mirrors/poky - poky - zepto initiative

mirror of https://git.yoctoproject.org/poky synced 2026-02-06 08:48:45 +01:00

Author	SHA1	Message	Date
Anuj Mittal	f68ae0df3e	python3: fix CVE-2021-3177 (From OE-Core rev: 489ef4207141aa8527be95a5ba86aa30540357a4) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> (cherry picked from commit 25d1cae49e56797c4c9e91c01697c4de02dee046) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-03-10 00:22:50 +00:00
Tomasz Dziendzielski	4633b1696d	python3: Use addtask statement instead of task dependencies The externalsrc class deletes do_patch task which results with: \| ERROR: Task do_create_manifest in <PATH>/python3_3.8.2.bb depends upon \| non-existent task do_patch in <PATH>/python3_3.8.2.bb Use addtask to define correct order to prevent this error, since addtask mechanism accepts deleted tasks. [YOCTO #14151] (From OE-Core rev: 35ca0a401e62a8a8b88c3089929eda401a90f762) Signed-off-by: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a746d034fa7eaad4f4876fa61c5a8c3c15e211c8) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-02-10 23:55:53 +00:00
Richard Purdie	cc711af144	python3: Avoid installing test data into recipe-sysroot There are several thousand files in the test directory which we don't need. Adding these for the native and target sysroots is a crazy amount of files to be throwing around needlessly. Delete the files from the sysroot side of things to tidy up the sysroots and improve performance. (From OE-Core rev: f73ac290617e89b80e10dc700c0e90efddc8e1b2) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f6bced03011ad1663d68b0322a2f8aeb4d836646) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-02-05 23:37:04 +00:00
Andrej Valek	31e97c2cae	python3: fix CVE-2019-20907 - move fixing patch for CVE-2020-8492 to the right location (From OE-Core rev: f7e7378ea7099af8555de809787cf8e2cb5208fd) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2020-12-18 14:20:19 +00:00
Ross Burton	4e8a6a05b7	python3: add CVE-2007-4559 to whitelist This issue describes expected behaviour, do not use tarfile with untrusted data. (From OE-Core rev: 267130c66dde462a0a1043ab5dffdb86781389a0) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f4c22e83f2e68ff157da5ea1303acc2931d63f5f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2020-12-09 23:49:01 +00:00
Lee Chee Yang	9c5ec3fd7b	python3: fix CVE-2020-27619 (From OE-Core rev: 001ee91818642ddac7c1b8e5236baa5c4c542b72) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2020-11-24 13:17:59 +00:00
Lee Chee Yang	17d7d64ebe	python3: whitelist CVE-2020-15523 This CVE is issue on _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath. Since it is .dll issue (on windows only), hence whitelist it. https://bugs.python.org/issue29778 (From OE-Core rev: c216431d0704bd8be237e860bbdc32be34a82aee) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2020-11-24 13:17:59 +00:00
Mingli Yu	75997e9e80	python3: add ldconfig rdepends for python3-ctypes The ctypes module needs to use "ldconfig -p" to find the library path and it simply has below logic if no ldconfig installed. except OSError: pass Before the patch: >>> from ctypes.util import find_library >>> lib_path = find_library('archive') >>> print(lib_path) None After the patch: >>> from ctypes.util import find_library >>> lib_path = find_library('archive') >>> print(lib_path) libarchive.so.13 (From OE-Core rev: 84e1a32096db9deb98d282a652beec95dbfe80f1) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ddb96902a124a6e1f035f0fd868b0139989bc1bc) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2020-11-22 13:27:37 +00:00
Lee Chee Yang	002113701a	python3: fix CVE-2020-26116 (From OE-Core rev: 2f607a61a820bfbc369f779c3161a339f088d04f) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2020-10-27 22:42:20 +00:00
Lee Chee Yang	17e594e8f9	python3: fix CVE-2020-14422 (From OE-Core rev: 0400d217d0891ee553926c10d7caaabc8bebc22e) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2020-07-07 23:15:10 +01:00
Trevor Gamblin	5811ed9140	python3: fix CVE-2020-8492 CVE: CVE-2020-8492 (From OE-Core rev: c9ee462bb606b34ab31cfb90f84a5302d15135cf) Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2020-05-07 13:03:30 +01:00
Trevor Gamblin	1e647ab5a9	python: upgrade 3.8.1 -> 3.8.2 THE LICENSE checksum changed in this update due to copyright notice added for 2020. (From OE-Core rev: 3513721b5dd660c7e6a8038b89ca17f1b76f7f9b) Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2020-03-13 23:00:26 +00:00

12 Commits