python: Backport 2 CVE from upstream

These are back ports of 2 patches from upstream to address CVE-2011-4944 CVE-2013-4238 (From OE-Core rev: 4606eab53e8eff57d6369ea20a5ea63916ea3ea7) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-13 23:02:30 +02:00 · 2013-08-29 11:54:17 -07:00
parent 116441d6dc
commit 36fcb616b0
3 changed files with 288 additions and 0 deletions
--- a/meta/recipes-devtools/python/python/pypirc-secure.patch
+++ b/meta/recipes-devtools/python/python/pypirc-secure.patch
@@ -0,0 +1,35 @@
+# HG changeset patch
+# User Philip Jenvey <pjenvey@underboss.org>
+# Date 1322701507 28800
+# Branch 2.7
+# Node ID e7c20a8476a0e2ca18f8040864cbc400818d8f24
+# Parent  3ecddf168f1f554a17a047384fe0b02f2d688277
+create the .pypirc securely
+
+Upstream-Status: Backport
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+
+diff -r 3ecddf168f1f -r e7c20a8476a0 Lib/distutils/config.py
+--- a/Lib/distutils/config.py	Tue Nov 29 00:53:09 2011 +0100
+++ b/Lib/distutils/config.py	Wed Nov 30 17:05:07 2011 -0800
+@@ -42,16 +42,8 @@
+     def _store_pypirc(self, username, password):
+         """Creates a default .pypirc file."""
+         rc = self._get_rc_file()
+-        f = open(rc, 'w')
+-        try:
+-            f.write(DEFAULT_PYPIRC % (username, password))
+-        finally:
+-            f.close()
+-        try:
+-            os.chmod(rc, 0600)
+-        except OSError:
+-            # should do something better here
+-            pass
+        with os.fdopen(os.open(rc, os.O_CREAT | os.O_WRONLY, 0600), 'w') as fp:
+            fp.write(DEFAULT_PYPIRC % (username, password))
+ 
+     def _read_pypirc(self):
+         """Reads the .pypirc file."""