Drop upstreamed patch and refresh remaining patches.
* https://www.python.org/downloads/release/python-31017/
Security content in this release
* gh-131809: Upgrade vendored expat to 2.7.1
* gh-80222: Folding of quoted string in display_name violates RFC
* gh-121284: Invalid RFC 2047 address header after refolding with
email.policy.default
* gh-131261: Update libexpat to 2.7.0
* gh-105704: CVE-2025-0938 urlparse does not flag hostname containing
[ or ] as incorrect
* gh-119511: OOM vulnerability in the imaplib module
* https://www.python.org/downloads/release/python-31018/
Security content in this release
* gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330]
[CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed
tarfile extraction filters (filter="data" and filter="tar") to be
bypassed using crafted symlinks and hard links.
* gh-133767: Fix use-after-free in the “unicode-escape” decoder with a
non-“strict” error handler.
* gh-128840: Short-circuit the processing of long IPv6 addresses early
in ipaddress to prevent excessive memory consumption and a minor
denial-of-service.
gh-133767 got meawhile CVE-2025-4516 assigned.
(From OE-Core rev: 838a8b5ca148dfa6c6c2c76f1705d1e358a31648)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
I took the same approach as the recent perl upgrade: write recipe from scratch,
taking the pieces from the old recipe only when they were proven to be necessary.
The pgo, manifest and ptest features are all preserved.
New features:
- native and target recipes are now unified into one recipe
- check_build_completeness.py runs right after do_compile() and verifies that
all optional modules have been built (a notorious source of regressions)
- a new approach to sysconfig.py and distutils/sysconfig.py returning values
appropriate for native or target builds: we copy the configuration file to a
separate folder, add that folder to sys.path (through environment variable
that differs between native and target builds), and point python to the file
through another environment variable.
There were a few other patches where it was difficult to decide if the patch
is still relevant, and how to test that it works correctly; please add those
as-needed by testing the new python.
(From OE-Core rev: 02714c105426b0d687620913c1a7401b386428b6)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Prior versions of python do not support openssl 1.1; updating to
Python 3.6 on the other hand is a lot more involved, and so should
be done by a specialist/maintainer.
LICENSE checksum change due to copyright years.
Drop upstreamed python3-fix-CVE-2016-1000110.patch
Rebase upstream-random-fixes.patch (taken from
ff558f5aba )
Rebase 0001-Do-not-use-the-shell-version-of-python-config-that-w.patch
Rebase 000-cross-compile.patch
(From OE-Core rev: b7b982a29e5d14c558b5fc25b4dc727810510ade)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In python 3.4 python-config was rewritten in shell, ironically
to support cross-compilation:
https://bugs.python.org/issue16235
This new shell version is broken in several ways, and doesn't
have our oe-specific tweaks. Let's revert to the old script,
which is still provided.
(From OE-Core rev: b0d714c7f831828a5e09381fe36e3f859c16b2d9)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
