Drop upstreamed patch and refresh remaining patches.
* https://www.python.org/downloads/release/python-31017/
Security content in this release
* gh-131809: Upgrade vendored expat to 2.7.1
* gh-80222: Folding of quoted string in display_name violates RFC
* gh-121284: Invalid RFC 2047 address header after refolding with
email.policy.default
* gh-131261: Update libexpat to 2.7.0
* gh-105704: CVE-2025-0938 urlparse does not flag hostname containing
[ or ] as incorrect
* gh-119511: OOM vulnerability in the imaplib module
* https://www.python.org/downloads/release/python-31018/
Security content in this release
* gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330]
[CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed
tarfile extraction filters (filter="data" and filter="tar") to be
bypassed using crafted symlinks and hard links.
* gh-133767: Fix use-after-free in the “unicode-escape” decoder with a
non-“strict” error handler.
* gh-128840: Short-circuit the processing of long IPv6 addresses early
in ipaddress to prevent excessive memory consumption and a minor
denial-of-service.
gh-133767 got meawhile CVE-2025-4516 assigned.
(From OE-Core rev: 838a8b5ca148dfa6c6c2c76f1705d1e358a31648)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* it was changed from sysconf_dis to mods_disabled in:
https://git.openembedded.org/openembedded-core/diff/meta/recipes-devtools/python/python3/0017-setup.py-do-not-report-missing-dependencies-for-disa.patch?id=7347556b18b45c5f9afc2cade565a75c95876914
but unfortunately this doesn't work as mods_disabled set by remove_configured_extensions
can contain only extensions which were disabled, as this list:
self.extensions: ['_struct', 'array', '_contextvars', 'math', 'cmath', 'time', '_datetime', '_zoneinfo', '_random', '_bisect', '_heapq', '_pickle', 'atexit', '_json', '_lsprof', 'unicodedata', '_opcode', '_asyncio', '_abc', '_queue', '_statistics', 'fcntl', 'pwd', 'grp', 'spwd', 'select', 'parser', 'mmap', 'syslog', '_xxsubinterpreters', 'audioop', '_csv', '_posixsubprocess', '_testcapi', '_testinternalcapi', '_testbuffer', '_testimportmultiple', '_testmultiphase', '_xxtestfuzz', '_curses', '_curses_panel', '_crypt', '_socket', '_ssl', '_hashlib', '_sha256', '_sha512', '_md5', '_sha1', '_blake2', '_sha3', '_sqlite3', 'termios', 'resource', 'ossaudiodev', 'nis', 'zlib', 'binascii', '_bz2', '_lzma', 'pyexpat', '_elementtree', '_multibytecodec', '_codecs_kr', '_codecs_jp', '_codecs_cn', '_codecs_tw', '_codecs_hk', '_codecs_iso2022', '_decimal', '_ctypes_test', '_posixshmem', '_multiprocessing', '_uuid', 'xxlimited', '_ctypes']
while PACKAGECONFIG in python3 usually uses this to disable _dbm, _gdbm or runtime modules.
* without this change the do_install will fail (based on check_build_completeness.py log.do_compile) with:
| ERROR: Execution of '/OE/build/oe-core/tmp-glibc/work/x86_64-linux/python3-native/3.9.0-r0/temp/run.do_install.69743' failed with exit code 1:
| The necessary bits to build these optional modules were not found:
| _dbm _gdbm readline
(From OE-Core rev: fa5243693e35e1e0dc3247e2178f181051f68e77)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop 0001-Do-not-hardcode-lib-as-location-for-site-packages-an.patch,
0001-configure.ac-fix-LIBPL.patch and 0001-python3-Do-not-hardcode-lib-for-distutils.patch
as they are all replaced by the new --platlibdir option to ./configure
Rename 0001-Lib-sysconfig.py-fix-another-place-where-lib-is-hard.patch to
0001-Lib-sysconfig.py-use-libdir-values-from-configuratio.patch
and describe the changes better.
License-Update: documentation now dual license under PSF & BSD
(not relevant for the recipe.
(From OE-Core rev: 7347556b18b45c5f9afc2cade565a75c95876914)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop backports, rebase other patches.
0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch
is removed as the use case (allowing python 2 and 3 to coexist
in SDKs) is no longer relevant with Python 2.x reaching end of line
and upstream has refactored the code making a rebase difficult.
If needed, please re-add the patch to py2, rather than py3.
Python 3.8 no longer adds "m" to "3.8" in paths, so adjust the recipes
and classes accordingly.
The manifest for the 3.8.0 version is updated; particularly pkgutil
module is now packaged in -core (as other things in core need it);
this also necessitates allowing empty -pkgutil package to avoid
breakage across layers.
(From OE-Core rev: e6ab9f16b92aa1abdae82c535c1a452a1341b0e2)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The use case is building a gpl3-free image, without having
to rely on outdated recipes from meta-gplv2 layer.
(From OE-Core rev: 02eb487c8145e0f3d957c39cf16f6f805e95e536)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
