easy to use stand-alone template engine written in pure python." | 1 | DESCRIPTION = "Python Jinja2: A small but fast and easy to use stand-alone template engine written in pure python." |
2 | HOMEPAGE = "https://pypi.org/project/Jinja2/" | ||
2 | 3 | ||
3 | LICENSE = "BSD-3-Clause" | 4 | LICENSE = "BSD-3-Clause" |
4 | LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462" | 5 | LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462" |
5 | 6 | ||
6 | SRC_URI[sha256sum] = "89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0" | 7 | SRC_URI[sha256sum] = "a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6" |
7 | 8 | ||
8 | PYPI_PACKAGE = "Jinja2" | 9 | PYPI_PACKAGE = "Jinja2" |
9 | 10 | ||
11 | CVE_PRODUCT = "jinja2 jinja" | ||
12 | |||
10 | CLEANBROKEN = "1" | 13 | CLEANBROKEN = "1" |
11 | 14 | ||
12 | inherit pypi setuptools3 | 15 | inherit pypi setuptools3 |
diff --git a/meta/recipes-devtools/python/python3-magic_0.4.15.bb b/meta/recipes-devtools/python/python3-magic_0.4.15.bb index 698016ba4c..b73310c808 100644 --- a/meta/recipes-devtools/python/python3-magic_0.4.15.bb +++ b/meta/recipes-devtools/python/python3-magic_0.4.15.bb | |||
@@ -14,6 +14,11 @@ inherit pypi setuptools3 | |||
14 | SRC_URI[md5sum] = "e384c95a47218f66c6501cd6dd45ff59" | 14 | SRC_URI[md5sum] = "e384c95a47218f66c6501cd6dd45ff59" |
15 | SRC_URI[sha256sum] = "f3765c0f582d2dfc72c15f3b5a82aecfae9498bd29ca840d72f37d7bd38bfcd5" | 15 | SRC_URI[sha256sum] = "f3765c0f582d2dfc72c15f3b5a82aecfae9498bd29ca840d72f37d7bd38bfcd5" |
16 | 16 | ||
17 | RDEPENDS_${PN} += "file" | 17 | DEPENDS_append_class-native = " file-replacement-native" |
18 | |||
19 | RDEPENDS_${PN} += "file \ | ||
20 | ${PYTHON_PN}-ctypes \ | ||
21 | ${PYTHON_PN}-io \ | ||
22 | ${PYTHON_PN}-shell" | ||
18 | 23 | ||
19 | BBCLASSEXTEND = "native" | 24 | BBCLASSEXTEND = "native" |
diff --git a/meta/recipes-devtools/python/python3-pip/CVE-2021-3572.patch b/meta/recipes-devtools/python/python3-pip/CVE-2021-3572.patch new file mode 100644 index 0000000000..a38ab57bc6 --- /dev/null +++ b/meta/recipes-devtools/python/python3-pip/CVE-2021-3572.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From c4fd13410b9a219f77fc30775d4a0ac9f69725bd Mon Sep 17 00:00:00 2001 | ||
2 | From: Hitendra Prajapati <hprajapati@mvista.com> | ||
3 | Date: Thu, 16 Jun 2022 09:52:43 +0530 | ||
4 | Subject: [PATCH] CVE-2021-3572 | ||
5 | |||
6 | Upstream-Status: Backport [https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b] | ||
7 | CVE: CVE-2021-3572 | ||
8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
9 | --- | ||
10 | news/9827.bugfix.rst | 3 +++ | ||
11 | src/pip/_internal/vcs/git.py | 10 ++++++++-- | ||
12 | 2 files changed, 11 insertions(+), 2 deletions(-) | ||
13 | create mode 100644 news/9827.bugfix.rst | ||
14 | |||
15 | diff --git a/news/9827.bugfix.rst b/news/9827.bugfix.rst | ||
16 | new file mode 100644 | ||
17 | index 0000000..e0d27c3 | ||
18 | --- /dev/null | ||
19 | +++ b/news/9827.bugfix.rst | ||
20 | @@ -0,0 +1,3 @@ | ||
21 | +**SECURITY**: Stop splitting on unicode separators in git references, | ||
22 | +which could be maliciously used to install a different revision on the | ||
23 | +repository. | ||
24 | diff --git a/src/pip/_internal/vcs/git.py b/src/pip/_internal/vcs/git.py | ||
25 | index 7483303..1b895f6 100644 | ||
26 | --- a/src/pip/_internal/vcs/git.py | ||
27 | +++ b/src/pip/_internal/vcs/git.py | ||
28 | @@ -137,9 +137,15 @@ class Git(VersionControl): | ||
29 | output = cls.run_command(['show-ref', rev], cwd=dest, | ||
30 | show_stdout=False, on_returncode='ignore') | ||
31 | refs = {} | ||
32 | - for line in output.strip().splitlines(): | ||
33 | + # NOTE: We do not use splitlines here since that would split on other | ||
34 | + # unicode separators, which can be maliciously used to install a | ||
35 | + # different revision. | ||
36 | + for line in output.strip().split("\n"): | ||
37 | + line = line.rstrip("\r") | ||
38 | + if not line: | ||
39 | + continue | ||
40 | try: | ||
41 | - sha, ref = line.split() | ||
42 | + ref_sha, ref_name = line.split(" ", maxsplit=2) | ||
43 | except ValueError: | ||
44 | # Include the offending line to simplify troubleshooting if | ||
45 | # this error ever occurs. | ||
46 | -- | ||
47 | 2.25.1 | ||
48 | |||
diff --git a/meta/recipes-devtools/python/python3-pip_20.0.2.bb b/meta/recipes-devtools/python/python3-pip_20.0.2.bb index 08738fb2f9..e24c6f4477 100644 --- a/meta/recipes-devtools/python/python3-pip_20.0.2.bb +++ b/meta/recipes-devtools/python/python3-pip_20.0.2.bb | |||
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8ba06d529c955048e5ddd7c45459eb2e" | |||
6 | 6 | ||
7 | DEPENDS += "python3 python3-setuptools-native" | 7 | DEPENDS += "python3 python3-setuptools-native" |
8 | 8 | ||
9 | SRC_URI = "file://CVE-2021-3572.patch " | ||
9 | SRC_URI[md5sum] = "7d42ba49b809604f0df3d55df1c3fd86" | 10 | SRC_URI[md5sum] = "7d42ba49b809604f0df3d55df1c3fd86" |
10 | SRC_URI[sha256sum] = "7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f" | 11 | SRC_URI[sha256sum] = "7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f" |
11 | 12 | ||
diff --git a/meta/recipes-devtools/python/python3-pygobject_3.34.0.bb b/meta/recipes-devtools/python/python3-pygobject_3.34.0.bb index 6babf0cae8..29825492b9 100644 --- a/meta/recipes-devtools/python/python3-pygobject_3.34.0.bb +++ b/meta/recipes-devtools/python/python3-pygobject_3.34.0.bb | |||
@@ -1,4 +1,6 @@ | |||
1 | SUMMARY = "Python GObject bindings" | 1 | SUMMARY = "Python GObject bindings" |
2 | HOMEPAGE = "https://gitlab.gnome.org/GNOME/pygobject" | ||
3 | DESCRIPTION = "PyGObject is a Python package which provides bindings for GObject based libraries such as GTK, GStreamer, WebKitGTK, GLib, GIO and many more." | ||
2 | SECTION = "devel/python" | 4 | SECTION = "devel/python" |
3 | LICENSE = "LGPLv2.1" | 5 | LICENSE = "LGPLv2.1" |
4 | LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7" | 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7" |
diff --git a/meta/recipes-devtools/python/python3-scons_3.1.2.bb b/meta/recipes-devtools/python/python3-scons_3.1.2.bb index ce117a92d4..12122131a5 100644 --- a/meta/recipes-devtools/python/python3-scons_3.1.2.bb +++ b/meta/recipes-devtools/python/python3-scons_3.1.2.bb | |||
@@ -1,4 +1,5 @@ | |||
1 | SUMMARY = "Software Construction tool (make/autotools replacement)" | 1 | SUMMARY = "Software Construction tool (make/autotools replacement)" |
2 | HOMEPAGE = "https://github.com/SCons/scons" | ||
2 | SECTION = "devel/python" | 3 | SECTION = "devel/python" |
3 | LICENSE = "MIT" | 4 | LICENSE = "MIT" |
4 | LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE-python3-scons-${PV};md5=e14e1b33428df24a40a782ae142785d0" | 5 | LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE-python3-scons-${PV};md5=e14e1b33428df24a40a782ae142785d0" |
diff --git a/meta/recipes-devtools/python/python3-setuptools/CVE-2022-40897.patch b/meta/recipes-devtools/python/python3-setuptools/CVE-2022-40897.patch new file mode 100644 index 0000000000..9150cea07e --- /dev/null +++ b/meta/recipes-devtools/python/python3-setuptools/CVE-2022-40897.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From 43a9c9bfa6aa626ec2a22540bea28d2ca77964be Mon Sep 17 00:00:00 2001 | ||
2 | From: "Jason R. Coombs" <jaraco@jaraco.com> | ||
3 | Date: Fri, 4 Nov 2022 13:47:53 -0400 | ||
4 | Subject: [PATCH] Limit the amount of whitespace to search/backtrack. Fixes | ||
5 | #3659. | ||
6 | |||
7 | CVE: CVE-2022-40897 | ||
8 | Upstream-Status: Backport [ | ||
9 | Upstream : https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be | ||
10 | Import from Ubuntu: http://archive.ubuntu.com/ubuntu/pool/main/s/setuptools/setuptools_45.2.0-1ubuntu0.1.debian.tar.xz | ||
11 | ] | ||
12 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
13 | |||
14 | --- | ||
15 | setuptools/package_index.py | 2 +- | ||
16 | setuptools/tests/test_packageindex.py | 1 - | ||
17 | 2 files changed, 1 insertion(+), 2 deletions(-) | ||
18 | |||
19 | --- setuptools-45.2.0.orig/setuptools/package_index.py | ||
20 | +++ setuptools-45.2.0/setuptools/package_index.py | ||
21 | @@ -215,7 +215,7 @@ def unique_values(func): | ||
22 | return wrapper | ||
23 | |||
24 | |||
25 | -REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I) | ||
26 | +REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""", re.I) | ||
27 | # this line is here to fix emacs' cruddy broken syntax highlighting | ||
28 | |||
29 | |||
diff --git a/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch b/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch index c4fae09a5b..4ac0e140cc 100644 --- a/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch +++ b/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch | |||
@@ -14,17 +14,21 @@ Upstream-Status: Submitted [https://github.com/python/cpython/pull/13196] | |||
14 | Signed-off-by: Matthias Schoepfer <matthias.schoepfer@ithinx.io> | 14 | Signed-off-by: Matthias Schoepfer <matthias.schoepfer@ithinx.io> |
15 | 15 | ||
16 | %% original patch: 0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch | 16 | %% original patch: 0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch |
17 | |||
18 | Updated to apply after dea270a2a80214de22afadaaca2043d0d782eb7d | ||
19 | |||
20 | Signed-off-by: Tim Orling <tim.orling@konsulko.com> | ||
17 | --- | 21 | --- |
18 | configure.ac | 175 +++++++-------------------------------------------- | 22 | configure.ac | 175 +++++++-------------------------------------------- |
19 | 1 file changed, 21 insertions(+), 154 deletions(-) | 23 | 1 file changed, 21 insertions(+), 154 deletions(-) |
20 | 24 | ||
21 | diff --git a/configure.ac b/configure.ac | 25 | diff --git a/configure.ac b/configure.ac |
22 | index ede710e..bc81b0b 100644 | 26 | index de83332dd3..16b02d0798 100644 |
23 | --- a/configure.ac | 27 | --- a/configure.ac |
24 | +++ b/configure.ac | 28 | +++ b/configure.ac |
25 | @@ -710,160 +710,27 @@ fi | 29 | @@ -719,160 +719,27 @@ then |
26 | MULTIARCH=$($CC --print-multiarch 2>/dev/null) | 30 | fi |
27 | AC_SUBST(MULTIARCH) | 31 | |
28 | 32 | ||
29 | -AC_MSG_CHECKING([for the platform triplet based on compiler characteristics]) | 33 | -AC_MSG_CHECKING([for the platform triplet based on compiler characteristics]) |
30 | -cat >> conftest.c <<EOF | 34 | -cat >> conftest.c <<EOF |
@@ -185,25 +189,25 @@ index ede710e..bc81b0b 100644 | |||
185 | +## Need to handle macos, vxworks and hurd special (?) :-/ | 189 | +## Need to handle macos, vxworks and hurd special (?) :-/ |
186 | +case ${target_os} in | 190 | +case ${target_os} in |
187 | + darwin*) | 191 | + darwin*) |
188 | + PLATFORM_TRIPLET=darwin | 192 | + PLATFORM_TRIPLET=darwin |
189 | + ;; | 193 | + ;; |
190 | + hurd*) | 194 | + hurd*) |
191 | + PLATFORM_TRIPLET=i386-gnu | 195 | + PLATFORM_TRIPLET=i386-gnu |
192 | + ;; | 196 | + ;; |
193 | + vxworks*) | 197 | + vxworks*) |
194 | + PLATFORM_TRIPLET=vxworks | 198 | + PLATFORM_TRIPLET=vxworks |
195 | + ;; | 199 | + ;; |
196 | + *) | 200 | + *) |
197 | + if test "${target_cpu}" != "i686"; then | 201 | + if test "${target_cpu}" != "i686"; then |
198 | + PLATFORM_TRIPLET=${target_cpu}-${target_os} | 202 | + PLATFORM_TRIPLET=${target_cpu}-${target_os} |
199 | + else | 203 | + else |
200 | + PLATFORM_TRIPLET=i386-${target_os} | 204 | + PLATFORM_TRIPLET=i386-${target_os} |
201 | + fi | 205 | + fi |
202 | + ;; | 206 | + ;; |
203 | +esac | 207 | +esac |
204 | 208 | ||
205 | if test x$PLATFORM_TRIPLET != x && test x$MULTIARCH != x; then | 209 | if test x$PLATFORM_TRIPLET != xdarwin; then |
206 | if test x$PLATFORM_TRIPLET != x$MULTIARCH; then | 210 | MULTIARCH=$($CC --print-multiarch 2>/dev/null) |
207 | -- | 211 | -- |
208 | 2.24.1 | 212 | 2.32.0 |
209 | 213 | ||
diff --git a/meta/recipes-devtools/python/python3/0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch b/meta/recipes-devtools/python/python3/0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch deleted file mode 100644 index e16b99bcb9..0000000000 --- a/meta/recipes-devtools/python/python3/0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch +++ /dev/null | |||
@@ -1,248 +0,0 @@ | |||
1 | From 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Victor Stinner <vstinner@python.org> | ||
3 | Date: Thu, 2 Apr 2020 02:52:20 +0200 | ||
4 | Subject: [PATCH] bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler | ||
5 | (GH-18284) | ||
6 | |||
7 | Upstream-Status: Backport | ||
8 | (https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4) | ||
9 | |||
10 | CVE: CVE-2020-8492 | ||
11 | |||
12 | The AbstractBasicAuthHandler class of the urllib.request module uses | ||
13 | an inefficient regular expression which can be exploited by an | ||
14 | attacker to cause a denial of service. Fix the regex to prevent the | ||
15 | catastrophic backtracking. Vulnerability reported by Ben Caller | ||
16 | and Matt Schwager. | ||
17 | |||
18 | AbstractBasicAuthHandler of urllib.request now parses all | ||
19 | WWW-Authenticate HTTP headers and accepts multiple challenges per | ||
20 | header: use the realm of the first Basic challenge. | ||
21 | |||
22 | Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com> | ||
23 | Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> | ||
24 | --- | ||
25 | Lib/test/test_urllib2.py | 90 ++++++++++++------- | ||
26 | Lib/urllib/request.py | 69 ++++++++++---- | ||
27 | .../2020-03-25-16-02-16.bpo-39503.YmMbYn.rst | 3 + | ||
28 | .../2020-01-30-16-15-29.bpo-39503.B299Yq.rst | 5 ++ | ||
29 | 4 files changed, 115 insertions(+), 52 deletions(-) | ||
30 | create mode 100644 Misc/NEWS.d/next/Library/2020-03-25-16-02-16.bpo-39503.YmMbYn.rst | ||
31 | create mode 100644 Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst | ||
32 | |||
33 | diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py | ||
34 | index 8abedaac98..e69ac3e213 100644 | ||
35 | --- a/Lib/test/test_urllib2.py | ||
36 | +++ b/Lib/test/test_urllib2.py | ||
37 | @@ -1446,40 +1446,64 @@ class HandlerTests(unittest.TestCase): | ||
38 | bypass = {'exclude_simple': True, 'exceptions': []} | ||
39 | self.assertTrue(_proxy_bypass_macosx_sysconf('test', bypass)) | ||
40 | |||
41 | - def test_basic_auth(self, quote_char='"'): | ||
42 | - opener = OpenerDirector() | ||
43 | - password_manager = MockPasswordManager() | ||
44 | - auth_handler = urllib.request.HTTPBasicAuthHandler(password_manager) | ||
45 | - realm = "ACME Widget Store" | ||
46 | - http_handler = MockHTTPHandler( | ||
47 | - 401, 'WWW-Authenticate: Basic realm=%s%s%s\r\n\r\n' % | ||
48 | - (quote_char, realm, quote_char)) | ||
49 | - opener.add_handler(auth_handler) | ||
50 | - opener.add_handler(http_handler) | ||
51 | - self._test_basic_auth(opener, auth_handler, "Authorization", | ||
52 | - realm, http_handler, password_manager, | ||
53 | - "http://acme.example.com/protected", | ||
54 | - "http://acme.example.com/protected", | ||
55 | - ) | ||
56 | - | ||
57 | - def test_basic_auth_with_single_quoted_realm(self): | ||
58 | - self.test_basic_auth(quote_char="'") | ||
59 | - | ||
60 | - def test_basic_auth_with_unquoted_realm(self): | ||
61 | - opener = OpenerDirector() | ||
62 | - password_manager = MockPasswordManager() | ||
63 | - auth_handler = urllib.request.HTTPBasicAuthHandler(password_manager) | ||
64 | - realm = "ACME Widget Store" | ||
65 | - http_handler = MockHTTPHandler( | ||
66 | - 401, 'WWW-Authenticate: Basic realm=%s\r\n\r\n' % realm) | ||
67 | - opener.add_handler(auth_handler) | ||
68 | - opener.add_handler(http_handler) | ||
69 | - with self.assertWarns(UserWarning): | ||
70 | + def check_basic_auth(self, headers, realm): | ||
71 | + with self.subTest(realm=realm, headers=headers): | ||
72 | + opener = OpenerDirector() | ||
73 | + password_manager = MockPasswordManager() | ||
74 | + auth_handler = urllib.request.HTTPBasicAuthHandler(password_manager) | ||
75 | + body = '\r\n'.join(headers) + '\r\n\r\n' | ||
76 | + http_handler = MockHTTPHandler(401, body) | ||
77 | + opener.add_handler(auth_handler) | ||
78 | + opener.add_handler(http_handler) | ||
79 | self._test_basic_auth(opener, auth_handler, "Authorization", | ||
80 | - realm, http_handler, password_manager, | ||
81 | - "http://acme.example.com/protected", | ||
82 | - "http://acme.example.com/protected", | ||
83 | - ) | ||
84 | + realm, http_handler, password_manager, | ||
85 | + "http://acme.example.com/protected", | ||
86 | + "http://acme.example.com/protected") | ||
87 | + | ||
88 | + def test_basic_auth(self): | ||
89 | + realm = "realm2@example.com" | ||
90 | + realm2 = "realm2@example.com" | ||
91 | + basic = f'Basic realm="{realm}"' | ||
92 | + basic2 = f'Basic realm="{realm2}"' | ||
93 | + other_no_realm = 'Otherscheme xxx' | ||
94 | + digest = (f'Digest realm="{realm2}", ' | ||
95 | + f'qop="auth, auth-int", ' | ||
96 | + f'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", ' | ||
97 | + f'opaque="5ccc069c403ebaf9f0171e9517f40e41"') | ||
98 | + for realm_str in ( | ||
99 | + # test "quote" and 'quote' | ||
100 | + f'Basic realm="{realm}"', | ||
101 | + f"Basic realm='{realm}'", | ||
102 | + | ||
103 | + # charset is ignored | ||
104 | + f'Basic realm="{realm}", charset="UTF-8"', | ||
105 | + | ||
106 | + # Multiple challenges per header | ||
107 | + f'{basic}, {basic2}', | ||
108 | + f'{basic}, {other_no_realm}', | ||
109 | + f'{other_no_realm}, {basic}', | ||
110 | + f'{basic}, {digest}', | ||
111 | + f'{digest}, {basic}', | ||
112 | + ): | ||
113 | + headers = [f'WWW-Authenticate: {realm_str}'] | ||
114 | + self.check_basic_auth(headers, realm) | ||
115 | + | ||
116 | + # no quote: expect a warning | ||
117 | + with support.check_warnings(("Basic Auth Realm was unquoted", | ||
118 | + UserWarning)): | ||
119 | + headers = [f'WWW-Authenticate: Basic realm={realm}'] | ||
120 | + self.check_basic_auth(headers, realm) | ||
121 | + | ||
122 | + # Multiple headers: one challenge per header. | ||
123 | + # Use the first Basic realm. | ||
124 | + for challenges in ( | ||
125 | + [basic, basic2], | ||
126 | + [basic, digest], | ||
127 | + [digest, basic], | ||
128 | + ): | ||
129 | + headers = [f'WWW-Authenticate: {challenge}' | ||
130 | + for challenge in challenges] | ||
131 | + self.check_basic_auth(headers, realm) | ||
132 | |||
133 | def test_proxy_basic_auth(self): | ||
134 | opener = OpenerDirector() | ||
135 | diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py | ||
136 | index 7fe50535da..2a3d71554f 100644 | ||
137 | --- a/Lib/urllib/request.py | ||
138 | +++ b/Lib/urllib/request.py | ||
139 | @@ -937,8 +937,15 @@ class AbstractBasicAuthHandler: | ||
140 | |||
141 | # allow for double- and single-quoted realm values | ||
142 | # (single quotes are a violation of the RFC, but appear in the wild) | ||
143 | - rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+' | ||
144 | - 'realm=(["\']?)([^"\']*)\\2', re.I) | ||
145 | + rx = re.compile('(?:^|,)' # start of the string or ',' | ||
146 | + '[ \t]*' # optional whitespaces | ||
147 | + '([^ \t]+)' # scheme like "Basic" | ||
148 | + '[ \t]+' # mandatory whitespaces | ||
149 | + # realm=xxx | ||
150 | + # realm='xxx' | ||
151 | + # realm="xxx" | ||
152 | + 'realm=(["\']?)([^"\']*)\\2', | ||
153 | + re.I) | ||
154 | |||
155 | # XXX could pre-emptively send auth info already accepted (RFC 2617, | ||
156 | # end of section 2, and section 1.2 immediately after "credentials" | ||
157 | @@ -950,27 +957,51 @@ class AbstractBasicAuthHandler: | ||
158 | self.passwd = password_mgr | ||
159 | self.add_password = self.passwd.add_password | ||
160 | |||
161 | + def _parse_realm(self, header): | ||
162 | + # parse WWW-Authenticate header: accept multiple challenges per header | ||
163 | + found_challenge = False | ||
164 | + for mo in AbstractBasicAuthHandler.rx.finditer(header): | ||
165 | + scheme, quote, realm = mo.groups() | ||
166 | + if quote not in ['"', "'"]: | ||
167 | + warnings.warn("Basic Auth Realm was unquoted", | ||
168 | + UserWarning, 3) | ||
169 | + | ||
170 | + yield (scheme, realm) | ||
171 | + | ||
172 | + found_challenge = True | ||
173 | + | ||
174 | + if not found_challenge: | ||
175 | + if header: | ||
176 | + scheme = header.split()[0] | ||
177 | + else: | ||
178 | + scheme = '' | ||
179 | + yield (scheme, None) | ||
180 | + | ||
181 | def http_error_auth_reqed(self, authreq, host, req, headers): | ||
182 | # host may be an authority (without userinfo) or a URL with an | ||
183 | # authority | ||
184 | - # XXX could be multiple headers | ||
185 | - authreq = headers.get(authreq, None) | ||
186 | + headers = headers.get_all(authreq) | ||
187 | + if not headers: | ||
188 | + # no header found | ||
189 | + return | ||
190 | |||
191 | - if authreq: | ||
192 | - scheme = authreq.split()[0] | ||
193 | - if scheme.lower() != 'basic': | ||
194 | - raise ValueError("AbstractBasicAuthHandler does not" | ||
195 | - " support the following scheme: '%s'" % | ||
196 | - scheme) | ||
197 | - else: | ||
198 | - mo = AbstractBasicAuthHandler.rx.search(authreq) | ||
199 | - if mo: | ||
200 | - scheme, quote, realm = mo.groups() | ||
201 | - if quote not in ['"',"'"]: | ||
202 | - warnings.warn("Basic Auth Realm was unquoted", | ||
203 | - UserWarning, 2) | ||
204 | - if scheme.lower() == 'basic': | ||
205 | - return self.retry_http_basic_auth(host, req, realm) | ||
206 | + unsupported = None | ||
207 | + for header in headers: | ||
208 | + for scheme, realm in self._parse_realm(header): | ||
209 | + if scheme.lower() != 'basic': | ||
210 | + unsupported = scheme | ||
211 | + continue | ||
212 | + | ||
213 | + if realm is not None: | ||
214 | + # Use the first matching Basic challenge. | ||
215 | + # Ignore following challenges even if they use the Basic | ||
216 | + # scheme. | ||
217 | + return self.retry_http_basic_auth(host, req, realm) | ||
218 | + | ||
219 | + if unsupported is not None: | ||
220 | + raise ValueError("AbstractBasicAuthHandler does not " | ||
221 | + "support the following scheme: %r" | ||
222 | + % (scheme,)) | ||
223 | |||
224 | def retry_http_basic_auth(self, host, req, realm): | ||
225 | user, pw = self.passwd.find_user_password(realm, host) | ||
226 | diff --git a/Misc/NEWS.d/next/Library/2020-03-25-16-02-16.bpo-39503.YmMbYn.rst b/Misc/NEWS.d/next/Library/2020-03-25-16-02-16.bpo-39503.YmMbYn.rst | ||
227 | new file mode 100644 | ||
228 | index 0000000000..be80ce79d9 | ||
229 | --- /dev/null | ||
230 | +++ b/Misc/NEWS.d/next/Library/2020-03-25-16-02-16.bpo-39503.YmMbYn.rst | ||
231 | @@ -0,0 +1,3 @@ | ||
232 | +:class:`~urllib.request.AbstractBasicAuthHandler` of :mod:`urllib.request` | ||
233 | +now parses all WWW-Authenticate HTTP headers and accepts multiple challenges | ||
234 | +per header: use the realm of the first Basic challenge. | ||
235 | diff --git a/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst b/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst | ||
236 | new file mode 100644 | ||
237 | index 0000000000..9f2800581c | ||
238 | --- /dev/null | ||
239 | +++ b/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst | ||
240 | @@ -0,0 +1,5 @@ | ||
241 | +CVE-2020-8492: The :class:`~urllib.request.AbstractBasicAuthHandler` class of the | ||
242 | +:mod:`urllib.request` module uses an inefficient regular expression which can | ||
243 | +be exploited by an attacker to cause a denial of service. Fix the regex to | ||
244 | +prevent the catastrophic backtracking. Vulnerability reported by Ben Caller | ||
245 | +and Matt Schwager. | ||
246 | -- | ||
247 | 2.24.1 | ||
248 | |||
diff --git a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch new file mode 100644 index 0000000000..a44d3396a6 --- /dev/null +++ b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From 7a2bddfa437be633bb6945d0e6b7d6f27da870ad Mon Sep 17 00:00:00 2001 | ||
2 | From: Tim Orling <timothy.t.orling@intel.com> | ||
3 | Date: Fri, 18 Jun 2021 11:56:50 -0700 | ||
4 | Subject: [PATCH] test_ctypes.test_find: skip without tools-sdk | ||
5 | |||
6 | These tests need full packagegroup-core-buildessential, the | ||
7 | easiest way to dynamically check for that is looking for | ||
8 | 'tools-sdk' in IMAGE_FEATURES. | ||
9 | |||
10 | Upstream-Status: Inappropriate [oe-specific] | ||
11 | |||
12 | Signed-off-by: Tim Orling <timothy.t.orling@intel.com> | ||
13 | --- | ||
14 | Lib/ctypes/test/test_find.py | 2 ++ | ||
15 | 1 file changed, 2 insertions(+) | ||
16 | |||
17 | diff --git a/Lib/ctypes/test/test_find.py b/Lib/ctypes/test/test_find.py | ||
18 | index 92ac184..0d009d1 100644 | ||
19 | --- a/Lib/ctypes/test/test_find.py | ||
20 | +++ b/Lib/ctypes/test/test_find.py | ||
21 | @@ -112,10 +112,12 @@ class FindLibraryLinux(unittest.TestCase): | ||
22 | # LD_LIBRARY_PATH) | ||
23 | self.assertEqual(find_library(libname), 'lib%s.so' % libname) | ||
24 | |||
25 | + @unittest.skip("Needs IMAGE_FEATURES += \"tools-sdk\"") | ||
26 | def test_find_library_with_gcc(self): | ||
27 | with unittest.mock.patch("ctypes.util._findSoname_ldconfig", lambda *args: None): | ||
28 | self.assertNotEqual(find_library('c'), None) | ||
29 | |||
30 | + @unittest.skip("Needs IMAGE_FEATURES += \"tools-sdk\"") | ||
31 | def test_find_library_with_ld(self): | ||
32 | with unittest.mock.patch("ctypes.util._findSoname_ldconfig", lambda *args: None), \ | ||
33 | unittest.mock.patch("ctypes.util._findLib_gcc", lambda *args: None): | ||
diff --git a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch index 35b7e0c480..f9d2eadc11 100644 --- a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch +++ b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch | |||
@@ -1,6 +1,6 @@ | |||
1 | From b94995e0c694ec9561efec0d1a59b323340e6105 Mon Sep 17 00:00:00 2001 | 1 | From e11787d373baa6d7b0e0d94aff8ccd373203bfb1 Mon Sep 17 00:00:00 2001 |
2 | From: Mingli Yu <mingli.yu@windriver.com> | 2 | From: Tim Orling <ticotimo@gmail.com> |
3 | Date: Mon, 5 Aug 2019 15:57:39 +0800 | 3 | Date: Wed, 16 Jun 2021 07:49:52 -0700 |
4 | Subject: [PATCH] test_locale.py: correct the test output format | 4 | Subject: [PATCH] test_locale.py: correct the test output format |
5 | 5 | ||
6 | Before this patch: | 6 | Before this patch: |
@@ -24,23 +24,25 @@ Before this patch: | |||
24 | Upstream-Status: Submitted [https://github.com/python/cpython/pull/15132] | 24 | Upstream-Status: Submitted [https://github.com/python/cpython/pull/15132] |
25 | 25 | ||
26 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> | 26 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> |
27 | |||
28 | |||
29 | Refresh patch for upstream changes in 3.8.9 | ||
30 | |||
31 | Signed-off-by: Tim Orling <timothy.t.orling@intel.com> | ||
27 | --- | 32 | --- |
28 | Lib/test/test_locale.py | 2 +- | 33 | Lib/test/test_locale.py | 2 +- |
29 | 1 file changed, 1 insertion(+), 1 deletion(-) | 34 | 1 file changed, 1 insertion(+), 1 deletion(-) |
30 | 35 | ||
31 | diff --git a/Lib/test/test_locale.py b/Lib/test/test_locale.py | 36 | diff --git a/Lib/test/test_locale.py b/Lib/test/test_locale.py |
32 | index e2c2178..558d63c 100644 | 37 | index 39091c0..5050f3d 100644 |
33 | --- a/Lib/test/test_locale.py | 38 | --- a/Lib/test/test_locale.py |
34 | +++ b/Lib/test/test_locale.py | 39 | +++ b/Lib/test/test_locale.py |
35 | @@ -527,7 +527,7 @@ class TestMiscellaneous(unittest.TestCase): | 40 | @@ -563,7 +563,7 @@ class TestMiscellaneous(unittest.TestCase): |
36 | self.skipTest('test needs Turkish locale') | 41 | self.skipTest('test needs Turkish locale') |
37 | loc = locale.getlocale(locale.LC_CTYPE) | 42 | loc = locale.getlocale(locale.LC_CTYPE) |
38 | if verbose: | 43 | if verbose: |
39 | - print('testing with %a' % (loc,), end=' ', flush=True) | 44 | - print('testing with %a' % (loc,), end=' ', flush=True) |
40 | + print('testing with %a...' % (loc,), end=' ', flush=True) | 45 | + print('testing with %a...' % (loc,), end=' ', flush=True) |
41 | locale.setlocale(locale.LC_CTYPE, loc) | 46 | try: |
42 | self.assertEqual(loc, locale.getlocale(locale.LC_CTYPE)) | 47 | locale.setlocale(locale.LC_CTYPE, loc) |
43 | 48 | except locale.Error as exc: | |
44 | -- | ||
45 | 2.7.4 | ||
46 | |||
diff --git a/meta/recipes-devtools/python/python3/CVE-2019-20907.patch b/meta/recipes-devtools/python/python3/CVE-2019-20907.patch deleted file mode 100644 index a2e72372dd..0000000000 --- a/meta/recipes-devtools/python/python3/CVE-2019-20907.patch +++ /dev/null | |||
@@ -1,44 +0,0 @@ | |||
1 | From a06a6bf4e67a50561f6d6fb33534df1d3035ea34 Mon Sep 17 00:00:00 2001 | ||
2 | From: Rishi <rishi_devan@mail.com> | ||
3 | Date: Wed, 15 Jul 2020 13:51:00 +0200 | ||
4 | Subject: [PATCH] bpo-39017: Avoid infinite loop in the tarfile module | ||
5 | (GH-21454) | ||
6 | |||
7 | Avoid infinite loop when reading specially crafted TAR files using the tarfile module | ||
8 | (CVE-2019-20907). | ||
9 | (cherry picked from commit 5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4) | ||
10 | |||
11 | Co-authored-by: Rishi <rishi_devan@mail.com> | ||
12 | |||
13 | Removed testing 'recursion.tar' tar file due to binary data | ||
14 | |||
15 | Upstream-Status: Backport [https://github.com/python/cpython/commit/c55479556db015f48fc8bbca17f64d3e65598559] | ||
16 | CVE: CVE-2019-20907 | ||
17 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
18 | --- | ||
19 | Lib/tarfile.py | 2 ++ | ||
20 | .../2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst | 1 + | ||
21 | 4 files changed, 10 insertions(+) | ||
22 | create mode 100644 Lib/test/recursion.tar | ||
23 | create mode 100644 Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst | ||
24 | |||
25 | diff --git a/Lib/tarfile.py b/Lib/tarfile.py | ||
26 | index d31b9cbb51d65..7a69e1b1aa544 100755 | ||
27 | --- a/Lib/tarfile.py | ||
28 | +++ b/Lib/tarfile.py | ||
29 | @@ -1241,6 +1241,8 @@ def _proc_pax(self, tarfile): | ||
30 | |||
31 | length, keyword = match.groups() | ||
32 | length = int(length) | ||
33 | + if length == 0: | ||
34 | + raise InvalidHeaderError("invalid header") | ||
35 | value = buf[match.end(2) + 1:match.start(1) + length - 1] | ||
36 | |||
37 | # Normally, we could just use "utf-8" as the encoding and "strict" | ||
38 | diff --git a/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst | ||
39 | new file mode 100644 | ||
40 | index 0000000000000..ad26676f8b856 | ||
41 | --- /dev/null | ||
42 | +++ b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst | ||
43 | @@ -0,0 +1 @@ | ||
44 | +Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907). | ||
diff --git a/meta/recipes-devtools/python/python3/CVE-2020-14422.patch b/meta/recipes-devtools/python/python3/CVE-2020-14422.patch deleted file mode 100644 index 6889e46da9..0000000000 --- a/meta/recipes-devtools/python/python3/CVE-2020-14422.patch +++ /dev/null | |||
@@ -1,77 +0,0 @@ | |||
1 | From dc8ce8ead182de46584cc1ed8a8c51d48240cbd5 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Miss Islington (bot)" | ||
3 | <31488909+miss-islington@users.noreply.github.com> | ||
4 | Date: Mon, 29 Jun 2020 11:12:50 -0700 | ||
5 | Subject: [PATCH] bpo-41004: Resolve hash collisions for IPv4Interface and | ||
6 | IPv6Interface (GH-21033) | ||
7 | |||
8 | The __hash__() methods of classes IPv4Interface and IPv6Interface had issue | ||
9 | of generating constant hash values of 32 and 128 respectively causing hash collisions. | ||
10 | The fix uses the hash() function to generate hash values for the objects | ||
11 | instead of XOR operation | ||
12 | (cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28) | ||
13 | |||
14 | Co-authored-by: Ravi Teja P <rvteja92@gmail.com> | ||
15 | |||
16 | Upstream-Status: Backport [https://github.com/python/cpython/commit/dc8ce8ead182de46584cc1ed8a8c51d48240cbd5] | ||
17 | CVE: CVE-2020-14422 | ||
18 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
19 | --- | ||
20 | Lib/ipaddress.py | 4 ++-- | ||
21 | Lib/test/test_ipaddress.py | 12 ++++++++++++ | ||
22 | .../2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst | 1 + | ||
23 | 3 files changed, 15 insertions(+), 2 deletions(-) | ||
24 | create mode 100644 Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst | ||
25 | |||
26 | diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py | ||
27 | index 873c7644081af..a3a04f7f4b309 100644 | ||
28 | --- a/Lib/ipaddress.py | ||
29 | +++ b/Lib/ipaddress.py | ||
30 | @@ -1370,7 +1370,7 @@ def __lt__(self, other): | ||
31 | return False | ||
32 | |||
33 | def __hash__(self): | ||
34 | - return self._ip ^ self._prefixlen ^ int(self.network.network_address) | ||
35 | + return hash((self._ip, self._prefixlen, int(self.network.network_address))) | ||
36 | |||
37 | __reduce__ = _IPAddressBase.__reduce__ | ||
38 | |||
39 | @@ -2017,7 +2017,7 @@ def __lt__(self, other): | ||
40 | return False | ||
41 | |||
42 | def __hash__(self): | ||
43 | - return self._ip ^ self._prefixlen ^ int(self.network.network_address) | ||
44 | + return hash((self._ip, self._prefixlen, int(self.network.network_address))) | ||
45 | |||
46 | __reduce__ = _IPAddressBase.__reduce__ | ||
47 | |||
48 | diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py | ||
49 | index de77111705b69..2eba740e5e7a4 100644 | ||
50 | --- a/Lib/test/test_ipaddress.py | ||
51 | +++ b/Lib/test/test_ipaddress.py | ||
52 | @@ -2053,6 +2053,18 @@ def testsixtofour(self): | ||
53 | sixtofouraddr.sixtofour) | ||
54 | self.assertFalse(bad_addr.sixtofour) | ||
55 | |||
56 | + # issue41004 Hash collisions in IPv4Interface and IPv6Interface | ||
57 | + def testV4HashIsNotConstant(self): | ||
58 | + ipv4_address1 = ipaddress.IPv4Interface("1.2.3.4") | ||
59 | + ipv4_address2 = ipaddress.IPv4Interface("2.3.4.5") | ||
60 | + self.assertNotEqual(ipv4_address1.__hash__(), ipv4_address2.__hash__()) | ||
61 | + | ||
62 | + # issue41004 Hash collisions in IPv4Interface and IPv6Interface | ||
63 | + def testV6HashIsNotConstant(self): | ||
64 | + ipv6_address1 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:1") | ||
65 | + ipv6_address2 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:2") | ||
66 | + self.assertNotEqual(ipv6_address1.__hash__(), ipv6_address2.__hash__()) | ||
67 | + | ||
68 | |||
69 | if __name__ == '__main__': | ||
70 | unittest.main() | ||
71 | diff --git a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst | ||
72 | new file mode 100644 | ||
73 | index 0000000000000..1380b31fbe9f4 | ||
74 | --- /dev/null | ||
75 | +++ b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst | ||
76 | @@ -0,0 +1 @@ | ||
77 | +The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). | ||
diff --git a/meta/recipes-devtools/python/python3/CVE-2020-26116.patch b/meta/recipes-devtools/python/python3/CVE-2020-26116.patch deleted file mode 100644 index c019db2a76..0000000000 --- a/meta/recipes-devtools/python/python3/CVE-2020-26116.patch +++ /dev/null | |||
@@ -1,104 +0,0 @@ | |||
1 | From 668d321476d974c4f51476b33aaca870272523bf Mon Sep 17 00:00:00 2001 | ||
2 | From: "Miss Islington (bot)" | ||
3 | <31488909+miss-islington@users.noreply.github.com> | ||
4 | Date: Sat, 18 Jul 2020 13:39:12 -0700 | ||
5 | Subject: [PATCH] bpo-39603: Prevent header injection in http methods | ||
6 | (GH-18485) | ||
7 | |||
8 | reject control chars in http method in http.client.putrequest to prevent http header injection | ||
9 | (cherry picked from commit 8ca8a2e8fb068863c1138f07e3098478ef8be12e) | ||
10 | |||
11 | Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com> | ||
12 | |||
13 | Upstream-Status: Backport [https://github.com/python/cpython/commit/668d321476d974c4f51476b33aaca870272523bf] | ||
14 | CVE: CVE-2020-26116 | ||
15 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
16 | |||
17 | --- | ||
18 | Lib/http/client.py | 15 +++++++++++++ | ||
19 | Lib/test/test_httplib.py | 22 +++++++++++++++++++ | ||
20 | .../2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst | 2 ++ | ||
21 | 3 files changed, 39 insertions(+) | ||
22 | create mode 100644 Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst | ||
23 | |||
24 | diff --git a/Lib/http/client.py b/Lib/http/client.py | ||
25 | index 019380a720318..c2ad0471bfee5 100644 | ||
26 | --- a/Lib/http/client.py | ||
27 | +++ b/Lib/http/client.py | ||
28 | @@ -147,6 +147,10 @@ | ||
29 | # _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$") | ||
30 | # We are more lenient for assumed real world compatibility purposes. | ||
31 | |||
32 | +# These characters are not allowed within HTTP method names | ||
33 | +# to prevent http header injection. | ||
34 | +_contains_disallowed_method_pchar_re = re.compile('[\x00-\x1f]') | ||
35 | + | ||
36 | # We always set the Content-Length header for these methods because some | ||
37 | # servers will otherwise respond with a 411 | ||
38 | _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'} | ||
39 | @@ -1087,6 +1091,8 @@ def putrequest(self, method, url, skip_host=False, | ||
40 | else: | ||
41 | raise CannotSendRequest(self.__state) | ||
42 | |||
43 | + self._validate_method(method) | ||
44 | + | ||
45 | # Save the method for use later in the response phase | ||
46 | self._method = method | ||
47 | |||
48 | @@ -1177,6 +1183,15 @@ def _encode_request(self, request): | ||
49 | # ASCII also helps prevent CVE-2019-9740. | ||
50 | return request.encode('ascii') | ||
51 | |||
52 | + def _validate_method(self, method): | ||
53 | + """Validate a method name for putrequest.""" | ||
54 | + # prevent http header injection | ||
55 | + match = _contains_disallowed_method_pchar_re.search(method) | ||
56 | + if match: | ||
57 | + raise ValueError( | ||
58 | + f"method can't contain control characters. {method!r} " | ||
59 | + f"(found at least {match.group()!r})") | ||
60 | + | ||
61 | def _validate_path(self, url): | ||
62 | """Validate a url for putrequest.""" | ||
63 | # Prevent CVE-2019-9740. | ||
64 | diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py | ||
65 | index 8f0e27a1fb836..5a5fcecbc9c15 100644 | ||
66 | --- a/Lib/test/test_httplib.py | ||
67 | +++ b/Lib/test/test_httplib.py | ||
68 | @@ -364,6 +364,28 @@ def test_headers_debuglevel(self): | ||
69 | self.assertEqual(lines[3], "header: Second: val2") | ||
70 | |||
71 | |||
72 | +class HttpMethodTests(TestCase): | ||
73 | + def test_invalid_method_names(self): | ||
74 | + methods = ( | ||
75 | + 'GET\r', | ||
76 | + 'POST\n', | ||
77 | + 'PUT\n\r', | ||
78 | + 'POST\nValue', | ||
79 | + 'POST\nHOST:abc', | ||
80 | + 'GET\nrHost:abc\n', | ||
81 | + 'POST\rRemainder:\r', | ||
82 | + 'GET\rHOST:\n', | ||
83 | + '\nPUT' | ||
84 | + ) | ||
85 | + | ||
86 | + for method in methods: | ||
87 | + with self.assertRaisesRegex( | ||
88 | + ValueError, "method can't contain control characters"): | ||
89 | + conn = client.HTTPConnection('example.com') | ||
90 | + conn.sock = FakeSocket(None) | ||
91 | + conn.request(method=method, url="/") | ||
92 | + | ||
93 | + | ||
94 | class TransferEncodingTest(TestCase): | ||
95 | expected_body = b"It's just a flesh wound" | ||
96 | |||
97 | diff --git a/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst b/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst | ||
98 | new file mode 100644 | ||
99 | index 0000000000000..990affc3edd9d | ||
100 | --- /dev/null | ||
101 | +++ b/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst | ||
102 | @@ -0,0 +1,2 @@ | ||
103 | +Prevent http header injection by rejecting control characters in | ||
104 | +http.client.putrequest(...). | ||
diff --git a/meta/recipes-devtools/python/python3/CVE-2020-27619.patch b/meta/recipes-devtools/python/python3/CVE-2020-27619.patch deleted file mode 100644 index bafa1cb999..0000000000 --- a/meta/recipes-devtools/python/python3/CVE-2020-27619.patch +++ /dev/null | |||
@@ -1,70 +0,0 @@ | |||
1 | From 6c6c256df3636ff6f6136820afaefa5a10a3ac33 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Miss Skeleton (bot)" <31488909+miss-islington@users.noreply.github.com> | ||
3 | Date: Tue, 6 Oct 2020 05:38:54 -0700 | ||
4 | Subject: [PATCH] bpo-41944: No longer call eval() on content received via HTTP | ||
5 | in the CJK codec tests (GH-22566) (GH-22577) | ||
6 | |||
7 | (cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8) | ||
8 | |||
9 | Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> | ||
10 | |||
11 | Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> | ||
12 | |||
13 | Upstream-Status: Backport [https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33] | ||
14 | CVE: CVE-2020-27619 | ||
15 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
16 | --- | ||
17 | Lib/test/multibytecodec_support.py | 22 +++++++------------ | ||
18 | .../2020-10-05-17-43-46.bpo-41944.rf1dYb.rst | 1 + | ||
19 | 2 files changed, 9 insertions(+), 14 deletions(-) | ||
20 | create mode 100644 Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst | ||
21 | |||
22 | diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py | ||
23 | index cca8af67d6d1d..f76c0153f5ecf 100644 | ||
24 | --- a/Lib/test/multibytecodec_support.py | ||
25 | +++ b/Lib/test/multibytecodec_support.py | ||
26 | @@ -305,29 +305,23 @@ def test_mapping_file(self): | ||
27 | self._test_mapping_file_plain() | ||
28 | |||
29 | def _test_mapping_file_plain(self): | ||
30 | - unichrs = lambda s: ''.join(map(chr, map(eval, s.split('+')))) | ||
31 | + def unichrs(s): | ||
32 | + return ''.join(chr(int(x, 16)) for x in s.split('+')) | ||
33 | + | ||
34 | urt_wa = {} | ||
35 | |||
36 | with self.open_mapping_file() as f: | ||
37 | for line in f: | ||
38 | if not line: | ||
39 | break | ||
40 | - data = line.split('#')[0].strip().split() | ||
41 | + data = line.split('#')[0].split() | ||
42 | if len(data) != 2: | ||
43 | continue | ||
44 | |||
45 | - csetval = eval(data[0]) | ||
46 | - if csetval <= 0x7F: | ||
47 | - csetch = bytes([csetval & 0xff]) | ||
48 | - elif csetval >= 0x1000000: | ||
49 | - csetch = bytes([(csetval >> 24), ((csetval >> 16) & 0xff), | ||
50 | - ((csetval >> 8) & 0xff), (csetval & 0xff)]) | ||
51 | - elif csetval >= 0x10000: | ||
52 | - csetch = bytes([(csetval >> 16), ((csetval >> 8) & 0xff), | ||
53 | - (csetval & 0xff)]) | ||
54 | - elif csetval >= 0x100: | ||
55 | - csetch = bytes([(csetval >> 8), (csetval & 0xff)]) | ||
56 | - else: | ||
57 | + if data[0][:2] != '0x': | ||
58 | + self.fail(f"Invalid line: {line!r}") | ||
59 | + csetch = bytes.fromhex(data[0][2:]) | ||
60 | + if len(csetch) == 1 and 0x80 <= csetch[0]: | ||
61 | continue | ||
62 | |||
63 | unich = unichrs(data[1]) | ||
64 | diff --git a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst | ||
65 | new file mode 100644 | ||
66 | index 0000000000000..4f9782f1c85af | ||
67 | --- /dev/null | ||
68 | +++ b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst | ||
69 | @@ -0,0 +1 @@ | ||
70 | +Tests for CJK codecs no longer call ``eval()`` on content received via HTTP. | ||
diff --git a/meta/recipes-devtools/python/python3/CVE-2023-24329.patch b/meta/recipes-devtools/python/python3/CVE-2023-24329.patch new file mode 100644 index 0000000000..23dec65602 --- /dev/null +++ b/meta/recipes-devtools/python/python3/CVE-2023-24329.patch | |||
@@ -0,0 +1,80 @@ | |||
1 | From 72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Miss Islington (bot)" | ||
3 | <31488909+miss-islington@users.noreply.github.com> | ||
4 | Date: Sun, 13 Nov 2022 11:00:25 -0800 | ||
5 | Subject: [PATCH] gh-99418: Make urllib.parse.urlparse enforce that a scheme | ||
6 | must begin with an alphabetical ASCII character. (GH-99421) | ||
7 | |||
8 | Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character. | ||
9 | |||
10 | RFC 3986 defines a scheme like this: `scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )` | ||
11 | RFC 2234 defines an ALPHA like this: `ALPHA = %x41-5A / %x61-7A` | ||
12 | |||
13 | The WHATWG URL spec defines a scheme like this: | ||
14 | `"A URL-scheme string must be one ASCII alpha, followed by zero or more of ASCII alphanumeric, U+002B (+), U+002D (-), and U+002E (.)."` | ||
15 | (cherry picked from commit 439b9cfaf43080e91c4ad69f312f21fa098befc7) | ||
16 | |||
17 | Co-authored-by: Ben Kallus <49924171+kenballus@users.noreply.github.com> | ||
18 | |||
19 | Upstream-Status: Backport [https://github.com/python/cpython/commit/72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9] | ||
20 | CVE: CVE-2023-24329 | ||
21 | Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> | ||
22 | --- | ||
23 | Lib/test/test_urlparse.py | 18 ++++++++++++++++++ | ||
24 | Lib/urllib/parse.py | 2 +- | ||
25 | ...22-11-12-15-45-51.gh-issue-99418.FxfAXS.rst | 2 ++ | ||
26 | 3 files changed, 21 insertions(+), 1 deletion(-) | ||
27 | create mode 100644 Misc/NEWS.d/next/Library/2022-11-12-15-45-51.gh-issue-99418.FxfAXS.rst | ||
28 | |||
29 | diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py | ||
30 | index 0ad3bf1..e1aa913 100644 | ||
31 | --- a/Lib/test/test_urlparse.py | ||
32 | +++ b/Lib/test/test_urlparse.py | ||
33 | @@ -735,6 +735,24 @@ class UrlParseTestCase(unittest.TestCase): | ||
34 | with self.assertRaises(ValueError): | ||
35 | p.port | ||
36 | |||
37 | + def test_attributes_bad_scheme(self): | ||
38 | + """Check handling of invalid schemes.""" | ||
39 | + for bytes in (False, True): | ||
40 | + for parse in (urllib.parse.urlsplit, urllib.parse.urlparse): | ||
41 | + for scheme in (".", "+", "-", "0", "http&", "६http"): | ||
42 | + with self.subTest(bytes=bytes, parse=parse, scheme=scheme): | ||
43 | + url = scheme + "://www.example.net" | ||
44 | + if bytes: | ||
45 | + if url.isascii(): | ||
46 | + url = url.encode("ascii") | ||
47 | + else: | ||
48 | + continue | ||
49 | + p = parse(url) | ||
50 | + if bytes: | ||
51 | + self.assertEqual(p.scheme, b"") | ||
52 | + else: | ||
53 | + self.assertEqual(p.scheme, "") | ||
54 | + | ||
55 | def test_attributes_without_netloc(self): | ||
56 | # This example is straight from RFC 3261. It looks like it | ||
57 | # should allow the username, hostname, and port to be filled | ||
58 | diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py | ||
59 | index 979e6d2..2e7a3e2 100644 | ||
60 | --- a/Lib/urllib/parse.py | ||
61 | +++ b/Lib/urllib/parse.py | ||
62 | @@ -452,7 +452,7 @@ def urlsplit(url, scheme='', allow_fragments=True): | ||
63 | clear_cache() | ||
64 | netloc = query = fragment = '' | ||
65 | i = url.find(':') | ||
66 | - if i > 0: | ||
67 | + if i > 0 and url[0].isascii() and url[0].isalpha(): | ||
68 | if url[:i] == 'http': # optimize the common case | ||
69 | url = url[i+1:] | ||
70 | if url[:2] == '//': | ||
71 | diff --git a/Misc/NEWS.d/next/Library/2022-11-12-15-45-51.gh-issue-99418.FxfAXS.rst b/Misc/NEWS.d/next/Library/2022-11-12-15-45-51.gh-issue-99418.FxfAXS.rst | ||
72 | new file mode 100644 | ||
73 | index 0000000..0a06e7c | ||
74 | --- /dev/null | ||
75 | +++ b/Misc/NEWS.d/next/Library/2022-11-12-15-45-51.gh-issue-99418.FxfAXS.rst | ||
76 | @@ -0,0 +1,2 @@ | ||
77 | +Fix bug in :func:`urllib.parse.urlparse` that causes URL schemes that begin | ||
78 | +with a digit, a plus sign, or a minus sign to be parsed incorrectly. | ||
79 | -- | ||
80 | 2.25.1 | ||
diff --git a/meta/recipes-devtools/python/python3/makerace.patch b/meta/recipes-devtools/python/python3/makerace.patch new file mode 100644 index 0000000000..8971f28b8e --- /dev/null +++ b/meta/recipes-devtools/python/python3/makerace.patch | |||
@@ -0,0 +1,23 @@ | |||
1 | libainstall installs python-config.py but the .pyc cache files are generated | ||
2 | by the libinstall target. This means some builds may not generate the pyc files | ||
3 | for python-config.py depending on the order things happen in. This means builds | ||
4 | are not always reproducible. | ||
5 | |||
6 | Add a dependency to avoid the race. | ||
7 | |||
8 | Upstream-Status: Pending | ||
9 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||
10 | |||
11 | Index: Python-3.8.11/Makefile.pre.in | ||
12 | =================================================================== | ||
13 | --- Python-3.8.11.orig/Makefile.pre.in | ||
14 | +++ Python-3.8.11/Makefile.pre.in | ||
15 | @@ -1415,7 +1415,7 @@ LIBSUBDIRS= tkinter tkinter/test tkinter | ||
16 | unittest unittest/test unittest/test/testmock \ | ||
17 | venv venv/scripts venv/scripts/common venv/scripts/posix \ | ||
18 | curses pydoc_data | ||
19 | -libinstall: build_all $(srcdir)/Modules/xxmodule.c | ||
20 | +libinstall: build_all $(srcdir)/Modules/xxmodule.c libainstall | ||
21 | @for i in $(SCRIPTDIR) $(LIBDEST); \ | ||
22 | do \ | ||
23 | if test ! -d $(DESTDIR)$$i; then \ | ||
diff --git a/meta/recipes-devtools/python/python3/python3-manifest.json b/meta/recipes-devtools/python/python3/python3-manifest.json index 3bcc9b8662..0e87f91dd8 100644 --- a/meta/recipes-devtools/python/python3/python3-manifest.json +++ b/meta/recipes-devtools/python/python3/python3-manifest.json | |||
@@ -531,7 +531,9 @@ | |||
531 | "rdepends": [ | 531 | "rdepends": [ |
532 | "core" | 532 | "core" |
533 | ], | 533 | ], |
534 | "files": [], | 534 | "files": [ |
535 | "${libdir}/python${PYTHON_MAJMIN}/distutils/command/wininst-*.exe" | ||
536 | ], | ||
535 | "cached": [] | 537 | "cached": [] |
536 | }, | 538 | }, |
537 | "distutils": { | 539 | "distutils": { |
diff --git a/meta/recipes-devtools/python/python3_3.8.2.bb b/meta/recipes-devtools/python/python3_3.8.18.bb index a448b3ed97..9d0f72ecf9 100644 --- a/meta/recipes-devtools/python/python3_3.8.2.bb +++ b/meta/recipes-devtools/python/python3_3.8.18.bb | |||
@@ -1,9 +1,10 @@ | |||
1 | SUMMARY = "The Python Programming Language" | 1 | SUMMARY = "The Python Programming Language" |
2 | HOMEPAGE = "http://www.python.org" | 2 | HOMEPAGE = "http://www.python.org" |
3 | LICENSE = "PSFv2" | 3 | DESCRIPTION = "Python is a programming language that lets you work more quickly and integrate your systems more effectively." |
4 | LICENSE = "PSF-2.0 & BSD-0-Clause" | ||
4 | SECTION = "devel/python" | 5 | SECTION = "devel/python" |
5 | 6 | ||
6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=203a6dbc802ee896020a47161e759642" | 7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=07fc4b9a9c0c0e48050ed38a5e72552b" |
7 | 8 | ||
8 | SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ | 9 | SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ |
9 | file://run-ptest \ | 10 | file://run-ptest \ |
@@ -32,11 +33,8 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ | |||
32 | file://0001-configure.ac-fix-LIBPL.patch \ | 33 | file://0001-configure.ac-fix-LIBPL.patch \ |
33 | file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \ | 34 | file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \ |
34 | file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ | 35 | file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ |
35 | file://0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch \ | 36 | file://makerace.patch \ |
36 | file://CVE-2019-20907.patch \ | 37 | file://CVE-2023-24329.patch \ |
37 | file://CVE-2020-14422.patch \ | ||
38 | file://CVE-2020-26116.patch \ | ||
39 | file://CVE-2020-27619.patch \ | ||
40 | " | 38 | " |
41 | 39 | ||
42 | SRC_URI_append_class-native = " \ | 40 | SRC_URI_append_class-native = " \ |
@@ -45,8 +43,8 @@ SRC_URI_append_class-native = " \ | |||
45 | file://0001-Don-t-search-system-for-headers-libraries.patch \ | 43 | file://0001-Don-t-search-system-for-headers-libraries.patch \ |
46 | " | 44 | " |
47 | 45 | ||
48 | SRC_URI[md5sum] = "e9d6ebc92183a177b8e8a58cad5b8d67" | 46 | SRC_URI[md5sum] = "5ea6267ea00513fc31d3746feb35842d" |
49 | SRC_URI[sha256sum] = "2646e7dc233362f59714c6193017bb2d6f7b38d6ab4a0cb5fbac5c36c4d845df" | 47 | SRC_URI[sha256sum] = "3ffb71cd349a326ba7b2fadc7e7df86ba577dd9c4917e52a8401adbda7405e3f" |
50 | 48 | ||
51 | # exclude pre-releases for both python 2.x and 3.x | 49 | # exclude pre-releases for both python 2.x and 3.x |
52 | UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" | 50 | UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" |
@@ -59,7 +57,12 @@ CVE_CHECK_WHITELIST += "CVE-2007-4559" | |||
59 | CVE_CHECK_WHITELIST += "CVE-2019-18348" | 57 | CVE_CHECK_WHITELIST += "CVE-2019-18348" |
60 | 58 | ||
61 | # This is windows only issue. | 59 | # This is windows only issue. |
62 | CVE_CHECK_WHITELIST += "CVE-2020-15523" | 60 | CVE_CHECK_WHITELIST += "CVE-2020-15523 CVE-2022-26488" |
61 | # The mailcap module is insecure by design, so this can't be fixed in a meaningful way. | ||
62 | # The module will be removed in the future and flaws documented. | ||
63 | CVE_CHECK_WHITELIST += "CVE-2015-20107" | ||
64 | # Not an issue, in fact expected behaviour | ||
65 | CVE_CHECK_WHITELIST += "CVE-2023-36632" | ||
63 | 66 | ||
64 | PYTHON_MAJMIN = "3.8" | 67 | PYTHON_MAJMIN = "3.8" |
65 | 68 | ||
@@ -76,7 +79,7 @@ ALTERNATIVE_LINK_NAME[python3-config] = "${bindir}/python${PYTHON_MAJMIN}-config | |||
76 | ALTERNATIVE_TARGET[python3-config] = "${bindir}/python${PYTHON_MAJMIN}-config-${MULTILIB_SUFFIX}" | 79 | ALTERNATIVE_TARGET[python3-config] = "${bindir}/python${PYTHON_MAJMIN}-config-${MULTILIB_SUFFIX}" |
77 | 80 | ||
78 | 81 | ||
79 | DEPENDS = "bzip2-replacement-native libffi bzip2 openssl sqlite3 zlib virtual/libintl xz virtual/crypt util-linux libtirpc libnsl2" | 82 | DEPENDS = "bzip2-replacement-native libffi bzip2 openssl sqlite3 zlib virtual/libintl xz virtual/crypt util-linux libtirpc libnsl2 autoconf-archive" |
80 | DEPENDS_append_class-target = " python3-native" | 83 | DEPENDS_append_class-target = " python3-native" |
81 | DEPENDS_append_class-nativesdk = " python3-native" | 84 | DEPENDS_append_class-nativesdk = " python3-native" |
82 | 85 | ||
@@ -335,6 +338,7 @@ PACKAGES =+ "libpython3 libpython3-staticdev" | |||
335 | FILES_libpython3 = "${libdir}/libpython*.so.*" | 338 | FILES_libpython3 = "${libdir}/libpython*.so.*" |
336 | FILES_libpython3-staticdev += "${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_MAJMIN}-*/libpython${PYTHON_MAJMIN}.a" | 339 | FILES_libpython3-staticdev += "${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_MAJMIN}-*/libpython${PYTHON_MAJMIN}.a" |
337 | INSANE_SKIP_${PN}-dev += "dev-elf" | 340 | INSANE_SKIP_${PN}-dev += "dev-elf" |
341 | INSANE_SKIP_${PN}-ptest += "dev-deps" | ||
338 | 342 | ||
339 | # catch all the rest (unsorted) | 343 | # catch all the rest (unsorted) |
340 | PACKAGES += "${PN}-misc" | 344 | PACKAGES += "${PN}-misc" |
@@ -350,7 +354,7 @@ FILES_${PN}-man = "${datadir}/man" | |||
350 | # See https://bugs.python.org/issue18748 and https://bugs.python.org/issue37395 | 354 | # See https://bugs.python.org/issue18748 and https://bugs.python.org/issue37395 |
351 | RDEPENDS_libpython3_append_libc-glibc = " libgcc" | 355 | RDEPENDS_libpython3_append_libc-glibc = " libgcc" |
352 | RDEPENDS_${PN}-ctypes_append_libc-glibc = " ${MLPREFIX}ldconfig" | 356 | RDEPENDS_${PN}-ctypes_append_libc-glibc = " ${MLPREFIX}ldconfig" |
353 | RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests unzip bzip2 libgcc tzdata-europe coreutils sed" | 357 | RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests ${PN}-dev unzip bzip2 libgcc tzdata-europe coreutils sed" |
354 | RDEPENDS_${PN}-ptest_append_libc-glibc = " locale-base-tr-tr.iso-8859-9" | 358 | RDEPENDS_${PN}-ptest_append_libc-glibc = " locale-base-tr-tr.iso-8859-9" |
355 | RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk tk-lib', '', d)}" | 359 | RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk tk-lib', '', d)}" |
356 | RDEPENDS_${PN}-dev = "" | 360 | RDEPENDS_${PN}-dev = "" |