linux/poky.git/meta/recipes-devtools/python, branch gatesgarth

python3-jinja2: set CVE_PRODUCT

2021-03-28T21:31:55+00:00

Set CVE_PRODUCT for more accurate CVE scanning. (From OE-Core rev: 1e3638352ed8dcf1cba274693db8410cc9a6ec3d) Signed-off-by: Chen Qi Signed-off-by: Richard Purdie (cherry picked from commit aefcc7a7dd012530ed846292caaed70d20589a3a) Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie

python3: fix CVE-2021-23336

2021-03-10T00:24:27+00:00

(From OE-Core rev: 4ae100fa8baf0f0dd6a16992644a20516b81107b) Signed-off-by: Lee Chee Yang Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie

python3: Fix python interpreter line length for nativesdk

2021-03-10T00:24:26+00:00

Make sure the python interpreter is "#!/usr/bin/env python3" for nativesdk to avoid the shebang path exceeding the limit when install the sdk under the directory with long path. Before: $ cd ${target_sdk_dir} $ vi ./sysroots/x86_64-oesdk-linux/usr/bin/2to3 #!${target_sdk_dir}/sysroots/${SDK_SYS}/usr/bin/python3.9 [snip] After: $ cd ${target_sdk_dir} $ vi ./sysroots/x86_64-oesdk-linux/usr/bin/2to3 #!/usr/bin/env python3 [snip] (From OE-Core rev: 57af8ed4d3f1645d9a648ae1e569c792d9bcb361) Signed-off-by: Mingli Yu Signed-off-by: Richard Purdie (cherry picked from commit a748e6098fa7d2ff594319937c7e0cf97700e83a) Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie

python3-pycairo: use python3targetconfig

2021-02-11T17:46:12+00:00

(From OE-Core rev: 23884b5839a57b4ed306a938ce3f7e68db752f3a) Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit 27d1dcf065ac2ccb57229eef54dd63b45d0fc5f9) Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie

python3: Avoid installing test data into recipe-sysroot

2021-02-11T17:46:11+00:00

There are several thousand files in the test directory which we don't need. Adding these for the native and target sysroots is a crazy amount of files to be throwing around needlessly. Delete the files from the sysroot side of things to tidy up the sysroots and improve performance. (From OE-Core rev: 653f8b1a8adf59d924028bfc69ead1c7437de11e) Signed-off-by: Richard Purdie (cherry picked from commit f6bced03011ad1663d68b0322a2f8aeb4d836646) Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie

python3: Use addtask statement instead of task dependencies

2021-02-05T23:35:18+00:00

The externalsrc class deletes do_patch task which results with: | ERROR: Task do_create_manifest in /python3_3.8.2.bb depends upon | non-existent task do_patch in /python3_3.8.2.bb Use addtask to define correct order to prevent this error, since addtask mechanism accepts deleted tasks. [YOCTO #14151] (From OE-Core rev: a746d034fa7eaad4f4876fa61c5a8c3c15e211c8) (From OE-Core rev: 782f7f4f73d7b1e1bd649db1984a63d94d2410fe) Signed-off-by: Tomasz Dziendzielski Signed-off-by: Richard Purdie (cherry picked from commit 8ed8b81af60c7d9c7a1c614ad137408637bc43ed) Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie

python3: fix CVE-2021-3177

2021-02-05T23:35:18+00:00

(From OE-Core rev: 25d1cae49e56797c4c9e91c01697c4de02dee046) Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie

python3: add CVE-2007-4559 to whitelist

2020-12-03T23:02:08+00:00

This issue describes expected behaviour, do not use tarfile with untrusted data. (From OE-Core rev: 391ed53928db0df325798a0bce18ec6947e09ddd) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit f4c22e83f2e68ff157da5ea1303acc2931d63f5f) Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie

python3: fix CVE-2020-27619

2020-11-29T00:07:58+00:00

(From OE-Core rev: 0edf9f32929c462b9b53f0cdc7e5ecf816fbb7b3) Signed-off-by: Lee Chee Yang Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie

python3: fix upstream version check

2020-10-20T10:11:46+00:00

(From OE-Core rev: c8a6512b36e12f48d8713c5c3b48d83a431c8191) Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie