diff options
Diffstat (limited to 'meta/recipes-devtools/python/python3_3.8.5.bb')
| -rw-r--r-- | meta/recipes-devtools/python/python3_3.8.5.bb | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/meta/recipes-devtools/python/python3_3.8.5.bb b/meta/recipes-devtools/python/python3_3.8.5.bb index 3720b364bb..418d35acfe 100644 --- a/meta/recipes-devtools/python/python3_3.8.5.bb +++ b/meta/recipes-devtools/python/python3_3.8.5.bb | |||
| @@ -33,6 +33,8 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ | |||
| 33 | file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \ | 33 | file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \ |
| 34 | file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ | 34 | file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ |
| 35 | file://CVE-2020-27619.patch \ | 35 | file://CVE-2020-27619.patch \ |
| 36 | file://CVE-2021-3177.patch \ | ||
| 37 | file://CVE-2021-23336.patch \ | ||
| 36 | " | 38 | " |
| 37 | 39 | ||
| 38 | SRC_URI_append_class-native = " \ | 40 | SRC_URI_append_class-native = " \ |
| @@ -50,6 +52,8 @@ UPSTREAM_CHECK_URI = "https://www.python.org/downloads/source/" | |||
| 50 | 52 | ||
| 51 | CVE_PRODUCT = "python" | 53 | CVE_PRODUCT = "python" |
| 52 | 54 | ||
| 55 | # Upstream consider this expected behaviour | ||
| 56 | CVE_CHECK_WHITELIST += "CVE-2007-4559" | ||
| 53 | # This is not exploitable when glibc has CVE-2016-10739 fixed. | 57 | # This is not exploitable when glibc has CVE-2016-10739 fixed. |
| 54 | CVE_CHECK_WHITELIST += "CVE-2019-18348" | 58 | CVE_CHECK_WHITELIST += "CVE-2019-18348" |
| 55 | 59 | ||
| @@ -166,6 +170,10 @@ do_install_append() { | |||
| 166 | } | 170 | } |
| 167 | 171 | ||
| 168 | do_install_append_class-nativesdk () { | 172 | do_install_append_class-nativesdk () { |
| 173 | # Make sure we use /usr/bin/env python | ||
| 174 | for PYTHSCRIPT in `grep -rIl ${bindir}/python ${D}${bindir}`; do | ||
| 175 | sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' $PYTHSCRIPT | ||
| 176 | done | ||
| 169 | create_wrapper ${D}${bindir}/python${PYTHON_MAJMIN} TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo' PYTHONNOUSERSITE='1' | 177 | create_wrapper ${D}${bindir}/python${PYTHON_MAJMIN} TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo' PYTHONNOUSERSITE='1' |
| 170 | } | 178 | } |
| 171 | 179 | ||
| @@ -304,11 +312,8 @@ do_create_manifest() { | |||
| 304 | } | 312 | } |
| 305 | 313 | ||
| 306 | # bitbake python -c create_manifest | 314 | # bitbake python -c create_manifest |
| 307 | addtask do_create_manifest | ||
| 308 | |||
| 309 | # Make sure we have native python ready when we create a new manifest | 315 | # Make sure we have native python ready when we create a new manifest |
| 310 | do_create_manifest[depends] += "${PN}:do_prepare_recipe_sysroot" | 316 | addtask do_create_manifest after do_patch do_prepare_recipe_sysroot |
| 311 | do_create_manifest[depends] += "${PN}:do_patch" | ||
| 312 | 317 | ||
| 313 | # manual dependency additions | 318 | # manual dependency additions |
| 314 | RRECOMMENDS_${PN}-core_append_class-nativesdk = " nativesdk-python3-modules" | 319 | RRECOMMENDS_${PN}-core_append_class-nativesdk = " nativesdk-python3-modules" |
| @@ -361,3 +366,9 @@ RDEPENDS_${PN}-dev = "" | |||
| 361 | 366 | ||
| 362 | RDEPENDS_${PN}-tests_append_class-target = " ${MLPREFIX}bash" | 367 | RDEPENDS_${PN}-tests_append_class-target = " ${MLPREFIX}bash" |
| 363 | RDEPENDS_${PN}-tests_append_class-nativesdk = " ${MLPREFIX}bash" | 368 | RDEPENDS_${PN}-tests_append_class-nativesdk = " ${MLPREFIX}bash" |
| 369 | |||
| 370 | # Python's tests contain large numbers of files we don't need in the recipe sysroots | ||
| 371 | SYSROOT_PREPROCESS_FUNCS += " py3_sysroot_cleanup" | ||
| 372 | py3_sysroot_cleanup () { | ||
| 373 | rm -rf ${SYSROOT_DESTDIR}${libdir}/python${PYTHON_MAJMIN}/test | ||
| 374 | } | ||