diff options
Diffstat (limited to 'meta/recipes-devtools/python/python.inc')
-rw-r--r-- | meta/recipes-devtools/python/python.inc | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc index 1462b779e9..fe281586fc 100644 --- a/meta/recipes-devtools/python/python.inc +++ b/meta/recipes-devtools/python/python.inc @@ -5,19 +5,13 @@ SECTION = "devel/python" # bump this on every change in contrib/python/generate-manifest-2.7.py INC_PR = "r1" -LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498" +LIC_FILES_CHKSUM = "file://LICENSE;md5=203a6dbc802ee896020a47161e759642" SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ - file://bpo-35907-cve-2019-9948.patch \ - file://bpo-35907-cve-2019-9948-fix.patch \ - file://bpo-36216-cve-2019-9636.patch \ - file://bpo-36216-cve-2019-9636-fix.patch \ - file://CVE-2019-9740.patch \ - file://CVE-2018-20852.patch \ " -SRC_URI[md5sum] = "30157d85a2c0479c09ea2cbe61f2aaf5" -SRC_URI[sha256sum] = "f222ef602647eecb6853681156d32de4450a2c39f4de93bd5b20235f2e660ed7" +SRC_URI[md5sum] = "fd6cc8ec0a78c44036f825e739f36e5a" +SRC_URI[sha256sum] = "b62c0e7937551d0cc02b8fd5cb0f544f9405bafc9a54d3808ed4594812edef43" # python recipe is actually python 2.x # also, exclude pre-releases for both python 2.x and 3.x @@ -25,6 +19,19 @@ UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>2(\.\d+)+).tar" CVE_PRODUCT = "python" +# Upstream agreement is that these are not security issues: +# https://bugs.python.org/issue32367 +CVE_CHECK_WHITELIST += "CVE-2017-17522" +# https://bugs.python.org/issue32056 +CVE_CHECK_WHITELIST += "CVE-2017-18207" + +# Windows-only, "It was determined that this is a longtime behavior +# of Python that cannot really be altered at this point." +CVE_CHECK_WHITELIST += "CVE-2015-5652" + +# This is not exploitable when glibc has CVE-2016-10739 fixed. +CVE_CHECK_WHITELIST += "CVE-2019-18348" + PYTHON_MAJMIN = "2.7" inherit autotools pkgconfig |