The pycrypto module sources can be used for both python2 and python3,
but a recipe for python3 was missing, so add it.
Additionally, since the sources (and thus the patches) are shared
between both versions, move the SRC_URI (same on both recipes) to the
common 'python-pycrypto.inc' file, to avoid duplication.
Also, to use the same patch files for both python2 and python3 without
having to duplicate them over 2 folders, change 'python-pycrypto.inc' so
that FILESEXTRAPATHS is prepended with the 'python-pycrypto' local dir
for both versions instead of having that dir named after the package
name '${PN}'.
The python3 recipe is basically the same as for python2, but using
distutils3 instead.
Signed-off-by: Ricardo Silva <rjpdasilva@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2013-7459: Heap-based buffer overflow in the ALGnew function in
block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows
remote attackers to execute arbitrary code as demonstrated by a crafted
iv parameter to cryptmsg.py.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2013-7459
Patch from:
8dbe0dc3ee
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
