mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-04 06:10:16 +03:00
fbe6c566a9
Fixes the following security issues:
- bpo-40121: Fixes audit events raised on creating a new socket
- bpo-38576: Disallow control characters in hostnames in http.client,
addressing CVE-2019-18348. Such potentially malicious header injection
URLs now cause a InvalidURL to be raised.
- bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the
urllib.request module uses an inefficient regular expression which can be
exploited by an attacker to cause a denial of service. Fix the regex to
prevent the catastrophic backtracking. Vulnerability reported by Ben
Caller and Matt Schwager.
For more details, see the changelog:
https://docs.python.org/release/3.8.3/whatsnew/changelog.html#security
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5ff01eb31f)
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
57 lines
2.0 KiB
Diff
57 lines
2.0 KiB
Diff
From 586a67bb448290a98df45e9f61d803952d2aa761 Mon Sep 17 00:00:00 2001
|
|
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Date: Wed, 22 Feb 2017 16:21:31 -0800
|
|
Subject: [PATCH] Make the build of pyc files conditional
|
|
|
|
This commit adds a new configure option --disable-pyc-build to disable
|
|
the compilation of pyc.
|
|
|
|
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
[ Andrey Smrinov: ported to Python 3.6 ]
|
|
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
|
|
---
|
|
Makefile.pre.in | 2 ++
|
|
configure.ac | 6 ++++++
|
|
2 files changed, 8 insertions(+)
|
|
|
|
diff --git a/Makefile.pre.in b/Makefile.pre.in
|
|
index 502317aa0c..f9011c132a 100644
|
|
--- a/Makefile.pre.in
|
|
+++ b/Makefile.pre.in
|
|
@@ -1455,6 +1455,7 @@ libinstall: build_all $(srcdir)/Modules/xxmodule.c
|
|
$(INSTALL_DATA) $(srcdir)/Modules/xxmodule.c \
|
|
$(DESTDIR)$(LIBDEST)/distutils/tests ; \
|
|
fi
|
|
+ifeq (@PYC_BUILD@,yes)
|
|
-PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
|
|
$(PYTHON_FOR_BUILD) -Wi $(DESTDIR)$(LIBDEST)/compileall.py \
|
|
-j0 -d $(LIBDEST) -f \
|
|
@@ -1482,6 +1483,7 @@ libinstall: build_all $(srcdir)/Modules/xxmodule.c
|
|
$(PYTHON_FOR_BUILD) -Wi -OO $(DESTDIR)$(LIBDEST)/compileall.py \
|
|
-j0 -d $(LIBDEST)/site-packages -f \
|
|
-x badsyntax $(DESTDIR)$(LIBDEST)/site-packages
|
|
+endif
|
|
-PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
|
|
$(PYTHON_FOR_BUILD) -m lib2to3.pgen2.driver $(DESTDIR)$(LIBDEST)/lib2to3/Grammar.txt
|
|
-PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
|
|
diff --git a/configure.ac b/configure.ac
|
|
index a189d42c2c..4690cdba9f 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -1091,6 +1091,12 @@ fi
|
|
|
|
AC_MSG_CHECKING(LDLIBRARY)
|
|
|
|
+AC_SUBST(PYC_BUILD)
|
|
+
|
|
+AC_ARG_ENABLE(pyc-build,
|
|
+ AS_HELP_STRING([--disable-pyc-build], [disable build of pyc files]),
|
|
+ [ PYC_BUILD="${enableval}" ], [ PYC_BUILD=yes ])
|
|
+
|
|
# MacOSX framework builds need more magic. LDLIBRARY is the dynamic
|
|
# library that we build, but we do not want to link against it (we
|
|
# will find it with a -framework option). For this reason there is an
|
|
--
|
|
2.20.1
|
|
|