linux/poky.git/meta/recipes-devtools/python, branch yocto-3.0.3

python: Upgrade 2.7.17 -> 2.17.18

2020-05-07T16:32:09+00:00

LICENSE checksum changed due to 2019 -> 2020 update. (From OE-Core rev: b15db3ce3af3460b7f9ae1e186e453a79a056511) Signed-off-by: Adrian Bunk Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie

python3-native: Should not search the system for headers/libraries.

2020-05-07T16:32:08+00:00

The specific issue here is rpc/rpc.h, but its likely more general. /usr/include is searched for rpc/rpc.h and if it exists on the system, it changes behavior. If you are using the extended buildtools tarball on a machine that has /usr/include/rpc/rpc.h, it will decide that is good enough and not continue to search. nis fails to build because /usr/include and /usr/lib are not part of the include/link paths for the buildtools tarball compiler(nor should they be). This makes it so python3-native will not build if you are using the extended buildtools tarball, but from a larger issue perspective it is building in likely different ways depending on what machine it is building on. libtirpc is already a depend so we shouldn't need the hosts rpc/rcp.h. (From OE-Core rev: f37dfc7907ae7bac08d40468ddde2e5b8bba030c) (From OE-Core rev: db8bef336849570dd99900b173c44cc47b208058) Signed-off-by: Jeremy A. Puhlman Signed-off-by: Richard Purdie (cherry picked from commit 400743867de587579dee85388c30190f353f80c8) Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie

python3: Upgrade 3.7.6 -> 3.7.7

2020-03-19T09:57:51+00:00

THE LICENSE checksum changed in this update due to copyright notice added for 2020. (From OE-Core rev: 3c40cfe7433999272e1698e2c914d6d190f76b63) Signed-off-by: Adrian Bunk Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie

python2: add ntpath

2020-02-04T18:43:08+00:00

python3 has this but python is missing this. [Yocto #13740] (From OE-Core rev: af41a2238beec0c34c1c1e5f25eed55f2a214643) Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie

python3: Update to apply libgcc fix to libpython, glibc only

2020-01-11T11:06:22+00:00

Update to account for review feedback on list. (From OE-Core rev: 9a2748db44c4382bbba81a5a9b96c998f0fab983) Signed-off-by: Richard Purdie (cherry picked from commit ec788594f3f6a47687c6eb321437f2d2b58b1518) Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie

python3: RDEPEND on libgcc

2020-01-11T11:06:22+00:00

=help> List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org X-Virus-Scanned: clamav-milter 0.101.4 at dan X-Virus-Status: Clean X-Evolution-Source: 1525863794.3857.16@hex Content-Transfer-Encoding: 8bit Python uses features of glibc that require it to dynamically load (i.e. dlopen()) libgcc_s at runtime. However, since this isn't a link time dependency, it doesn't get picked up automatically by bitbake so manually add it to RDEPENDS. There is an outstanding bug in Python to make it explicitly link against libgcc at link time which would remove the need for this. See: https://bugs.python.org/issue37395 (From OE-Core rev: e6c4017727008ac2f665e843d59d53b584f3f1b3) Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie (cherry picked from commit df107f3a149b1e88d9f869e7ff87950ccf5aaee0) Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie

python3: Upgrade 3.7.5 -> 3.7.6

2020-01-11T11:06:22+00:00

(From OE-Core rev: b8926f3898fbf6828b908d741ab3b450adb85643) Signed-off-by: Adrian Bunk Signed-off-by: Richard Purdie (cherry picked from commit aee9beb12226abf7a195b8ee801ea488920b2fdb) [Bug fix only update] Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie

python/python3: Whitelist CVE-2019-18348

2019-12-31T10:37:23+00:00

This is not exploitable when glibc has CVE-2016-10739 fixed, which is fixed in the upstream version since warrior. (From OE-Core rev: a26ac2921a1ad96959364223920402082ccd1d61) Signed-off-by: Adrian Bunk Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie

python: Whitelist CVE-2017-17522 CVE-2017-18207 CVE-2015-5652

2019-12-16T23:08:52+00:00

One Windows-only CVE that cannot be fixed, and two CVEs where upstream agreement is that they are not vulnerabilities. (From OE-Core rev: 56d5b181f3b119f2bbd310dedd6d3b26e76f5944) (From OE-Core rev: 13024049625c1705108066b38396ac379aacce84) Signed-off-by: Adrian Bunk Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie

python: update to 2.7.17

2019-11-25T21:37:40+00:00

Drop backports, rebase a couple of patches. This is the second last release of py 2.x; upstream support ends on 1 January 2020, there will be one final 2.x afterwards. Note that the only thing that still needs python 2.x in oe-core is u-boot; when the next u-boot update arrives, we should find out where the py3 migration is for that component before merging the update. (From OE-Core rev: 184b60eb905bb75ecc7a0c29a175e624d8555fac) (From OE-Core rev: d8cd909e7c073eb6365732e5c906f52933fe2e66) Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie