godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-04 06:10:16 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
15a05e6d5a875759d217d61b3c7b31ec87ea4eb5
buildroot/package/python3/0003-Add-infrastructure-to-disable-the-build-of-certain-e.patch
Adam Duskett fbe6c566a9 package/python3: security bump to version 3.8.3 
Fixes the following security issues:

- bpo-40121: Fixes audit events raised on creating a new socket

- bpo-38576: Disallow control characters in hostnames in http.client,
  addressing CVE-2019-18348.  Such potentially malicious header injection
  URLs now cause a InvalidURL to be raised.

- bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the
  urllib.request module uses an inefficient regular expression which can be
  exploited by an attacker to cause a denial of service.  Fix the regex to
  prevent the catastrophic backtracking.  Vulnerability reported by Ben
  Caller and Matt Schwager.

For more details, see the changelog:
https://docs.python.org/release/3.8.3/whatsnew/changelog.html#security

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5ff01eb31f)
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-07-15 23:07:40 +02:00

109 lines
3.9 KiB
Diff
Raw Blame History

From 36c138c15515e80f72a570b61da324e55ae3e80c Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Wed, 22 Feb 2017 16:33:22 -0800
Subject: [PATCH] Add infrastructure to disable the build of certain extensions
Some of the extensions part of the Python core have dependencies on
external libraries (sqlite, tk, etc.) or are relatively big and not
necessarly always useful (CJK codecs for example). By extensions, we
mean part of Python modules that are written in C and therefore
compiled to binary code.
Therefore, we introduce a small infrastructure that allows to disable
some of those extensions. This can be done inside the configure.ac by
adding values to the DISABLED_EXTENSIONS variable (which is a
word-separated list of extensions).
The implementation works as follow :
* configure.ac defines a DISABLED_EXTENSIONS variable, which is
substituted (so that when Makefile.pre is generated from
Makefile.pre.in, the value of the variable is substituted). For
now, this DISABLED_EXTENSIONS variable is empty, later patches will
use it.
* Makefile.pre.in passes the DISABLED_EXTENSIONS value down to the
variables passed in the environment when calling the setup.py
script that actually builds and installs those extensions.
* setup.py is modified so that the existing "disabled_module_list" is
filled with those pre-disabled extensions listed in
DISABLED_EXTENSIONS.
Patch ported to python2.7 by Maxime Ripard <ripard@archos.com>, and
then extended by Thomas Petazzoni
<thomas.petazzoni@free-electrons.com>.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[ Andrey Smirnov: ported to Python 3.6 ]
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
---
Makefile.pre.in | 6 +++++-
configure.ac | 2 ++
setup.py | 5 ++++-
3 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/Makefile.pre.in b/Makefile.pre.in
index f9011c132a..e8a6bd5c03 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
@@ -205,6 +205,8 @@ FILEMODE= 644
# configure script arguments
CONFIG_ARGS= @CONFIG_ARGS@
+# disabled extensions
+DISABLED_EXTENSIONS= @DISABLED_EXTENSIONS@
# Subdirectories with code
SRCDIRS= @SRCDIRS@
@@ -605,6 +607,7 @@ sharedmods: $(BUILDPYTHON) pybuilddir.txt Modules/_math.o
esac; \
echo "$(RUNSHARED) CC='$(CC)' LDSHARED='$(BLDSHARED)' OPT='$(OPT)' \
_TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \
+ DISABLED_EXTENSIONS="$(DISABLED_EXTENSIONS)" \
$(PYTHON_FOR_BUILD) $(srcdir)/setup.py $$quiet build"; \
$(RUNSHARED) CC='$(CC)' LDSHARED='$(BLDSHARED)' OPT='$(OPT)' \
_TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \
@@ -1601,7 +1604,8 @@ libainstall: @DEF_MAKE_RULE@ python-config
# Install the dynamically loadable modules
# This goes into $(exec_prefix)
sharedinstall: sharedmods
- $(RUNSHARED) $(PYTHON_FOR_BUILD) $(srcdir)/setup.py install \
+ $(RUNSHARED) DISABLED_EXTENSIONS="$(DISABLED_EXTENSIONS)" \
+ $(PYTHON_FOR_BUILD) $(srcdir)/setup.py install \
--prefix=$(prefix) \
--install-scripts=$(BINDIR) \
--install-platlib=$(DESTSHARED) \
diff --git a/configure.ac b/configure.ac
index ffeec102b7..7872b4dfee 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2958,6 +2958,8 @@ LIBS="$withval $LIBS"
PKG_PROG_PKG_CONFIG
+AC_SUBST(DISABLED_EXTENSIONS)
+
# Check for use of the system expat library
AC_MSG_CHECKING(for --with-system-expat)
AC_ARG_WITH(system_expat,
diff --git a/setup.py b/setup.py
index 20d7f35652..d3f2cc1b37 100644
--- a/setup.py
+++ b/setup.py
@@ -24,7 +24,10 @@ from distutils.spawn import find_executable
TEST_EXTENSIONS = True
# This global variable is used to hold the list of modules to be disabled.
-DISABLED_MODULE_LIST = []
+try:
+ DISABLED_MODULE_LIST = sysconfig.get_config_var("DISABLED_EXTENSIONS").split(" ")
+except KeyError:
+ DISABLED_MODULE_LIST = list()
def get_platform():
--
2.20.1
Reference in New Issue View Git Blame Copy Permalink