diff options
Diffstat (limited to 'meta/recipes-devtools/python/python3_3.8.5.bb')
-rw-r--r-- | meta/recipes-devtools/python/python3_3.8.5.bb | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/meta/recipes-devtools/python/python3_3.8.5.bb b/meta/recipes-devtools/python/python3_3.8.5.bb index 3720b364bb..418d35acfe 100644 --- a/meta/recipes-devtools/python/python3_3.8.5.bb +++ b/meta/recipes-devtools/python/python3_3.8.5.bb | |||
@@ -33,6 +33,8 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ | |||
33 | file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \ | 33 | file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \ |
34 | file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ | 34 | file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \ |
35 | file://CVE-2020-27619.patch \ | 35 | file://CVE-2020-27619.patch \ |
36 | file://CVE-2021-3177.patch \ | ||
37 | file://CVE-2021-23336.patch \ | ||
36 | " | 38 | " |
37 | 39 | ||
38 | SRC_URI_append_class-native = " \ | 40 | SRC_URI_append_class-native = " \ |
@@ -50,6 +52,8 @@ UPSTREAM_CHECK_URI = "https://www.python.org/downloads/source/" | |||
50 | 52 | ||
51 | CVE_PRODUCT = "python" | 53 | CVE_PRODUCT = "python" |
52 | 54 | ||
55 | # Upstream consider this expected behaviour | ||
56 | CVE_CHECK_WHITELIST += "CVE-2007-4559" | ||
53 | # This is not exploitable when glibc has CVE-2016-10739 fixed. | 57 | # This is not exploitable when glibc has CVE-2016-10739 fixed. |
54 | CVE_CHECK_WHITELIST += "CVE-2019-18348" | 58 | CVE_CHECK_WHITELIST += "CVE-2019-18348" |
55 | 59 | ||
@@ -166,6 +170,10 @@ do_install_append() { | |||
166 | } | 170 | } |
167 | 171 | ||
168 | do_install_append_class-nativesdk () { | 172 | do_install_append_class-nativesdk () { |
173 | # Make sure we use /usr/bin/env python | ||
174 | for PYTHSCRIPT in `grep -rIl ${bindir}/python ${D}${bindir}`; do | ||
175 | sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' $PYTHSCRIPT | ||
176 | done | ||
169 | create_wrapper ${D}${bindir}/python${PYTHON_MAJMIN} TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo' PYTHONNOUSERSITE='1' | 177 | create_wrapper ${D}${bindir}/python${PYTHON_MAJMIN} TERMINFO_DIRS='${sysconfdir}/terminfo:/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo' PYTHONNOUSERSITE='1' |
170 | } | 178 | } |
171 | 179 | ||
@@ -304,11 +312,8 @@ do_create_manifest() { | |||
304 | } | 312 | } |
305 | 313 | ||
306 | # bitbake python -c create_manifest | 314 | # bitbake python -c create_manifest |
307 | addtask do_create_manifest | ||
308 | |||
309 | # Make sure we have native python ready when we create a new manifest | 315 | # Make sure we have native python ready when we create a new manifest |
310 | do_create_manifest[depends] += "${PN}:do_prepare_recipe_sysroot" | 316 | addtask do_create_manifest after do_patch do_prepare_recipe_sysroot |
311 | do_create_manifest[depends] += "${PN}:do_patch" | ||
312 | 317 | ||
313 | # manual dependency additions | 318 | # manual dependency additions |
314 | RRECOMMENDS_${PN}-core_append_class-nativesdk = " nativesdk-python3-modules" | 319 | RRECOMMENDS_${PN}-core_append_class-nativesdk = " nativesdk-python3-modules" |
@@ -361,3 +366,9 @@ RDEPENDS_${PN}-dev = "" | |||
361 | 366 | ||
362 | RDEPENDS_${PN}-tests_append_class-target = " ${MLPREFIX}bash" | 367 | RDEPENDS_${PN}-tests_append_class-target = " ${MLPREFIX}bash" |
363 | RDEPENDS_${PN}-tests_append_class-nativesdk = " ${MLPREFIX}bash" | 368 | RDEPENDS_${PN}-tests_append_class-nativesdk = " ${MLPREFIX}bash" |
369 | |||
370 | # Python's tests contain large numbers of files we don't need in the recipe sysroots | ||
371 | SYSROOT_PREPROCESS_FUNCS += " py3_sysroot_cleanup" | ||
372 | py3_sysroot_cleanup () { | ||
373 | rm -rf ${SYSROOT_DESTDIR}${libdir}/python${PYTHON_MAJMIN}/test | ||
374 | } | ||