python3: upgrade 3.10.4 -> 3.10.7

Security and bug fixes. Drop patch for gh-92036 which was merged in 3.10.5 Refresh 0017-setup.py-do-not-report-missing-dependencies-for-disa.pathc Fixes: * CVE-2020-10735 https://nvd.nist.gov/vuln/detail/CVE-2020-10735 * CVE-2021-28861 https://nvd.nist.gov/vuln/detail/CVE-2021-28861 * CVE-2018-25032 https://nvd.nist.gov/vuln/detail/CVE-2018-25032 For a list of changes see: https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-7-final https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-6-final https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-6-final (From OE-Core rev: 3efae85283b19fa1b30af7fed7fa89d7a50337db) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Tim Orling <ticotimo@gmail.com> 2022-10-11 12:56:01 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-10-20 15:36:02 +0100
commit: 6a3c3653323309c3a0cd4747bbc01227718bd1c9 (patch)
tree: 0c825eb71cf65f2111912eafc7084bb774de46aa /meta/recipes-devtools/python/python3
parent: 855084fcbba12bc1aecf2363994014fd5d230bfb (diff)
download: poky-6a3c3653323309c3a0cd4747bbc01227718bd1c9.tar.gz
2 files changed, 5 insertions, 57 deletions
diff --git a/meta/recipes-devtools/python/python3/0001-gh-92036-Fix-gc_fini_untrack-GH-92037.patch b/meta/recipes-devtools/python/python3/0001-gh-92036-Fix-gc_fini_untrack-GH-92037.patch
deleted file mode 100644
index 6a58c35cc6..0000000000
--- a/meta/recipes-devtools/python/python3/0001-gh-92036-Fix-gc_fini_untrack-GH-92037.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 178a238f25ab8aff7689d7a09d66dc1583ecd6cb Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-islington@users.noreply.github.com>
-Date: Wed, 4 May 2022 03:23:29 -0700
-Subject: [PATCH 01/40] gh-92036: Fix gc_fini_untrack() (GH-92037)
-Fix a crash in subinterpreters related to the garbage collector. When
-a subinterpreter is deleted, untrack all objects tracked by its GC.
-To prevent a crash in deallocator functions expecting objects to be
-tracked by the GC, leak a strong reference to these objects on
-purpose, so they are never deleted and their deallocator functions
-are not called.
-(cherry picked from commit 14243369b5f80613628a565c224bba7fb3fcacd8)
-Co-authored-by: Victor Stinner <vstinner@python.org>
-Upstream-Status: Backport
---
- .../2022-04-28-23-37-30.gh-issue-92036.GZJAC9.rst           | 5 +++++
- Modules/gcmodule.c                                          | 6 ++++++
- 2 files changed, 11 insertions(+)
- create mode 100644 Misc/NEWS.d/next/Core and Builtins/2022-04-28-23-37-30.gh-issue-92036.GZJAC9.rst
-diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-04-28-23-37-30.gh-issue-92036.GZJAC9.rst b/Misc/NEWS.d/next/Core and Builtins/2022-04-28-23-37-30.gh-issue-92036.GZJAC9.rst
-new file mode 100644
-index 0000000000..78094c5e4f
--- /dev/null
-+++ b/Misc/NEWS.d/next/Core and Builtins/2022-04-28-23-37-30.gh-issue-92036.GZJAC9.rst  
-@@ -0,0 +1,5 @@
-+Fix a crash in subinterpreters related to the garbage collector. When a
-+subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a
-+crash in deallocator functions expecting objects to be tracked by the GC, leak
-+a strong reference to these objects on purpose, so they are never deleted and
-+their deallocator functions are not called. Patch by Victor Stinner.
-diff --git a/Modules/gcmodule.c b/Modules/gcmodule.c
-index 805a159d53..43ae6fa98b 100644
--- a/Modules/gcmodule.c
-+++ b/Modules/gcmodule.c
-@@ -2170,6 +2170,12 @@ gc_fini_untrack(PyGC_Head *list)
-     for (gc = GC_NEXT(list); gc != list; gc = GC_NEXT(list)) {
-         PyObject *op = FROM_GC(gc);
-         _PyObject_GC_UNTRACK(op);
-+        // gh-92036: If a deallocator function expect the object to be tracked
-+        // by the GC (ex: func_dealloc()), it can crash if called on an object
-+        // which is no longer tracked by the GC. Leak one strong reference on
-+        // purpose so the object is never deleted and its deallocator is not
-+        // called.
-+        Py_INCREF(op);
-     }
- }
- 
-- 
-2.25.1
diff --git a/meta/recipes-devtools/python/python3/0017-setup.py-do-not-report-missing-dependencies-for-disa.patch b/meta/recipes-devtools/python/python3/0017-setup.py-do-not-report-missing-dependencies-for-disa.patch
index 0ead57e465..8c554feb4b 100644
--- a/meta/recipes-devtools/python/python3/0017-setup.py-do-not-report-missing-dependencies-for-disa.patch
+++ b/meta/recipes-devtools/python/python3/0017-setup.py-do-not-report-missing-dependencies-for-disa.patch
@@ -12,16 +12,18 @@ Upstream-Status: Inappropriate [oe-core specific]
 Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
 Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
 Signed-off-by: Alejandro Hernandez Samaniego <alejandro@enedino.org>
+Refresh for 3.10.7:
+Signed-off-by: Tim Orling <tim.orling@konsulko.com>
 ---
 setup.py | 8 ++++++++
 1 file changed, 8 insertions(+)
 diff --git a/setup.py b/setup.py
-index 2be4738..62f0e18 100644
+index 85a2b26357..7605347bf5 100644
 --- a/setup.py
 +++ b/setup.py
-@@ -517,6 +517,14 @@ class PyBuildExt(build_ext):
+@@ -517,6 +517,14 @@ def print_three_column(lst):
                 print("%-*s   %-*s   %-*s" % (longest, e, longest, f,
                                               longest, g))
 
@@ -35,4 +37,4 @@ index 2be4738..62f0e18 100644
 +
         if self.missing:
             print()
-             print("Python build finished successfully!")
+             print("The necessary bits to build these optional modules were not "
author	Tim Orling <ticotimo@gmail.com>	2022-10-11 12:56:01 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-10-20 15:36:02 +0100
commit	6a3c3653323309c3a0cd4747bbc01227718bd1c9 (patch)
tree	0c825eb71cf65f2111912eafc7084bb774de46aa /meta/recipes-devtools/python/python3
parent	855084fcbba12bc1aecf2363994014fd5d230bfb (diff)
download	poky-6a3c3653323309c3a0cd4747bbc01227718bd1c9.tar.gz

diff --git a/meta/recipes-devtools/python/python3/0001-gh-92036-Fix-gc_fini_untrack-GH-92037.patch b/meta/recipes-devtools/python/python3/0001-gh-92036-Fix-gc_fini_untrack-GH-92037.patch deleted file mode 100644 index 6a58c35cc6..0000000000 --- a/meta/recipes-devtools/python/python3/0001-gh-92036-Fix-gc_fini_untrack-GH-92037.patch +++ /dev/null
@@ -1,54 +0,0 @@
1	From 178a238f25ab8aff7689d7a09d66dc1583ecd6cb Mon Sep 17 00:00:00 2001
2	From: "Miss Islington (bot)"
3	<31488909+miss-islington@users.noreply.github.com>
4	Date: Wed, 4 May 2022 03:23:29 -0700
5	Subject: [PATCH 01/40] gh-92036: Fix gc_fini_untrack() (GH-92037)
6
7	Fix a crash in subinterpreters related to the garbage collector. When
8	a subinterpreter is deleted, untrack all objects tracked by its GC.
9	To prevent a crash in deallocator functions expecting objects to be
10	tracked by the GC, leak a strong reference to these objects on
11	purpose, so they are never deleted and their deallocator functions
12	are not called.
13	(cherry picked from commit 14243369b5f80613628a565c224bba7fb3fcacd8)
14
15	Co-authored-by: Victor Stinner <vstinner@python.org>
16
17	Upstream-Status: Backport
18	---
19	.../2022-04-28-23-37-30.gh-issue-92036.GZJAC9.rst \| 5 +++++
20	Modules/gcmodule.c \| 6 ++++++
21	2 files changed, 11 insertions(+)
22	create mode 100644 Misc/NEWS.d/next/Core and Builtins/2022-04-28-23-37-30.gh-issue-92036.GZJAC9.rst
23
24	diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-04-28-23-37-30.gh-issue-92036.GZJAC9.rst b/Misc/NEWS.d/next/Core and Builtins/2022-04-28-23-37-30.gh-issue-92036.GZJAC9.rst
25	new file mode 100644
26	index 0000000000..78094c5e4f
27	--- /dev/null
28	+++ b/Misc/NEWS.d/next/Core and Builtins/2022-04-28-23-37-30.gh-issue-92036.GZJAC9.rst
29	@@ -0,0 +1,5 @@
30	+Fix a crash in subinterpreters related to the garbage collector. When a
31	+subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a
32	+crash in deallocator functions expecting objects to be tracked by the GC, leak
33	+a strong reference to these objects on purpose, so they are never deleted and
34	+their deallocator functions are not called. Patch by Victor Stinner.
35	diff --git a/Modules/gcmodule.c b/Modules/gcmodule.c
36	index 805a159d53..43ae6fa98b 100644
37	--- a/Modules/gcmodule.c
38	+++ b/Modules/gcmodule.c
39	@@ -2170,6 +2170,12 @@ gc_fini_untrack(PyGC_Head *list)
40	for (gc = GC_NEXT(list); gc != list; gc = GC_NEXT(list)) {
41	PyObject *op = FROM_GC(gc);
42	_PyObject_GC_UNTRACK(op);
43	+ // gh-92036: If a deallocator function expect the object to be tracked
44	+ // by the GC (ex: func_dealloc()), it can crash if called on an object
45	+ // which is no longer tracked by the GC. Leak one strong reference on
46	+ // purpose so the object is never deleted and its deallocator is not
47	+ // called.
48	+ Py_INCREF(op);
49	}
50	}
51
52	--
53	2.25.1
54


diff --git a/meta/recipes-devtools/python/python3/0017-setup.py-do-not-report-missing-dependencies-for-disa.patch b/meta/recipes-devtools/python/python3/0017-setup.py-do-not-report-missing-dependencies-for-disa.patch index 0ead57e465..8c554feb4b 100644 --- a/meta/recipes-devtools/python/python3/0017-setup.py-do-not-report-missing-dependencies-for-disa.patch +++ b/meta/recipes-devtools/python/python3/0017-setup.py-do-not-report-missing-dependencies-for-disa.patch
@@ -12,16 +12,18 @@ Upstream-Status: Inappropriate [oe-core specific]
12	Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>	12	Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
13	Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>	13	Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
14	Signed-off-by: Alejandro Hernandez Samaniego <alejandro@enedino.org>	14	Signed-off-by: Alejandro Hernandez Samaniego <alejandro@enedino.org>
		15	Refresh for 3.10.7:
		16	Signed-off-by: Tim Orling <tim.orling@konsulko.com>
15		17
16	---	18	---
17	setup.py \| 8 ++++++++	19	setup.py \| 8 ++++++++
18	1 file changed, 8 insertions(+)	20	1 file changed, 8 insertions(+)
19		21
20	diff --git a/setup.py b/setup.py	22	diff --git a/setup.py b/setup.py
21	index 2be4738..62f0e18 100644	23	index 85a2b26357..7605347bf5 100644
22	--- a/setup.py	24	--- a/setup.py
23	+++ b/setup.py	25	+++ b/setup.py
24	@@ -517,6 +517,14 @@ class PyBuildExt(build_ext):	26	@@ -517,6 +517,14 @@ def print_three_column(lst):
25	print("%-s %-s %-*s" % (longest, e, longest, f,	27	print("%-s %-s %-*s" % (longest, e, longest, f,
26	longest, g))	28	longest, g))
27		29
@@ -35,4 +37,4 @@ index 2be4738..62f0e18 100644
35	+	37	+
36	if self.missing:	38	if self.missing:
37	print()	39	print()
38	print("Python build finished successfully!")	40	print("The necessary bits to build these optional modules were not "