kumquat-buildroot/package/python3/0003-Add-infrastructure-to-disable-the-build-of-certain-e.patch

110 lines
4.0 KiB
Diff
Raw Normal View History

From 2c2afc80831c518e5daf3df6c9e4c4ac0a7be001 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Wed, 22 Feb 2017 16:33:22 -0800
Subject: [PATCH] Add infrastructure to disable the build of certain extensions
Some of the extensions part of the Python core have dependencies on
external libraries (sqlite, tk, etc.) or are relatively big and not
necessarly always useful (CJK codecs for example). By extensions, we
mean part of Python modules that are written in C and therefore
compiled to binary code.
Therefore, we introduce a small infrastructure that allows to disable
some of those extensions. This can be done inside the configure.ac by
adding values to the DISABLED_EXTENSIONS variable (which is a
word-separated list of extensions).
The implementation works as follow :
* configure.ac defines a DISABLED_EXTENSIONS variable, which is
substituted (so that when Makefile.pre is generated from
Makefile.pre.in, the value of the variable is substituted). For
now, this DISABLED_EXTENSIONS variable is empty, later patches will
use it.
* Makefile.pre.in passes the DISABLED_EXTENSIONS value down to the
variables passed in the environment when calling the setup.py
script that actually builds and installs those extensions.
* setup.py is modified so that the existing "disabled_module_list" is
filled with those pre-disabled extensions listed in
DISABLED_EXTENSIONS.
Patch ported to python2.7 by Maxime Ripard <ripard@archos.com>, and
then extended by Thomas Petazzoni
<thomas.petazzoni@free-electrons.com>.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[ Andrey Smirnov: ported to Python 3.6 ]
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
---
Makefile.pre.in | 6 +++++-
configure.ac | 2 ++
setup.py | 6 +++++-
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/Makefile.pre.in b/Makefile.pre.in
index b38bd79121..4ce917ab8d 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
package/python3: security bump to version 3.7.4 Fixes the following security issues: - bpo-37463: ssl.match_hostname() no longer accepts IPv4 addresses with additional text after the address and only quad-dotted notation without trailing whitespaces. Some inet_aton() implementations ignore whitespace and all data after whitespace, e.g. ‘127.0.0.1 whatever’. - bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and local_file:// URL schemes in URLopener().open() and URLopener().retrieve() of urllib.request. - bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause an http.client.InvalidURL exception to be raised. - bpo-33529: Prevent fold function used in email header encoding from entering infinite loop when there are too many non-ASCII characters in a header. - bpo-35755: shutil.which() now uses os.confstr("CS_PATH") if available and if the PATH environment variable is not set. Remove also the current directory from posixpath.defpath. On Unix, shutil.which() and the subprocess module no longer search the executable in the current directory if the PATH environment variable is not set. Also remove the following upstreamed patches: - 0033-bpo-36742-Fixes-handling-of-pre-normalization-charac.patch - 0034-bpo-36742-Corrects-fix-to-handle-decomposition-in-us.patch Signed-off-by: Adam Duskett <Aduskett@gmail.com> [Peter: mention security fixes] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-10 23:21:37 +02:00
@@ -206,6 +206,8 @@ FILEMODE= 644
# configure script arguments
CONFIG_ARGS= @CONFIG_ARGS@
+# disabled extensions
+DISABLED_EXTENSIONS= @DISABLED_EXTENSIONS@
# Subdirectories with code
SRCDIRS= @SRCDIRS@
package/python3: security bump to version 3.7.4 Fixes the following security issues: - bpo-37463: ssl.match_hostname() no longer accepts IPv4 addresses with additional text after the address and only quad-dotted notation without trailing whitespaces. Some inet_aton() implementations ignore whitespace and all data after whitespace, e.g. ‘127.0.0.1 whatever’. - bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and local_file:// URL schemes in URLopener().open() and URLopener().retrieve() of urllib.request. - bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause an http.client.InvalidURL exception to be raised. - bpo-33529: Prevent fold function used in email header encoding from entering infinite loop when there are too many non-ASCII characters in a header. - bpo-35755: shutil.which() now uses os.confstr("CS_PATH") if available and if the PATH environment variable is not set. Remove also the current directory from posixpath.defpath. On Unix, shutil.which() and the subprocess module no longer search the executable in the current directory if the PATH environment variable is not set. Also remove the following upstreamed patches: - 0033-bpo-36742-Fixes-handling-of-pre-normalization-charac.patch - 0034-bpo-36742-Corrects-fix-to-handle-decomposition-in-us.patch Signed-off-by: Adam Duskett <Aduskett@gmail.com> [Peter: mention security fixes] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-10 23:21:37 +02:00
@@ -619,6 +621,7 @@ sharedmods: $(BUILDPYTHON) pybuilddir.txt Modules/_math.o
esac; \
python3: bump to 3.7.0 Other changes include: - Refreshing all necessary patches for 3.7.0 - Add a hash for the license file. - Python no longer has it's own internal libffi, as such, host-libffi is now required to build host-python3, and is added as a dependency. - Drop PYTHON3_LIBTOOL_PATCH = NO, since there is no longer any internal libffi copy that was causing the libtool patching process to fail. - A new core module "uuid" is now is added in the Config.in file, and relies on util-linux's uuid library. - Also, a new patch: 0030-Fix-cross-compiling-the-uuid-module.patch is required to fix compiling the uuid module, because the include directory search path for uuid.h is hardcoded to /usr/include/uuid, which causes an "unsafe for cross-compilation" error during compiling if the host pc has uuid headers installed. - 0031-Add-an-option-to-disable-uuid-module.patch is added to allow disabling the Python3 UUID module, so that when BR2_PACKAGE_PYTHON3_UUID is disabled by the UUID library is present, the uuid Python module is not built, as expected. - 0032-fix-building-on-older-distributions.patch is added to change os.replace by os.rename in the update_file.py script to fix building on older Linux distributions that have older versions of python that don't include os.replace. os.rename acts in the same way as os.replace, but is cross-platform compatible. Because Buildroot is guaranteed to be built in a POSIX environment, it is safe to change replace to rename. Tested on CentOS6 and Fedora28, All test results passed: br-arm-full [1/6]: OK br-arm-cortex-a9-glibc [2/6]: OK br-arm-cortex-m4-full [3/6]: SKIPPED br-x86-64-musl [4/6]: OK br-arm-full-static [5/6]: SKIPPED armv5-ctng-linux-gnueabi [6/6]: OK 6 builds, 2 skipped, 0 build failed, 0 legal-info failed Signed-off-by: Adam Duskett <aduskett@gmail.com> [Thomas: - remove PYTHON3_LIBTOOL_PATCH = NO - improve the solution in patch 0030-Fix-cross-compiling-the-uuid-module - add patch 0031-Add-an-option-to-disable-uuid-module] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-07-20 18:10:21 +02:00
echo "$(RUNSHARED) CC='$(CC)' LDSHARED='$(BLDSHARED)' OPT='$(OPT)' \
_TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \
+ DISABLED_EXTENSIONS="$(DISABLED_EXTENSIONS)" \
python3: bump to 3.7.0 Other changes include: - Refreshing all necessary patches for 3.7.0 - Add a hash for the license file. - Python no longer has it's own internal libffi, as such, host-libffi is now required to build host-python3, and is added as a dependency. - Drop PYTHON3_LIBTOOL_PATCH = NO, since there is no longer any internal libffi copy that was causing the libtool patching process to fail. - A new core module "uuid" is now is added in the Config.in file, and relies on util-linux's uuid library. - Also, a new patch: 0030-Fix-cross-compiling-the-uuid-module.patch is required to fix compiling the uuid module, because the include directory search path for uuid.h is hardcoded to /usr/include/uuid, which causes an "unsafe for cross-compilation" error during compiling if the host pc has uuid headers installed. - 0031-Add-an-option-to-disable-uuid-module.patch is added to allow disabling the Python3 UUID module, so that when BR2_PACKAGE_PYTHON3_UUID is disabled by the UUID library is present, the uuid Python module is not built, as expected. - 0032-fix-building-on-older-distributions.patch is added to change os.replace by os.rename in the update_file.py script to fix building on older Linux distributions that have older versions of python that don't include os.replace. os.rename acts in the same way as os.replace, but is cross-platform compatible. Because Buildroot is guaranteed to be built in a POSIX environment, it is safe to change replace to rename. Tested on CentOS6 and Fedora28, All test results passed: br-arm-full [1/6]: OK br-arm-cortex-a9-glibc [2/6]: OK br-arm-cortex-m4-full [3/6]: SKIPPED br-x86-64-musl [4/6]: OK br-arm-full-static [5/6]: SKIPPED armv5-ctng-linux-gnueabi [6/6]: OK 6 builds, 2 skipped, 0 build failed, 0 legal-info failed Signed-off-by: Adam Duskett <aduskett@gmail.com> [Thomas: - remove PYTHON3_LIBTOOL_PATCH = NO - improve the solution in patch 0030-Fix-cross-compiling-the-uuid-module - add patch 0031-Add-an-option-to-disable-uuid-module] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-07-20 18:10:21 +02:00
$(PYTHON_FOR_BUILD) $(srcdir)/setup.py $$quiet build"; \
$(RUNSHARED) CC='$(CC)' LDSHARED='$(BLDSHARED)' OPT='$(OPT)' \
_TCLTK_INCLUDES='$(TCLTK_INCLUDES)' _TCLTK_LIBS='$(TCLTK_LIBS)' \
package/python3: security bump to version 3.7.4 Fixes the following security issues: - bpo-37463: ssl.match_hostname() no longer accepts IPv4 addresses with additional text after the address and only quad-dotted notation without trailing whitespaces. Some inet_aton() implementations ignore whitespace and all data after whitespace, e.g. ‘127.0.0.1 whatever’. - bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and local_file:// URL schemes in URLopener().open() and URLopener().retrieve() of urllib.request. - bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause an http.client.InvalidURL exception to be raised. - bpo-33529: Prevent fold function used in email header encoding from entering infinite loop when there are too many non-ASCII characters in a header. - bpo-35755: shutil.which() now uses os.confstr("CS_PATH") if available and if the PATH environment variable is not set. Remove also the current directory from posixpath.defpath. On Unix, shutil.which() and the subprocess module no longer search the executable in the current directory if the PATH environment variable is not set. Also remove the following upstreamed patches: - 0033-bpo-36742-Fixes-handling-of-pre-normalization-charac.patch - 0034-bpo-36742-Corrects-fix-to-handle-decomposition-in-us.patch Signed-off-by: Adam Duskett <Aduskett@gmail.com> [Peter: mention security fixes] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-10 23:21:37 +02:00
@@ -1528,7 +1531,8 @@ libainstall: @DEF_MAKE_RULE@ python-config
# Install the dynamically loadable modules
# This goes into $(exec_prefix)
sharedinstall: sharedmods
- $(RUNSHARED) $(PYTHON_FOR_BUILD) $(srcdir)/setup.py install \
+ $(RUNSHARED) DISABLED_EXTENSIONS="$(DISABLED_EXTENSIONS)" \
+ $(PYTHON_FOR_BUILD) $(srcdir)/setup.py install \
--prefix=$(prefix) \
--install-scripts=$(BINDIR) \
--install-platlib=$(DESTSHARED) \
diff --git a/configure.ac b/configure.ac
index 5f87c4db5a..d5ee2aedfb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2966,6 +2966,8 @@ LIBS="$withval $LIBS"
PKG_PROG_PKG_CONFIG
+AC_SUBST(DISABLED_EXTENSIONS)
+
# Check for use of the system expat library
AC_MSG_CHECKING(for --with-system-expat)
AC_ARG_WITH(system_expat,
diff --git a/setup.py b/setup.py
index fe477974bd..86643ae8bf 100644
--- a/setup.py
+++ b/setup.py
@@ -48,7 +48,11 @@ host_platform = get_platform()
COMPILED_WITH_PYDEBUG = ('--with-pydebug' in sysconfig.get_config_var("CONFIG_ARGS"))
# This global variable is used to hold the list of modules to be disabled.
-disabled_module_list = []
+try:
+ disabled_module_list = sysconfig.get_config_var("DISABLED_EXTENSIONS").split(" ")
+except KeyError:
+ disabled_module_list = list()
+
def add_dir_to_list(dirlist, dir):
"""Add the directory 'dir' to the list 'dirlist' (after any relative
--
2.13.5