openembedded-core.git/meta/recipes-devtools/python, branch daisy Mirror of openembedded-core python: CVE-2014-7185 2015-04-27T14:20:32+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-04-22T12:57:28+00:00 2590eb53a6dac90cba52edd09ea56a6bdf4c4533 Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. PoC: Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.

PoC:

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
python: Disables SSLv3 2015-02-06T14:48:40+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-01-16T10:16:03+00:00 926904f65db33aa7a6a54bd6cdc9c8b34f000b0d This is related to "SSLv3 POODLE vulnerability" CVE-2014-3566 Building python without SSLv3 support when openssl is built without any support for SSLv3 (e.g. by adding EXTRA_OECONF = " -no-ssl3" in the openssl recipes). Backport from: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768611#22 [python2.7-nossl3.patch] only Modules/_ssl.c is backported. References: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7015 https://bugzilla.yoctoproject.org/show_bug.cgi?id=6843 http://bugs.python.org/issue22638 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> 
This is related to "SSLv3 POODLE vulnerability" CVE-2014-3566

Building python without SSLv3 support when openssl is built without
any support for SSLv3 (e.g. by adding EXTRA_OECONF = " -no-ssl3" in
the openssl recipes).

Backport from:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768611#22
[python2.7-nossl3.patch] only Modules/_ssl.c is backported.

References:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7015
https://bugzilla.yoctoproject.org/show_bug.cgi?id=6843
http://bugs.python.org/issue22638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
python: force off_t size to 8 to enable large file support 2014-11-06T11:38:50+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2014-11-06T05:08:50+00:00 94483eff5d0858ef1b5a8850268aa6a7bc6e6463 If DISTRO_FEATURES contains "largefile", force the size of off_t to 8 as a workaround for having ac_cv_sizeof_off_t=4 on 32-bit systems. In future we will likely drop the value from the site file, but for now this is a slightly safer fix. Fixes [YOCTO #6813]. (From OE-Core master rev: a8216030ee6c65531de8fbf3eed878a345a94edc) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
If DISTRO_FEATURES contains "largefile", force the size of off_t to 8 as
a workaround for having ac_cv_sizeof_off_t=4 on 32-bit systems. In
future we will likely drop the value from the site file, but for now
this is a slightly safer fix.

Fixes [YOCTO #6813].

(From OE-Core master rev: a8216030ee6c65531de8fbf3eed878a345a94edc)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
python-native : Add patch to fix configure error with gcc 4.8. 2014-06-17T08:00:20+00:00 Philip Balister philip@balister.org 2014-05-21T12:57:12+00:00 da5c99c7893b589f0d2f2e6d76261b4063ffdd32 We apply this patch to the python recipe already. Without this patch the zeroc-ice-native recipe will not build. See: http://bugs.python.org/issue17547 for more details. Signed-off-by: Philip Balister <philip@balister.org> Signed-off-by: Saul Wold <sgw@linux.intel.com> 
We apply this patch to the python recipe already. Without this patch
the zeroc-ice-native recipe will not build.

See: http://bugs.python.org/issue17547 for more details.

Signed-off-by: Philip Balister <philip@balister.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
python3: Revert python-config to distutils.sysconfig 2014-05-29T12:42:07+00:00 Tyler Hall tylerwhall@gmail.com 2014-05-05T00:06:43+00:00 de5797b27a358954eb15318d0d77ad1981981861 The newer sysconfig module shares some code with distutils.sysconfig, but the same modifications as in 12-distutils-prefix-is-inside-staging-area.patch makes distutils.sysconfig affect the native runtime as well as cross building. Use the old, patched implementation which returns paths in the staging directory and for the target, as appropriate. This change reverts this upstream patch http://hg.python.org/cpython/diff/712970b019f7/Misc/python-config.in (From OE-Core rev: 7b2ffd68ae8235dcc3ddff9cbe8525e61f3b3d28) Signed-off-by: Tyler Hall <tylerwhall@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The newer sysconfig module shares some code with distutils.sysconfig,
but the same modifications as in

12-distutils-prefix-is-inside-staging-area.patch

makes distutils.sysconfig affect the native runtime as well as cross
building.  Use the old, patched implementation which returns paths in
the staging directory and for the target, as appropriate.

This change reverts this upstream patch
http://hg.python.org/cpython/diff/712970b019f7/Misc/python-config.in

(From OE-Core rev: 7b2ffd68ae8235dcc3ddff9cbe8525e61f3b3d28)

Signed-off-by: Tyler Hall <tylerwhall@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
python3: Substitute correct python version in shebang 2014-05-29T12:42:06+00:00 Tyler Hall tylerwhall@gmail.com 2014-05-04T22:37:50+00:00 ae49adc13db10cb39eeb9377eb4c60a4db436e00 If python2 and python3 are both available, scripts that are subject to this substitution can possibly run with the wrong python version. python3-config is one such script. (From OE-Core rev: 23849347d0fe60a01578efdd6c6e23ebb444dcd6) Signed-off-by: Tyler Hall <tylerwhall@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
If python2 and python3 are both available, scripts that are subject to
this substitution can possibly run with the wrong python version.
python3-config is one such script.

(From OE-Core rev: 23849347d0fe60a01578efdd6c6e23ebb444dcd6)

Signed-off-by: Tyler Hall <tylerwhall@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
python: Fix CVE-2014-1912 2014-04-08T16:51:04+00:00 Maxin B. John maxin.john@enea.com 2014-04-07T15:48:11+00:00 344049ccfa59ae489c35fe0fb7592f7d34720b51 A remote user can send specially crafted data to trigger a buffer overflow in socket.recvfrom_into() and execute arbitrary code on the target system. The code will run with the privileges of the target service. This back-ported patch fixes CVE-2014-1912 Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
A remote user can send specially crafted data to trigger a buffer overflow
in socket.recvfrom_into() and execute arbitrary code on the target system.
The code will run with the privileges of the target service.

This back-ported patch fixes CVE-2014-1912

Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
python: fix build error with Readline 6.3 2014-04-04T10:51:27+00:00 Chong Lu Chong.Lu@windriver.com 2014-04-03T07:52:22+00:00 a6b91ae7dec2edebc0eaea0592c42b1c455ad4d7 Backport two patches from upstream: use new readline function types (closes #20374) Issue #20374: Avoid compiler warnings when compiling readline with libedit. [YOCTO #6107] Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Backport two patches from upstream:

use new readline function types (closes #20374)
Issue #20374: Avoid compiler warnings when compiling readline with libedit.

[YOCTO #6107]

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
python3: sync module dependencies from 2.7 2014-03-21T12:05:32+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2014-03-20T17:41:39+00:00 4669afac1004a89e6b87ec46136ca3e7448700d4 These have been added recently to 2.7 but were missing in the 3.3 script/inc file. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> 
These have been added recently to 2.7 but were missing in the 3.3
script/inc file.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
generate-manifest-3.3.py: sync descriptions with 2.7 version 2014-03-21T12:05:32+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2014-03-20T17:23:08+00:00 081bc11c347d11d285f2948127bca81a285ada84 Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> 
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>