summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/python/python3_3.5.5.bb
Commit message (Collapse)AuthorAgeFilesLines
* python3: CVE-2018-1061Sinan Kaya2018-10-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * CVE-2018-1060 Prevent low-grade poplib REDOS: The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. * CVE-2018-1061 Prevent difflib REDOS The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Affects < 3.5.6rc1 CVE: CVE-2018-1060 CVE: CVE-2018-1061 Ref: https://access.redhat.com/security/cve/cve-2018-1060 Ref: https://access.redhat.com/security/cve/cve-2018-1061 (From OE-Core rev: 1461bcc72e6649920ecf4226e006e5667c48a21c) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nativesdk-python*: suppress user site dirsMartin Kelly2018-07-021-1/+1
| | | | | | | | | | | | | | | | | | | Currently, $HOME/.local is being added into sys.path in the Python SDK causing subtle host contamination. Suppress this by exporting PYTHONNOUSERSITE = "1" as documented in PEP 370. This issue occurred in the past for python*-native and was fixed similarly in OE-core commit 8fe9fb4d5a61dcbcb3fc5b9ee0234cc135af873f ("python*native.bbclass: suppress user site dirs"). (From OE-Core rev: 0dc36439cb9fe1cea50bed59da6302f78372a30b) (From OE-Core rev: 376827d359a3769ee6477eac6e6b349a2050a867) Signed-off-by: Martin Kelly <mkelly@xevo.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: Add recommended modules to nativesdk installTom Hochstein2018-04-131-0/+1
| | | | | | | | | | | | | | | The python3 installation in the SDK did not include the minimum set of modules to be functional, particularly in the case where Python is brought in through dependencies. Rather than requiring the user to explicitly add the modules, it's better to pull in the modules through RRECOMMENDS. Note that the Python 2 recipe already does this. (From OE-Core rev: 5a88e59e488248b7ec53b072f934052b96c78a51) Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: add readline to PACKAGECONFIGAnuj Mittal2018-03-201-1/+4
| | | | | | | | | | | | | Provide a way to make readline dependency optional in case someone might want to use BSD alternative editline instead. Using editline would need some changes though (python issue13501). (From OE-Core rev: 9b12a3f031373ad0696409e4f933b1a585ea7f1f) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: update to version 3.5.5 to fix security issuesDerek Straka2018-03-151-0/+319
License-Update: checksum change is due to bump in copyright year Resolves CVE-2017-1000158 and other potential security issues See https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-5-final (From OE-Core rev: 4a27d50e4e8db87d005aca9d976fe8e674952777) Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-02-05 10:15:15 +0000