diff options
Diffstat (limited to 'meta/recipes-devtools/python')
-rw-r--r-- | meta/recipes-devtools/python/python3-pip/0001-Don-t-split-git-references-on-unicode-separators.patch | 40 | ||||
-rw-r--r-- | meta/recipes-devtools/python/python3-pip_20.0.2.bb | 4 | ||||
-rw-r--r-- | meta/recipes-devtools/python/python3-pyelftools_0.27.bb | 2 | ||||
-rw-r--r-- | meta/recipes-devtools/python/python3/0001-Makefile-fix-Issue36464-parallel-build-race-problem.patch | 34 | ||||
-rw-r--r-- | meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch | 20 | ||||
-rw-r--r-- | meta/recipes-devtools/python/python3/makerace.patch | 23 | ||||
-rw-r--r-- | meta/recipes-devtools/python/python3_3.9.9.bb (renamed from meta/recipes-devtools/python/python3_3.9.5.bb) | 4 |
7 files changed, 79 insertions, 48 deletions
diff --git a/meta/recipes-devtools/python/python3-pip/0001-Don-t-split-git-references-on-unicode-separators.patch b/meta/recipes-devtools/python/python3-pip/0001-Don-t-split-git-references-on-unicode-separators.patch new file mode 100644 index 0000000000..f85353668a --- /dev/null +++ b/meta/recipes-devtools/python/python3-pip/0001-Don-t-split-git-references-on-unicode-separators.patch @@ -0,0 +1,40 @@ +From 25c1b92b1add0b81afe2fc6f9e82f66738a2d800 Mon Sep 17 00:00:00 2001 +From: Trevor Gamblin <trevor.gamblin@windriver.com> +Date: Thu, 22 Jul 2021 09:57:53 -0400 +Subject: [PATCH] Don't split git references on unicode separators + +Upstream-Status: Backport +(https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b) + +CVE: CVE-2021-3572 + +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> +--- + src/pip/_internal/vcs/git.py | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/pip/_internal/vcs/git.py b/src/pip/_internal/vcs/git.py +index 7483303a9..d706064e7 100644 +--- a/src/pip/_internal/vcs/git.py ++++ b/src/pip/_internal/vcs/git.py +@@ -137,9 +137,15 @@ class Git(VersionControl): + output = cls.run_command(['show-ref', rev], cwd=dest, + show_stdout=False, on_returncode='ignore') + refs = {} +- for line in output.strip().splitlines(): ++ # NOTE: We do not use splitlines here since that would split on other ++ # unicode separators, which can be maliciously used to install a ++ # different revision. ++ for line in output.strip().split("\n"): ++ line = line.rstrip("\r") ++ if not line: ++ continue + try: +- sha, ref = line.split() ++ sha, ref = line.split(" ", maxsplit=2) + except ValueError: + # Include the offending line to simplify troubleshooting if + # this error ever occurs. +-- +2.31.1 + diff --git a/meta/recipes-devtools/python/python3-pip_20.0.2.bb b/meta/recipes-devtools/python/python3-pip_20.0.2.bb index 99eeea2edf..9242d0e82e 100644 --- a/meta/recipes-devtools/python/python3-pip_20.0.2.bb +++ b/meta/recipes-devtools/python/python3-pip_20.0.2.bb @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8ba06d529c955048e5ddd7c45459eb2e" DEPENDS += "python3 python3-setuptools-native" -SRC_URI += "file://0001-change-shebang-to-python3.patch" +SRC_URI += "file://0001-change-shebang-to-python3.patch \ + file://0001-Don-t-split-git-references-on-unicode-separators.patch \ + " SRC_URI[md5sum] = "7d42ba49b809604f0df3d55df1c3fd86" SRC_URI[sha256sum] = "7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f" diff --git a/meta/recipes-devtools/python/python3-pyelftools_0.27.bb b/meta/recipes-devtools/python/python3-pyelftools_0.27.bb index 0cfd99504b..f8b9d420a5 100644 --- a/meta/recipes-devtools/python/python3-pyelftools_0.27.bb +++ b/meta/recipes-devtools/python/python3-pyelftools_0.27.bb @@ -11,3 +11,5 @@ PYPI_PACKAGE = "pyelftools" inherit pypi setuptools3 BBCLASSEXTEND = "native" + +RDEPENDS_${PN} += "${PYTHON_PN}-debugger ${PYTHON_PN}-pprint" diff --git a/meta/recipes-devtools/python/python3/0001-Makefile-fix-Issue36464-parallel-build-race-problem.patch b/meta/recipes-devtools/python/python3/0001-Makefile-fix-Issue36464-parallel-build-race-problem.patch deleted file mode 100644 index 237645bc60..0000000000 --- a/meta/recipes-devtools/python/python3/0001-Makefile-fix-Issue36464-parallel-build-race-problem.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 840fda32c82550259d02a7a56a78a9c05162b1a1 Mon Sep 17 00:00:00 2001 -From: Changqing Li <changqing.li@windriver.com> -Date: Wed, 8 May 2019 16:10:29 +0800 -Subject: [PATCH] Makefile: fix Issue36464 (parallel build race problem) - -When using make -j with the 'install' target, it's possible for altbininstall -(which normally creates BINDIR) and libainstall (which doesn't, though it -installs python-config there) to race, resulting in a failure due to -attempting to install python-config into a nonexistent BINDIR. Ensure it also -exists in the libainstall target. - -Upstream-Status: Submitted [https://github.com/python/cpython/pull/13186] - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - Makefile.pre.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile.pre.in b/Makefile.pre.in -index 15f3687..7e9f173 100644 ---- a/Makefile.pre.in -+++ b/Makefile.pre.in -@@ -1456,7 +1456,7 @@ LIBPL= @LIBPL@ - LIBPC= $(LIBDIR)/pkgconfig - - libainstall: @DEF_MAKE_RULE@ python-config -- @for i in $(LIBDIR) $(LIBPL) $(LIBPC); \ -+ @for i in $(LIBDIR) $(LIBPL) $(LIBPC) $(BINDIR); \ - do \ - if test ! -d $(DESTDIR)$$i; then \ - echo "Creating directory $$i"; \ --- -2.7.4 - diff --git a/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch b/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch index c4fae09a5b..99968b81de 100644 --- a/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch +++ b/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch @@ -1,7 +1,8 @@ -From 1ad771d86728ee2ed30e202e9768d8d825f96467 Mon Sep 17 00:00:00 2001 +From d9eb634b3d2e6ba831e864c50f6a37c48edfc4f3 Mon Sep 17 00:00:00 2001 From: Matthias Schoepfer <matthias.schoepfer@ithinx.io> Date: Fri, 31 May 2019 15:34:34 +0200 Subject: [PATCH] bpo-36852: proper detection of mips architecture for soft + float When (cross) compiling for softfloat mips, __mips_hard_float will not be @@ -13,18 +14,18 @@ to do this in a more autoconf/autotools manner. Upstream-Status: Submitted [https://github.com/python/cpython/pull/13196] Signed-off-by: Matthias Schoepfer <matthias.schoepfer@ithinx.io> -%% original patch: 0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch + --- configure.ac | 175 +++++++-------------------------------------------- 1 file changed, 21 insertions(+), 154 deletions(-) diff --git a/configure.ac b/configure.ac -index ede710e..bc81b0b 100644 +index e2979a8..337182d 100644 --- a/configure.ac +++ b/configure.ac -@@ -710,160 +710,27 @@ fi - MULTIARCH=$($CC --print-multiarch 2>/dev/null) - AC_SUBST(MULTIARCH) +@@ -728,160 +728,27 @@ then + fi + -AC_MSG_CHECKING([for the platform triplet based on compiler characteristics]) -cat >> conftest.c <<EOF @@ -202,8 +203,5 @@ index ede710e..bc81b0b 100644 + ;; +esac - if test x$PLATFORM_TRIPLET != x && test x$MULTIARCH != x; then - if test x$PLATFORM_TRIPLET != x$MULTIARCH; then --- -2.24.1 - + if test x$PLATFORM_TRIPLET != xdarwin; then + MULTIARCH=$($CC --print-multiarch 2>/dev/null) diff --git a/meta/recipes-devtools/python/python3/makerace.patch b/meta/recipes-devtools/python/python3/makerace.patch new file mode 100644 index 0000000000..96744cb557 --- /dev/null +++ b/meta/recipes-devtools/python/python3/makerace.patch @@ -0,0 +1,23 @@ +libainstall installs python-config.py but the .pyc cache files are generated +by the libinstall target. This means some builds may not generate the pyc files +for python-config.py depending on the order things happen in. This means builds +are not always reproducible. + +Add a dependency to avoid the race. + +Upstream-Status: Pending +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: Python-3.9.6/Makefile.pre.in +=================================================================== +--- Python-3.9.6.orig/Makefile.pre.in ++++ Python-3.9.6/Makefile.pre.in +@@ -1486,7 +1486,7 @@ LIBSUBDIRS= tkinter tkinter/test tkinter + venv venv/scripts venv/scripts/common venv/scripts/posix \ + curses pydoc_data \ + zoneinfo +-libinstall: build_all $(srcdir)/Modules/xxmodule.c ++libinstall: build_all $(srcdir)/Modules/xxmodule.c libainstall + @for i in $(SCRIPTDIR) $(LIBDEST); \ + do \ + if test ! -d $(DESTDIR)$$i; then \ diff --git a/meta/recipes-devtools/python/python3_3.9.5.bb b/meta/recipes-devtools/python/python3_3.9.9.bb index 82177f4a18..f41529833c 100644 --- a/meta/recipes-devtools/python/python3_3.9.5.bb +++ b/meta/recipes-devtools/python/python3_3.9.9.bb @@ -20,7 +20,6 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://python-config.patch \ file://0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch \ file://0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch \ - file://0001-Makefile-fix-Issue36464-parallel-build-race-problem.patch \ file://0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch \ file://crosspythonpath.patch \ file://0001-Use-FLAG_REF-always-for-interned-strings.patch \ @@ -31,6 +30,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ file://0001-Lib-sysconfig.py-use-libdir-values-from-configuratio.patch \ file://0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch \ + file://makerace.patch \ " SRC_URI_append_class-native = " \ @@ -38,7 +38,7 @@ SRC_URI_append_class-native = " \ file://12-distutils-prefix-is-inside-staging-area.patch \ file://0001-Don-t-search-system-for-headers-libraries.patch \ " -SRC_URI[sha256sum] = "0c5a140665436ec3dbfbb79e2dfb6d192655f26ef4a29aeffcb6d1820d716d83" +SRC_URI[sha256sum] = "06828c04a573c073a4e51c4292a27c1be4ae26621c3edc7cf9318418ce3b6d27" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" |