linux/poky.git/meta/recipes-devtools/python, branch yocto-5.0.9Mirror of git.yoctoproject.org/pokyhttps://git.enea.com/cgit/linux/poky.git/atom?h=yocto-5.0.92025-02-28T14:45:14+00:00python3-setuptools-scm: respect GIT_CEILING_DIRECTORIES2025-02-28T14:45:14+00:00Etienne Cordonnierecordonnier@snap.com2025-02-18T15:33:15+00:00urn:sha1:d38a096fde089e5bc0b26be895bde0c9d57caaec
Fixes https://bugzilla.yoctoproject.org/show_bug.cgi?id=15740
python3-setuptools-scm was ignoring GIT_CEILING_DIRECTORIES which is set by poky,
and it was thus finding a wrong value of "toplevel" in ./src/setuptools_scm/_file_finders/git.py
The code is supposed to generate the list of files contained in python3-setuptools-scm, but it was
instead running "git archive" on whatever git repository was above the build directory, because the
tarball containing the sources of python3-setuptools-scm does not contain a .git directory.
This is barely noticeable when building as a subdirectory of poky which is only 48MB, but this was
causing serious slowdowns of python3-setuptools-scm:do_compile when building
inside a big git repository with files tracked using git-lfs (50 minutes in my use-case).
Reported upstream as https://github.com/pypa/setuptools-scm/issues/1103
(From OE-Core rev: 4ebe72477484cf68165b6f736ce10373e97d0e6d)
(From OE-Core rev: 369eebad4f38c3641be73dbc0490c87636e0912d)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3: upgrade 3.12.8 -> 3.12.92025-02-14T14:38:54+00:00Peter Markopeter.marko@siemens.com2025-02-08T23:23:19+00:00urn:sha1:c9c335583601f5fc08c1dee355fcc19f35cdc76a
Release notes:
https://docs.python.org/release/3.12.9/whatsnew/changelog.html#python-3-12-9
Solves CVE-2025-0938, CVE-2024-12254 and 3 other vulnerabilities without
CVE number assigment.
Add a patch to fix failure of a new test.
(From OE-Core rev: 685b2719ae9b44c238e63942efabe52e5df7d640)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3-requests: upgrade 2.32.0 -> 2.32.32025-01-09T14:25:36+00:00Soumya Sambusoumya.sambu@windriver.com2024-12-19T19:02:45+00:00urn:sha1:55c2943e436e61cbe8022852c34680624735d4c3
Changelog:
https://requests.readthedocs.io/en/latest/community/updates/#release-history
2.32.3 (2024-05-29)
* Bugfixes - Fixed bug breaking the ability to specify custom SSLContexts
in sub-classes of HTTPAdapter. (#6716)
* Fixed issue where Requests started failing to run on Python versions
compiled without the ssl module. (#6724)
2.32.2 (2024-05-21)
* Deprecations - To provide a more stable migration for custom HTTPAdapters
impacted by the CVE changes in 2.32.0, we’ve renamed _get_connection to a
new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of
Requests>=2.32.0.
* A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
2.32.1 (2024-05-20)
* Bugfixes - Add missing test certs to the sdist distributed on PyPI.
https://github.com/psf/requests/compare/v2.32.0...v2.32.3
Also transition to using python_setuptools_build_meta.
(From OE-Core rev: e1787271b07c605df2843d82d65e1c3d2e2114e6)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3: upgrade 3.12.7 -> 3.12.82025-01-09T14:25:36+00:00Guðni Már Gilbertgudni.m.g@gmail.com2024-12-28T18:19:11+00:00urn:sha1:321943e627877aabfd1f71599b7619e8bf2e624b
Changelog:
https://docs.python.org/release/3.12.8/whatsnew/changelog.html#python-3-12-8
(From OE-Core rev: db5081254adacf6c87269fd43af7199267ad535c)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3: upgrade 3.12.6 -> 3.12.72025-01-09T14:25:36+00:00Guðni Már Gilbertgudni.m.g@gmail.com2024-12-28T18:19:10+00:00urn:sha1:a7abc52998f01193acc0bb9a93fa6b73d7f49f0e
Changelog:
https://docs.python.org/release/3.12.7/whatsnew/changelog.html#python-3-12-7
(From OE-Core rev: 197048667f69ed559baf54831eb7b1606320f3e8)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3: add dependency on -compression to -core2024-12-23T13:46:32+00:00Ross Burtonross.burton@arm.com2024-12-15T14:32:47+00:00urn:sha1:c75016dcf38e9d8b18a78687f0e3bb250282a0e1
importlib.metadata is part of -core, but that will import zipfile which
is part of -compression.
Obviously this shows that our packaging of the Python modules is not
optimal. I plan to follow up with a redesign of the splitting which
focuses on simply pulling out the larger or esoteric modules and
having a more featureful core.
(From OE-Core rev: 05166eafb99cf8c7adb6879277069ab384a2f8df)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3: Drop empty patch2024-12-23T13:46:32+00:00Khem Rajraj.khem@gmail.com2024-12-15T14:32:46+00:00urn:sha1:a56d901283368109c94068749c7356724d839113
The fix brought by this patch is already part of python 3.12.3
therefore drop it.
(From OE-Core rev: 555623d2378138fdcfae95c04e06ba384cebab5b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3-poetry-core: drop python3-six from RDEPENDS2024-12-13T13:21:54+00:00Guðni Már Gilbertgudni.m.g@gmail.com2024-12-08T13:10:33+00:00urn:sha1:30fd1ca222be35c918b8bae701522837bb0209b2
Looking at the history, python3-six was removed as a dependency
in the poetry.lock file in v1.5.2
Even before v1.5.2 and until now (v1.9.1) there is no code in
the package which imports the six module. So it can be safely
dropped from the recipe.
(From OE-Core rev: 09378088bba46b6e505f69381496da0ecd0ecf2c)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3-requests: upgrade 2.32.1 -> 2.32.22024-12-06T13:50:25+00:00Soumya Sambusoumya.sambu@windriver.com2024-11-22T11:43:13+00:00urn:sha1:9dd9984b4801d5a40acce79be74f2a4ec1d6a11d
https://requests.readthedocs.io/en/latest/community/updates/#id2
2.32.2 (2024-05-21)
* Deprecations - To provide a more stable migration for custom HTTPAdapters
impacted by the CVE changes in 2.32.0, we’ve renamed _get_connection to a
new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of
Requests>=2.32.0.
* A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
https://github.com/psf/requests/compare/v2.32.1...v2.32.2
(From OE-Core rev: 5b420f3526729809f11b187f48469a7a86d6a93a)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3-urllib3: upgrade 2.2.1 -> 2.2.22024-12-06T13:50:25+00:00Trevor Gamblintgamblin@baylibre.com2024-11-22T11:40:54+00:00urn:sha1:673d092e201717b4618182716a0334dece481ae5
(From OE-Core rev: 32fdd5673c25084af4ba295b271455cd92ca09d5)
(From OE-Core rev: ee42ec7146a7c3ceb25c1e0f5afee93849cf9143)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>