kumquat-buildroot/package/python/0032-Add-option-to-disable-the-hashlib-module.patch
Peter Korsgaard 6e205b10c0 package/python: security bump to version 2.7.16
Fixes the following security issues:

- CVE-2013-1752: Change use of readline() in :class:`imaplib.IMAP4_SSL` to limit line length

- CVE-2018-14647: The C accelerated _elementtree module now initializes hash
  randomization salt from _Py_HashSecret instead of libexpat's default
  CSPRNG.

For more details, see the NEWS file:
https://github.com/python/cpython/blob/v2.7.16/Misc/NEWS.d/2.7.16rc1.rst

Refresh patches, drop now upstream
package/python/0035-bpo-35746-Fix-segfault-in-ssl-s-cert-parser-GH-11569.patch
and adjust hash of LICENSE file for a change of copyright years.

run-tests results:
16:05:41 TestPython2                              Starting
16:05:42 TestPython2                              Building
16:11:26 TestPython2                              Building done
16:11:32 TestPython2                              Cleaning up
.
----------------------------------------------------------------------
Ran 1 test in 351.905s

OK

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c970d7d640)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-06 08:43:01 +02:00

33 lines
998 B
Diff

From 479bef8182c4f6b678a86820ccc06760ca60c286 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Tue, 7 Mar 2017 22:33:02 +0100
Subject: [PATCH] Add option to disable the hashlib module
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Peter: update for 2.7.16]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
configure.ac | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/configure.ac b/configure.ac
index 6d19cdee95..ddccc79c2c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2869,6 +2869,12 @@ AC_ARG_ENABLE(ssl,
DISABLED_EXTENSIONS="${DISABLED_EXTENSIONS} _ssl"
fi])
+AC_ARG_ENABLE(hashlib,
+ AS_HELP_STRING([--disable-hashlib], [disable hashlib]),
+ [ if test "$enableval" = "no"; then
+ DISABLED_EXTENSIONS="${DISABLED_EXTENSIONS} _hashlib"
+ fi])
+
AC_ARG_ENABLE(bz2,
AS_HELP_STRING([--disable-bz2], [disable BZIP2]),
[ if test "$enableval" = "no"; then
--
2.11.0