Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=styhead 2025-02-14T15:49:09+00:00 2025-02-14T15:49:09+00:00 Peter Marko peter.marko@siemens.com 2025-02-08T23:23:19+00:00 urn:sha1:61e2aebcb5efc5daa57a82d76550b4022342a6dd Release notes: https://docs.python.org/release/3.12.9/whatsnew/changelog.html#python-3-12-9 Solves CVE-2025-0938, CVE-2024-12254 and 3 other vulnerabilities without CVE number assigment. Add a patch to fix failure of a new test. (From OE-Core rev: cb0187ed2962e4c140c4f59ce08f94b18b05004c) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-01-09T14:02:48+00:00 Guðni Már Gilbert gudni.m.g@gmail.com 2024-12-25T11:26:50+00:00 urn:sha1:c2dcb76eb1c994c28bb1c31fe07678da1e2222fe Changelog: https://docs.python.org/release/3.12.8/whatsnew/changelog.html#python-3-12-8 (From OE-Core rev: 751cf7a576dbb949763703e655e951bcd583f251) Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-01-09T14:02:48+00:00 Guðni Már Gilbert gudni.m.g@gmail.com 2024-12-25T11:26:49+00:00 urn:sha1:1b4d8585f0fe9e5a570d7ab7fb7bd36494c98ce2 Changelog: https://docs.python.org/release/3.12.7/whatsnew/changelog.html#python-3-12-7 (From OE-Core rev: 103cb3a5390214bd95a75c4db4b00f64b456b7f1) Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-12-17T20:58:11+00:00 Guðni Már Gilbert gudni.m.g@gmail.com 2024-12-08T13:15:34+00:00 urn:sha1:25b62b9d759973dc1193f98023f9367a016ea530 Looking at the history, python3-six was removed as a dependency in the poetry.lock file in v1.5.2 Even before v1.5.2 and until now (v1.9.1) there is no code in the package which imports the six module. So it can be safely dropped from the recipe. (From OE-Core rev: 01a938f176c1eb2f753c2df50ef966cc175a2d18) Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-11-26T13:37:09+00:00 Yoann Congal yoann.congal@smile.fr 2024-10-18T10:50:26+00:00 urn:sha1:cc6492d4182f75cbb4b2958769bbfd603d4ac29f Import a merged patch that sort external libs in the wheel file generated by maturin. That improve reproducibility. (From OE-Core rev: 055519ae0da73afd1bfb89d74193b41751dc9a80) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> CC: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 66da28f85727206c0e647efba93c1be028519fe5) Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-10-29T12:51:03+00:00 Shunsuke Tokumoto s-tokumoto@fujitsu.com 2024-09-26T11:01:03+00:00 urn:sha1:fa99b92b24152178eb1c98ab836e6bb01e10c41f Since there are vulnerabilities that cannot be detected by the existing CVE_PRODUCT, add "python:setuptools" to CVE_PRODUCT. https://nvd.nist.gov/vuln/detail/CVE-2013-1633 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 (From OE-Core rev: d06ce1ca98e5a192dd47af0fa243328aa6d87bff) Signed-off-by: Shunsuke Tokumoto <s-tokumoto@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit aa1c8d97efc6640a1cffa2459d9b20ad1f7309b0) Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-09-13T06:15:49+00:00 Divya Chellam divya.chellam@windriver.com 2024-09-12T06:44:07+00:00 urn:sha1:0249d9c8932674b8b00ec0d0a261f616794eee36 Includes security fixes for CVE-2024-7592, CVE-2024-8088, CVE-2024-6232 and other bug fixes. Removed below patches, as the fix is included in 3.12.6 upgrade: 1. CVE-2024-7592.patch Release Notes: https://www.python.org/downloads/release/python-3126/ (From OE-Core rev: aa492b1fd5973c37b8fa2cd17d28199eba46afcc) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-09-10T12:05:00+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2024-09-06T16:58:09+00:00 urn:sha1:23763df006645a39acc72d38b52879120088a6e3 This reverts commit 8fccef7a731f44e5d27653e06becb54cf770e5e5. The patch causes problems for systems using ccache. Revert until this is fixed. "Inherit ccache, build anything which uses python3-setuptools (e.g. python3-icu)." (From OE-Core rev: a7dafda0303e52965010fc428d950e10ff1bb940) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-09-05T20:48:47+00:00 Niko Mauno niko.mauno@vaisala.com 2024-09-05T10:12:38+00:00 urn:sha1:63055fc4d0e790228af80366632a63a3cd20488a When bitbaking python3-rpds-py it built extension module as: site-packages/rpds/rpds.cpython-312-armv7l-linux-gnueabihf.so Which caused error on target: root@qemuarm:~# python3 -c "from rpds import HashTrieMap, HashTrieSet, List" Traceback (most recent call last): File "<string>", line 1, in <module> File "/usr/lib/python3.12/site-packages/rpds/__init__.py", line 1, in <module> from .rpds import * ModuleNotFoundError: No module named 'rpds.rpds' Where as it should have been: site-packages/rpds/rpds.cpython-312-arm-linux-gnueabihf.so Associated upstream bug report: https://github.com/PyO3/maturin/issues/2203 Associated upstream pull request: https://github.com/PyO3/maturin/pull/2204 Note - mitigation has not been tested with musl: https://github.com/PyO3/maturin/pull/2204#issuecomment-2323952320 (From OE-Core rev: 32a8a7379008cc6e367b7664c5b10b29f0bb8136) Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-09-04T11:38:44+00:00 Wang Mingyu wangmy@fujitsu.com 2024-09-03T08:32:56+00:00 urn:sha1:d307c65b866ee58c39b76d17847710bdbc7117da Bugfix: - Replaced SanitizedNames with a more surgical fix for infinite loops, restoring support for names with special characters in the archive. (From OE-Core rev: 1c71b6b401bad423448d9edb4db4371e7bf605b6) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>