Other changes:
- Rename 0034-lib-crypt-uClibc-ng-doesn-t-set-errno-when-encryptio.patch to
0035-lib-crypt-uClibc-ng-doesn-t-set-errno-when-encryptio.patch, as to not
overlap with 0034-Add-an-option-to-disable-the-berkeleydb-module.patch
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- bpo-43434: Creating a sqlite3.Connection object now also produces a
sqlite3.connect auditing event. Previously this event was only produced
by sqlite3.connect() calls. Patch by Erlend E. Aasland.
- bpo-43882: The presence of newline or tab characters in parts of a URL
could allow some forms of attacks.
Following the controlling specification for URLs defined by WHATWG
urllib.parse() now removes ASCII newlines and tabs from URLs, preventing
such attacks.
- bpo-43472: Ensures interpreter-level audit hooks receive the
cpython.PyInterpreterState_New event when called through the
_xxsubinterpreters module.
- bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4
address strings. Leading zeros are ambiguous and interpreted as octal
notation by some libraries. For example the legacy function
socket.inet_aton() treats leading zeros as octal notatation. glibc
implementation of modern inet_pton() does not accept any leading zeros.
For a while the ipaddress module used to accept ambiguous leading zeros.
- bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability
in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex
has quadratic worst-case complexity and it allows cause a denial of
service when identifying crafted invalid RFCs. This ReDoS issue is on the
client side and needs remote attackers to control the HTTP server.
- bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame,
and generator code/frame attribute access.
https://www.python.org/downloads/release/python-395/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module
which could be abused to read arbitrary files on the disk (directory
traversal vulnerability). Moreover, even source code of Python modules
can contain sensitive data like passwords. Vulnerability reported by
David Schwörer.
- bpo-43285: ftplib no longer trusts the IP address value returned from the
server in response to the PASV command by default. This prevents a
malicious FTP server from using the response to probe IPv4 address and
port combinations on the client network.
Code that requires the former vulnerable behavior may set a
trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to
True to re-enable it.
- bpo-43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and
gc.get_referents(). Patch by Pablo Galindo.
Note: 3.9.3 was recalled due to introducing unintentional ABI
incompatibility, and fixes re-released as 3.9.4:
https://www.python.org/downloads/release/python-394/
Add host-autoreconf-archive, as it is needed for autoreconf since:
064bc07f24
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-23336: urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a
query args separator
https://bugs.python.org/issue42967
And fixes a number of issues. For details, see the changelog:
https://docs.python.org/release/3.9.2/whatsnew/changelog.html
Drop the now upstreamed security patch and update the license hash for a
change of copyright year:
-2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Python Software Foundation;
+2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Python Software Foundation;
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-3177: Python 3.x through 3.9.1 has a buffer overflow in
PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution
in certain Python applications that accept floating-point numbers as
untrusted input, as demonstrated by a 1e300 argument to
c_double.from_param. This occurs because sprintf is used unsafely.
For details, see the advisory:
https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Buildroot generates Linux systems, so there is no need to have
MS Windows executables in there.
This reduces the target filesystem size by about 2MB:
$ du -hcs usr/lib/python3.8/distutils/command/wininst-*.exe
60K usr/lib/python3.8/distutils/command/wininst-6.0.exe
64K usr/lib/python3.8/distutils/command/wininst-7.1.exe
60K usr/lib/python3.8/distutils/command/wininst-8.0.exe
192K usr/lib/python3.8/distutils/command/wininst-9.0.exe
220K usr/lib/python3.8/distutils/command/wininst-9.0-amd64.exe
188K usr/lib/python3.8/distutils/command/wininst-10.0.exe
220K usr/lib/python3.8/distutils/command/wininst-10.0-amd64.exe
448K usr/lib/python3.8/distutils/command/wininst-14.0.exe
576K usr/lib/python3.8/distutils/command/wininst-14.0-amd64.exe
2,0M total
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a new option that prints the (runtime) path of compiled .py files
when VERBOSE=1 is set.
Signed-off-by: Robin Jarry <robin.jarry@6wind.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When generating a .pyc file, the original .py source file path is
encoded in it. It is used for various purposes: traceback generation,
.pyc file comparison with its .py source, and code inspection.
By default, the source path used when invoking compileall is encoded in
the .pyc file. Since we use paths relative to TARGET_DIR, we end up with
paths that are only valid when relative to '/' encoded in the installed
.pyc files on the target.
This breaks code inspection at runtime since the original source path
will be invalid unless the code is executed from '/'.
Unfortunately, compileall cannot be forced to use the proper path. It
was not written with cross-compilation usage in mind.
Rework the script to call py_compile.compile() directly with pertinent
options:
- The script now has a new --strip-root argument. This argument is
optional but will always be specified when compiling py files in
buildroot.
- All other (non-optional) arguments are folders in which all
"importable" .py files will be compiled to .pyc.
- Using --strip-root=$(TARGET_DIR), the future runtime path of each .py
file is computed and encoded into the compiled .pyc.
No need to change directory before running the script anymore.
The trickery used to handle error reporting was only applicable with
compileall. Since we implement our own "compileall", error reporting
becomes trivial.
Previously, we had a --force option to tell compileall.compiledir() to
forcibly recompile files if they had changed. Now, we would have to
handle it ourselves. It turns out to not be easy and would need us to
delve into the format of bytecompiled files to extract metadata and
compare it with the expected values, that being even dependent on the
python version being used (fortunately, only two for us: python 2.7 and
the latext 3.x).
Still, this is deemed too complex, and byte-compiling is pretty fast, so
much so that it should be eclipsed by the build duration anyway.
So we just drop support for --force, and instead we always byte-compile.
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Robin Jarry <robin.jarry@6wind.com>
[yann.morin.1998@free.fr:
- always byte-compile
- drop --force
- expand commit log to state so and explain why
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bugfix release, fixing a number of issues. For details, see the
announcement:
https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final
Adjust the spacing in the hash file and update the hash of the license file
for a change in copyright years:
-2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 Python Software Foundation;
+2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Python Software Foundation;
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With per-package directory support, Python external modules are
causing a problem: the _sysconfigdata.py module installed by the
Python interpreter contains a number of paths that are relative to the
current package per-package directory, i.e python or python3. For
example:
'BLDSHARED': '/home/thomas/projets/buildroot/output/per-package/python/host/bin/arm-linux-gcc -shared',
'CC': '/home/thomas/projets/buildroot/output/per-package/python/host/bin/arm-linux-gcc',
'CXX': '/home/thomas/projets/buildroot/output/per-package/python/host/bin/arm-linux-g++',
etc.
These paths are problematic, because it means that the wrong compiler
gets used when building external Python modules: instead of using the
compiler from the external Python module per-package host directory,
it uses the one from the 'python' or 'python3' per-package host
directory. Due to this, any native dependency needed by the external
Python module is not found, even though it is properly present in the
current package per-package directory.
Of course, the problem occurs with both target Python modules and host
Python modules.
To fix this, we simply rewrite those paths in _sysconfigdata.py before
building a Python package.
Interestingly, until now, the _sysconfidata.py that was used during
the build was the one from $(TARGET_DIR), which is a bit unusual: it
is more common to use files from $(STAGING_DIR) during the build
process. So this commit changes the PYTHON_PATH and PYTHON3_PATH
variables so that they point to $(STAGING_DIR), which makes the
_sysconfigdata.py fixup in $(STAGING_DIR) effective.
Fixes:
http://autobuild.buildroot.net/results/a24b0555fd4261b50dc3986635c30717d9cbe764/ (python-psycopg2)
http://autobuild.buildroot.net/results/080fa893e1b0e7a8c8a31ac1c98eb8871b97264d/ (python-alsaaudio)
http://autobuild.buildroot.net/results/79bc070f98d6d9d8ef78df12b248cdc7d0e405c3/ (python-lxml)
and many more Python packages that use native code with a native library
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/3b6/3b6280b0b7a9634b747db2865b21c6266007c725/
The PYTHON_KEEP_PY_FILES global variable conflicts with the per-package
<pkg>_KEEP_PY_FILES variable for the python package, causing make to
complain:
package/zlib/zlib.mk:7: *** Recursive variable 'PYTHON_KEEP_PY_FILES' references itself (eventually). Stop.
As a workaround, rename the global variable to KEEP_PYTHON_PY_FILES so it
cannot conflict with the per-package variable.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When BR2_PACKAGE_PYTHON{,3}_PYC_ONLY=y, we force remove all .py files
from the system, as they have all been byte-compiled into their .pyc
variants.
However, it turns out that some packages (e.g: OpenCV) do some funky
things with a few .py files: they pass them through Python's
execfile() facility, which only works with .py files and not .pyc
files. It is used by OpenCV for example to read two small
configuration files.
In order to support such use cases, this commit introduces a very
simple mechanism by which packages can exclude some path patterns from
the .py removal: a per-package <pkg>_KEEP_PY_FILES variable that is
collected into a global PYTHON_KEEP_PY_FILES variable, then used by
the python/python3 target-finalize hooks.
This variable is intentionally not documented, this is really a hack
that we ideally would like to see go away, and we'd rather not see its
usage spread too much.
This is necessary to be able to fix bug #12171.
[Peter: check if PYTHON_KEEP_PY_FILES contains non-white space]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some python scripts may be ran in the custom scripts a user can define
in the config. Allow the user to enable host-python3 explicitly.
If any of those require ssl, they will fail with no possible fix.
Add an option to enable openssl as well. This is made optional because
openssl significantly increases the build time.
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
python3 nowadays appends the triplet to the config-<version>m directory:
echo target/usr/lib/python3.7/config-*
target/usr/lib/python3.7/config-3.7m-powerpc-linux-gnu
Likewise, there is no longer a pyconfig.h:
ls target/usr/lib/python3.7/config-3.7m-powerpc-linux-gnu
config.c config.c.in install-sh libpython3.7m.a Makefile
makesetup python-config.py python.o Setup Setup.local
So adjust the removal logic to match. Use a wildcard rather than
$GNU_TARGET_NAME as buildroot and python3's idea of the triplet doesn't
always match (E.G. for musl/uclibc).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes:
http://autobuild.buildroot.net/results/cb4/cb49c539501342e45cbe5ade82e588fcdf51f05b
GCC commit 6834b83784dcf0364eb820e8 (multiarch support for non-glibc linux
systems), which is part of GCC 8+, changed the multiarch logic to use
$arch-linux-musl / $arch-linux-uclibc rather than $arch-linux-gnu.
This then causes the python3 configure script to error out:
checking for the platform triplet based on compiler characteristics... powerpc-linux-gnu
configure: error: internal configure error for the platform triplet, please file a bug report
http://autobuild.buildroot.net/results/cb4/cb49c539501342e45cbe5ade82e588fcdf51f05b
As it requires that the --print-multiarch output (if not empty) matches the
deduced triplet (which always uses -linux-gnu).
It isn't quite clear why --print-multiarch returns something for a
non-multiarch toolchain on some architectures (E.G. PowerPC), but as a
workaround, add a patch to rewrite the --print-multiarch output to match
older GCC versions to keep the configure script happy.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
- bpo-37463: ssl.match_hostname() no longer accepts IPv4 addresses with
additional text after the address and only quad-dotted notation without
trailing whitespaces. Some inet_aton() implementations ignore whitespace
and all data after whitespace, e.g. ‘127.0.0.1 whatever’.
- bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file://
and local_file:// URL schemes in URLopener().open() and
URLopener().retrieve() of urllib.request.
- bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded
whitespace or control characters through into the underlying http client
request. Such potentially malicious header injection URLs now cause an
http.client.InvalidURL exception to be raised.
- bpo-33529: Prevent fold function used in email header encoding from
entering infinite loop when there are too many non-ASCII characters in a
header.
- bpo-35755: shutil.which() now uses os.confstr("CS_PATH") if available and
if the PATH environment variable is not set. Remove also the current
directory from posixpath.defpath. On Unix, shutil.which() and the
subprocess module no longer search the executable in the current directory
if the PATH environment variable is not set.
Also remove the following upstreamed patches:
- 0033-bpo-36742-Fixes-handling-of-pre-normalization-charac.patch
- 0034-bpo-36742-Corrects-fix-to-handle-decomposition-in-us.patch
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Peter: mention security fixes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Globally change Adam Duskett's email address to aduskett@gmail.com.
Note that one or two of the patches may have been applied upstream with
the old email address, but in that case those patches will anyway be
removed when bumping.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes CVE-2019-10160: urlsplit does not handle NFKC normalization (2nd fix)
While the fix for CVE-2019-9936 is included in 3.7.3, the followup
regression fixes unfortunatly aren't.
https://bugs.python.org/issue36742
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When python3 depends on bluez5_utils-headers,
python3 is build with bluetooth support.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
[Arnout: select bluez5_utils-headers is bluez5_utils is enabled]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Other changes include:
- Refreshing all necessary patches for 3.7.0
- Add a hash for the license file.
- Python no longer has it's own internal libffi, as such, host-libffi
is now required to build host-python3, and is added as a
dependency.
- Drop PYTHON3_LIBTOOL_PATCH = NO, since there is no longer any
internal libffi copy that was causing the libtool patching process
to fail.
- A new core module "uuid" is now is added in the Config.in file, and
relies on util-linux's uuid library.
- Also, a new patch: 0030-Fix-cross-compiling-the-uuid-module.patch
is required to fix compiling the uuid module, because the include
directory search path for uuid.h is hardcoded to /usr/include/uuid,
which causes an "unsafe for cross-compilation" error during
compiling if the host pc has uuid headers installed.
- 0031-Add-an-option-to-disable-uuid-module.patch is added to allow
disabling the Python3 UUID module, so that when
BR2_PACKAGE_PYTHON3_UUID is disabled by the UUID library is
present, the uuid Python module is not built, as expected.
- 0032-fix-building-on-older-distributions.patch is added to change
os.replace by os.rename in the update_file.py script to fix
building on older Linux distributions that have older versions of
python that don't include os.replace.
os.rename acts in the same way as os.replace, but is cross-platform
compatible. Because Buildroot is guaranteed to be built in a POSIX
environment, it is safe to change replace to rename.
Tested on CentOS6 and Fedora28, All test results passed:
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: SKIPPED
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: SKIPPED
armv5-ctng-linux-gnueabi [6/6]: OK
6 builds, 2 skipped, 0 build failed, 0 legal-info failed
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Thomas:
- remove PYTHON3_LIBTOOL_PATCH = NO
- improve the solution in patch 0030-Fix-cross-compiling-the-uuid-module
- add patch 0031-Add-an-option-to-disable-uuid-module]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit fixes the warnings reported by check-package on the help
text of all package Config.in files, related to the formatting of the
help text: should start with a tab, then 2 spaces, then at most 62
characters.
The vast majority of warnings fixed were caused by too long lines. A
few warnings were related to spaces being used instead of a tab to
indent the help text.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When prefix is set to a path like /usr during crossbuild
the sed operations end up executing twice, once for the prefix
reassignment and another for includedir if it is set as a string
including the ${prefix} variable. This results in an issue
when the build directory is under /usr.
This patch updates the remaining location which uses the prefix
variable to also sed and update to use the real path.
Upstream bug report:
https://bugs.python.org/issue31713
Buildroot bug:
https://bugs.busybox.net/show_bug.cgi?id=10361
Fixes failures like the following:
dbus-python-1.2.4 | NOK | http://autobuild.buildroot.net/results/758858efa97b6273c1b470513f5492258a6d8853
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Arnout: refer to autobuild failures that still exist]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bump Python3 version to 3.6.2.
Patches dropped:
"Support PGEN_FOR_BUILD and FREEZE_IMPORTLIB_FOR_BUILD"
Rationale: With commit 9d02f562961efd12d3c8317a10916db7f77330cc, code
generation step of building CPython now became explicit (instead of
always performed as a part of 'make' invocation) and more granular. We
no longer need to use Parser/pgen at all and tricking the build system
into using different Programs/_freeze_importlib can be done as a part
of recipe.
Additional info about the build change can be found at
https://bugs.python.org/issue23404
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is similar to 350941e31d
("python: remove target Python packages from PYTHONPATH") but for
python3.
We currently have
$(TARGET_DIR)/usr/lib/python$(PYTHON3_VERSION_MAJOR)/site-packages/
inside the PYTHON3_PATH variable, which gets used to define
PYTHONPATH, passed to the host Python interpreter when
building/installing target packages.
However, this is terribly wrong, as it causes the host interpreter to
potentially import target Python packages. This is wrong for several
reasons:
- Some Python packages might need some Python modules to be installed
on the host (described in setup_requires in setup.py), but their
installation currently works because by luck the corresponding
Python module is installed for the target. Some of those cases were
happening for real, and fixed by previous patches.
- Some Python packages include some native code, therefore built for
a specific CPU architecture. When you point the host Python
interpreter to native libraries built for the target, you get nice
build failures, such as the one affecting the python-cffi related
packages.
This change fixes the following build failures:
http://autobuild.buildroot.net/results/9005b89407e46b537a54cac6cc0c69dcac4dc5ea/
(python-cryptography)
http://autobuild.buildroot.net/results/395682d33d02fdcaa39d3c0326355bd9ea3d6feb/
(python-pynacl)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Tested-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since things are no longer installed in $(HOST_DIR)/usr, the callers
should also not refer to it.
This is a mechanical change with
git grep -l '$(HOST_DIR)/usr/bin' | xargs sed -i 's%$(HOST_DIR)/usr/bin%$(HOST_DIR)/bin%g'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
