mirror of
https://git.yoctoproject.org/poky
synced 2026-02-05 16:28:43 +01:00
da75a9aaf0
http://bugs.python.org/issue21529 Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index. The bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code; internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory. (From OE-Core rev: 9ec213bf67afbdfdbe25802ec86487bb22aeb2e4) Signed-off-by: Benjamin Peterson <benjamin@python.org> Applied to python-native recipe in order to fix the above mentioned vulnerability. Upstream-Status: Submitted Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
62 lines
2.1 KiB
BlitzBasic
62 lines
2.1 KiB
BlitzBasic
require python.inc
|
|
|
|
EXTRANATIVEPATH += "bzip2-native"
|
|
DEPENDS = "openssl-native bzip2-replacement-native zlib-native readline-native sqlite3-native"
|
|
PR = "${INC_PR}.1"
|
|
|
|
SRC_URI += "\
|
|
file://05-enable-ctypes-cross-build.patch \
|
|
file://06-ctypes-libffi-fix-configure.patch \
|
|
file://10-distutils-fix-swig-parameter.patch \
|
|
file://11-distutils-never-modify-shebang-line.patch \
|
|
file://12-distutils-prefix-is-inside-staging-area.patch \
|
|
file://debug.patch \
|
|
file://unixccompiler.patch \
|
|
file://nohostlibs.patch \
|
|
file://multilib.patch \
|
|
file://add-md5module-support.patch \
|
|
file://builddir.patch \
|
|
file://parallel-makeinst-create-bindir.patch \
|
|
file://python-fix-build-error-with-Readline-6.3.patch \
|
|
file://gcc-4.8-fix-configure-Wformat.patch \
|
|
file://json-flaw-fix.patch \
|
|
"
|
|
S = "${WORKDIR}/Python-${PV}"
|
|
|
|
FILESEXTRAPATHS =. "${FILE_DIRNAME}/${PN}:"
|
|
|
|
inherit native
|
|
|
|
RPROVIDES += "python-distutils-native python-compression-native python-textutils-native python-codecs-native python-core-native"
|
|
|
|
EXTRA_OECONF_append = " --bindir=${bindir}/${PN}"
|
|
|
|
EXTRA_OEMAKE = '\
|
|
BUILD_SYS="" \
|
|
HOST_SYS="" \
|
|
LIBC="" \
|
|
STAGING_LIBDIR=${STAGING_LIBDIR_NATIVE} \
|
|
STAGING_INCDIR=${STAGING_INCDIR_NATIVE} \
|
|
'
|
|
|
|
do_configure_prepend() {
|
|
autoreconf --verbose --install --force --exclude=autopoint Modules/_ctypes/libffi || bbnote "_ctypes failed to autoreconf"
|
|
}
|
|
|
|
do_install() {
|
|
oe_runmake 'DESTDIR=${D}' install
|
|
install -d ${D}${bindir}/${PN}
|
|
install -m 0755 Parser/pgen ${D}${bindir}/${PN}
|
|
|
|
# Make sure we use /usr/bin/env python
|
|
for PYTHSCRIPT in `grep -rIl ${bindir}/${PN}/python ${D}${bindir}/${PN}`; do
|
|
sed -i -e '1s|^#!.*|#!/usr/bin/env python|' $PYTHSCRIPT
|
|
done
|
|
|
|
# Add a symlink to the native Python so that scripts can just invoke
|
|
# "nativepython" and get the right one without needing absolute paths
|
|
# (these often end up too long for the #! parser in the kernel as the
|
|
# buffer is 128 bytes long).
|
|
ln -s python-native/python ${D}${bindir}/nativepython
|
|
}
|