mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-04 06:10:16 +03:00
fbe6c566a9
Fixes the following security issues:
- bpo-40121: Fixes audit events raised on creating a new socket
- bpo-38576: Disallow control characters in hostnames in http.client,
addressing CVE-2019-18348. Such potentially malicious header injection
URLs now cause a InvalidURL to be raised.
- bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the
urllib.request module uses an inefficient regular expression which can be
exploited by an attacker to cause a denial of service. Fix the regex to
prevent the catastrophic backtracking. Vulnerability reported by Ben
Caller and Matt Schwager.
For more details, see the changelog:
https://docs.python.org/release/3.8.3/whatsnew/changelog.html#security
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5ff01eb31f)
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
93 lines
3.0 KiB
Diff
93 lines
3.0 KiB
Diff
From d88f2d3430bbbe285ae3de5fbc1bde34da7f0478 Mon Sep 17 00:00:00 2001
|
|
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Date: Wed, 22 Feb 2017 17:40:45 -0800
|
|
Subject: [PATCH] Add an option to disable expat
|
|
|
|
This patch replaces the existing --with-system-expat option with a
|
|
--with-expat={system,builtin,none} option, which allows to tell Python
|
|
whether we want to use the system expat (already installed), the expat
|
|
builtin the Python sources, or no expat at all (which disables the
|
|
installation of XML modules).
|
|
|
|
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
|
|
[ Andrey Smirnov: ported to Python 3.6 ]
|
|
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
|
|
---
|
|
Makefile.pre.in | 6 +++++-
|
|
configure.ac | 18 +++++++++++++-----
|
|
setup.py | 2 +-
|
|
3 files changed, 19 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/Makefile.pre.in b/Makefile.pre.in
|
|
index 660c292765..f49abf8395 100644
|
|
--- a/Makefile.pre.in
|
|
+++ b/Makefile.pre.in
|
|
@@ -1331,7 +1331,7 @@ LIBSUBDIRS= site-packages \
|
|
logging csv wsgiref urllib \
|
|
ctypes ctypes/macholib \
|
|
idlelib idlelib/Icons \
|
|
- distutils distutils/command $(XMLLIBSUBDIRS) \
|
|
+ distutils distutils/command \
|
|
importlib \
|
|
turtledemo \
|
|
multiprocessing multiprocessing/dummy \
|
|
@@ -1416,6 +1416,10 @@ ifeq (@CURSES@,yes)
|
|
LIBSUBDIRS += curses
|
|
endif
|
|
|
|
+ifeq (@EXPAT@,yes)
|
|
+LIBSUBDIRS += $(XMLLIBSUBDIRS)
|
|
+endif
|
|
+
|
|
ifeq (@LIB2TO3@,yes)
|
|
LIBSUBDIRS += lib2to3 lib2to3/fixes lib2to3/pgen2
|
|
TESTSUBDIRS += lib2to3/tests \
|
|
diff --git a/configure.ac b/configure.ac
|
|
index ea422a86a9..3c1e2c088d 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -2961,13 +2961,21 @@ PKG_PROG_PKG_CONFIG
|
|
AC_SUBST(DISABLED_EXTENSIONS)
|
|
|
|
# Check for use of the system expat library
|
|
-AC_MSG_CHECKING(for --with-system-expat)
|
|
-AC_ARG_WITH(system_expat,
|
|
- AS_HELP_STRING([--with-system-expat], [build pyexpat module using an installed expat library]),
|
|
+AC_MSG_CHECKING(for --with-expat)
|
|
+AC_ARG_WITH(expat,
|
|
+ AS_HELP_STRING([--with-expat], [select which expat version to use: system, builtin, none]),
|
|
[],
|
|
- [with_system_expat="no"])
|
|
+ [with_expat="builtin"])
|
|
|
|
-AC_MSG_RESULT($with_system_expat)
|
|
+AC_MSG_RESULT($with_expat)
|
|
+
|
|
+if test "$with_expat" != "none"; then
|
|
+ EXPAT=yes
|
|
+else
|
|
+ DISABLED_EXTENSIONS="${DISABLED_EXTENSIONS} pyexpat"
|
|
+ EXPAT=no
|
|
+fi
|
|
+AC_SUBST(EXPAT)
|
|
|
|
# Check for use of the system libffi library
|
|
AC_MSG_CHECKING(for --with-system-ffi)
|
|
diff --git a/setup.py b/setup.py
|
|
index 1669797cad..d2727c0da5 100644
|
|
--- a/setup.py
|
|
+++ b/setup.py
|
|
@@ -1576,7 +1576,7 @@ class PyBuildExt(build_ext):
|
|
#
|
|
# More information on Expat can be found at www.libexpat.org.
|
|
#
|
|
- if '--with-system-expat' in sysconfig.get_config_var("CONFIG_ARGS"):
|
|
+ if '--with-expat=system' in sysconfig.get_config_var("CONFIG_ARGS"):
|
|
expat_inc = []
|
|
define_macros = []
|
|
extra_compile_args = []
|
|
--
|
|
2.20.1
|
|
|