mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-06 00:38:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,530 Commits 38 Branches 617 Tags
c5126983d918ccffc474c8a4a283acd9c6f8daa9
Commit Graph

6 Commits

Author SHA1 Message Date
Soumya Sambu
31ea437bf7 python3: Fix CVE-2024-8088 
There is a HIGH severity vulnerability affecting the CPython "zipfile"
module. When iterating over names of entries in a zip archive (for example,
methodsof "zipfile.ZipFile" like "namelist()", "iterdir()", "extractall()",
etc) the process can be put into an infinite loop with a maliciously crafted
zip archive. This defect applies when reading only metadata or extracting
the contents of the zip archive. Programs that are not handling
user-controlled zip archives are not affected.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-8088

Upstream-Patch:
7ae310c56a

(From OE-Core rev: 2d98276ba70ed6c44afecd42a7352f1b3030438f)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-09-09 06:08:10 -07:00
Soumya Sambu
9541ad9650 python3: Fix CVE-2024-7592 
There is a LOW severity vulnerability affecting CPython, specifically the
'http.cookies' standard library module. When parsing cookies that contained
backslashes for quoted characters in the cookie value, the parser would use
an algorithm with quadratic complexity, resulting in excess CPU resources
being used while parsing the value.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-7592

Upstream-Patch:
dcc3eaef98

(From OE-Core rev: 3bb9684eef5227e7b1280ee9051884310b0d0b7f)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-09-09 06:08:10 -07:00
Trevor Gamblin
754724ec73 python3: skip test_multiprocessing/test_active_children test 
This test is causing problems on the Autobuilder, so disable it for now.

(From OE-Core rev: 9eafd0c56b279a7c3025b0dcd00745baead15bb6)

Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ac000b00ec615b3e51dda8d819015d5e7110ed88)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-08-01 06:08:09 -07:00
Trevor Gamblin
a28f4c97b3 python3: skip test_concurrent_futures/test_deadlock 
These tests are causing hangs on the Autobuilder, so disable them for
now.

(From OE-Core rev: 141c348ce83552beae88e115d9c4db5802c6e0f4)

Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 291f37808f1a2b2fdc8190696867f974994457c0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-08-01 06:08:09 -07:00
Khem Raj
8a203e0f2a python3: Treat UID/GID overflow as failure 
This fixes ptest failures on 32bit architectures

AssertionError:
Failed ptests:
{'python3': ['test_extractall_none_gid',
             'test_extractall_none_gname',
             'test_extractall_none_mode',
             'test_extractall_none_mtime',
             'test_extractall_none_uid',
             'test_extractall_none_uname',
             'setUpClass',
             'python3']}

(From OE-Core rev: 371124fa4bf1a255a4fc646b028398db8c9f3681)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 43104b547cb79693c83df0882773ae8dd74b1d35)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-08-01 06:08:09 -07:00
Trevor Gamblin
5da7e1b38a python3: upgrade 3.12.3 -> 3.12.4 
This release contains numerous security updates and fixes to
regressions. Changelog:

https://docs.python.org/release/3.12.4/whatsnew/changelog.html#python-3-12-4-final

Results of ptests in core-image-ptest-python3 (qemux86-64):

== Tests result: SUCCESS ==

26 tests skipped:
    test.test_asyncio.test_windows_events
    test.test_asyncio.test_windows_utils test.test_gdb.test_backtrace
    test.test_gdb.test_cfunction test.test_gdb.test_cfunction_full
    test.test_gdb.test_misc test.test_gdb.test_pretty_print
    test_asdl_parser test_clinic test_devpoll test_idle test_ioctl
    test_kqueue test_launcher test_msilib test_startfile test_tcl
    test_tix test_tkinter test_ttk test_ttk_textonly test_turtle
    test_winapi test_winconsoleio test_winreg test_wmi

9 tests skipped (resource denied):
    test_curses test_ossaudiodev test_smtpnet test_socketserver
    test_urllib2net test_urllibnet test_winsound test_xmlrpc_net
    test_zipfile64

454 tests OK.

Total duration: 2 min 45 sec
Total tests: run=41,470 skipped=1,548
Total test files: run=480/489 skipped=26 resource_denied=9
Result: SUCCESS
DURATION: 165
END: /usr/lib/python3/ptest
2024-06-10T17:03
STOP: ptest-runner
TOTAL: 1 FAIL: 0

(From OE-Core rev: 621b0298e1829a86002ebb57d99850907e775b43)

Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 012aeee398af4d4cce4012f71007cfb31266dd6c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2024-07-03 06:28:34 -07:00