Instead of using the setuptoools class but not using setuptools, use the
new python_pdm class.
(From OE-Core rev: 70510190463df42db0424d44ebf96d42f4ba4add)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This package uses flit, not setuptools.
Also there's no need for it to depend on python3-cryptography.
(From OE-Core rev: 926935eb872408da733103c1d632a901acfd6e69)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Fix usage of typing_extensions.TypedDict nested inside other types
(e.g., typing.Type[typing_extensions.TypedDict]). This is not allowed by the
type system but worked on older versions, so we maintain support.
(From OE-Core rev: a92c8559ea91dc5b4a37e104715d32135341c7cb)
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There are two "new" CVEs reported for python3, their CPEs are:
* CVE-2020-1171: cpe:2.3🅰️microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
* CVE-2020-1192: cpe:2.3🅰️microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
These are for "Visual Studio Code Python extension".
Solve this by addding CVE vendor to python CVE product to avoid
confusion with Microsoft as vendor.
Examining CVE DB for historical python entries shows:
sqlite> select vendor, product, count(*) from products where product = 'python' or product = 'cpython'
...> or product like 'python%3' group by vendor, product;
microsoft|python|2
python|python|1054
python_software_foundation|python|2
Note that this already shows that cpython product is not used, so
CVE-2023-33595 mentioned in 62598e1138f21a16d8b1cdd1cfe902aeed854c5c
was updated.
But let's keep it for future in case new CVE starts with that again.
(From OE-Core rev: 446df2e29495e615dd6d95b158dd37363830cd3e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Add credentials when passing source urls to uv resolver. (#3553)
* Redact credentials in source urls in the log output, and inject credentials into the source url for uv sync command as well. (#3555)
* Fix a bug that extra dependencies of transitive dependencies are not properly installed when USE_UV=true (#3558)
* Improve the terminal output when setting up a script environment. (#3560)
* Skip non-existent library paths in post-install steps when trying to fix the pth files. (#3561)
(From OE-Core rev: 5f203da704bb76d0521e274bea9499db15f62d8d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=============
- Fix a bug that local file package metadata was missing when reading the lockfile.
- Extract dependency-groups and extras markers from marker value when parsing pylock.toml.
(From OE-Core rev: 81bdaa7dca8715d94f230b3698f519743765210e)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
============
- Fix codecs deprecation in Python 3.14.
- Fix issue with unclosed comment parsing in Python 3.14.
- Fix issue with unclosed declarations in Python 3.14.
- Fix issue with unclosed HTML tag < foo and Python 3.14.
- Ensure incomplete markup declaration in raw HTML doesn't crash parser (#1534).
- Fixed dropped content in md_in_html (#1526).
- Fixed HTML handling corner case that prevented some content from not being rendered
(From OE-Core rev: 665b9720b0f5630090f0345abf6b49a3eda77608)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Add python3-packaging to RDEPENDS
* Enable ptest:
- Add to ptest-packagelists.inc PTESTS_FAST
- inherit ptest-python-pytest
- Add python3-setuptools to ptest RDEPENDS
- One test is skipped, but it requires the "full" python3-flit,
not just python3-flit-core.
Comparing changes since 0.45.1:
https://github.com/pypa/wheel/compare/0.45.1...0.46.1
Release notes [1]:
0.46.1 (2025-04-08)
* Temporarily restored the wheel.macosx_libfile module (#659)
0.46.0 (2025-04-03)
* Dropped support for Python 3.8
* Removed the bdist_wheel setuptools command implementation and entry
point. The wheel.bdist_wheel module is now just an alias to
setuptools.command.bdist_wheel, emitting a deprecation warning on import.
* Removed vendored packaging in favor of a run-time dependency on it
* Made the wheel.metadata module private (with a deprecation warning if
it’s imported
* Made the wheel.cli package private (no deprecation warning)
* Fixed an exception when calling the convert command with an empty
description field
[1] https://wheel.readthedocs.io/en/stable/news.html
(From OE-Core rev: 610ca66283b6a440a1cde4c26945392ed15ac3e0)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The sphinx-copybutton extension can be used to add a copy button to code
blocks in the documentation.
(From OE-Core rev: ebf14a6dc1a5fd041f4df4fd8c6f28da9d15c8f6)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This Sphinx extension can be used to autogenerate documentation for any
python module returning an argument parser from argparse. It can used in
places of the documentation where the --help output is currently
hardcoded, and generate formatted documentation instead.
(From OE-Core rev: 84d1a347195a3cd702468b01a71e787c3e007488)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog (https://github.com/justinmayer/smartypants.py/blob/main/CHANGES.rst#releases-20-and-greater):
Release 2.0.2 (2025-06-17)
- Fix double closing quotes after an HTML block
- Fix regular expressions and tests for Python 3.12+
- Move documentation to ReadTheDocs
Release 2.0.1 (2017-12-20)
- use re.match instead of re.search to improve performance on large strings
The patch '0001-Change-hash-bang-to-python3.patch' needed a refresh to
apply on the latest version.
License-Update: Update and granularize copyright years
(From OE-Core rev: ebb83ce10fecd1a4378a238191f1e012f0c849b7)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Highlights from commit logs:
* Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3 (#177)
* Bump hynek/build-and-inspect-python-package from 2.10 to 2.11 (#178)
* Consistently use raw strings for line-matching regexes (#180)
* Ensure advertised pytest 7.4 compatibility (#182)
* Bump pypa/gh-action-pypi-publish from 1.12.3 to 1.12.4 (#185)
* Bump hynek/build-and-inspect-python-package from 2.11 to 2.12 (#186)
* Print output "dots" for successful unittest subtests (#164) (#190)
* Improve reporting in case of xfail (#194)
Comparing changes from 0.14.1 -> 0.14.2:
https://github.com/pytest-dev/pytest-subtests/compare/v0.14.1...v0.14.2
(From OE-Core rev: 91eaaf0672c5e811fa51d6c4181bd5faf10c2201)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Update crates
1.9.0
* Add full PEP 639 support for project.license and project.license-files
in #2647.
* Add --compatiblity pypi to only build wheels with platform tags that can
also be uploaded to PyPI. This blocks e.g. building for riscv64, which is
supported by manylinux, but not by PyPI.
Comparing changes from v1.8.7 -> v1.9.0:
https://github.com/pyo3/maturin/compare/v1.8.7...v1.9.0
(From OE-Core rev: 4b8a23ed81ef08de8542da59027c929ad623e804)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some of them were introduced by mass-removal of S = WORKDIR/git assignments;
rather than try to fix up (or redo) just these, I've run this sed command over
the whole tree:
sed -i -z -E 's/([ \t\f\v\r]*\n){3,}/\n\n/g' `find . -name *.bb -o -name *.inc`
The rationale is that more than one empty line is wasting vertical screen space, and
does nothing for readability.
(From OE-Core rev: cedc4ff7c9bcfb22a20e43e47f9759f4007a4f1a)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Removing all the S = ${WORKDIR}/git assignments works because BB_GIT_DEFAULT_DESTSUFFIX
is set to match S from bitbake.conf (which itself is set to match typical tarball
releases).
A few recipes are setting S to a sub-directory of the git tree and need
to be adjusted accordingly.
bzip2 recipe is fetching a tarball and separately cloning tests;
adjust the recipe to put the latter into 'bzip2-tests', instead of 'git'.
devupstream.bbclass no longer needs to rewrite S, and is adjusted accordingly.
Adjust scripts/lib/recipetool/append.py to not hardcode 'git' as unpack
destination.
Adjust kernel-yocto.bbclass to use the git unpack variable instead
of hardcoding 'git' (there's also removal of repetition of
string constants and a correction of workdir/unpackdir mismatch in
one of the if-else branches).
Ensure build-appliance-image recipe does not use 'git' as checkout directory for
poky repo, but rather explicitly name it 'poky'.
Ensure reproducible.py code that looks for git repositories does not
hardcode 'git' but uses the destination set by BB_GIT_DEFAULT_DESTSUFFIX.
Ensure recipetool does not write out unneeded S settings into newly
created recipes that fetch from git.
Adjust selftest to not hardcode 'git' as unpack directory.
(From OE-Core rev: f80c07019ddadaf9c5fb890faabfda7920ecd15e)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add existing recipe from meta-python, since pytest lists it as a
dependency. This also puts it in maintainers.inc with myself as
maintainer.
[RP: Switch to use hatching directly]
(From OE-Core rev: 8c06239fdcf983dac759c7d80d6326807c993622)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=============
- Fix duplicated dependencies added to the lock file when the same dependency with extras is requested.
- Stabilize order of the extras and dependency-groups fields in pylock output.
- Fix Windows 11 install pdm error, which is because of msgpack install failure.
- Change the return type of array_of_inline_tables to list[dict] from list[str]
- Ensure uv resolver to include hash for package files.
- Avoid infinite recursion when reading pyproject.toml with circular file dependencies.
- Support pylock as alternative lock format and make it opt-in by config.
- Search for package metadata in lock file first when reuse strategy is used.
(From OE-Core rev: 121c609e91dd7eb72670513eef8c31a5f2271c89)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update: Copyright year updated to 2025
(From OE-Core rev: 2ac6a959f32214d958a7a0cf1973a9bc66839a9b)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
- Fix a longstanding ordering issue with extracting type information
from properties which have a reference to another property. 'mac-mode'
is the one in the Linux kernel.
- Fix a false positive warning about missing
unevaluatedProperties/additionalProperties
(From OE-Core rev: e36601ca6454ec62ad2dd0db47724e2ad4c240cd)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bugs fixed
----------
* Attribute lookups failed on the "bool" builtin type.
* Type checks on or-ed union types could incorrectly return false.
* Negative list indexing could accidentally wrap around twice in PyPy and the Limited API.
* Iterating over literal sequences with starred (unpacked) items could infer a wrong
type for the loop variable and fail to assign the values.
* Calls to C functions taking exception types failed to check for a 'None' argument.
* Fused functions had an incorrect "__module__" attribute.
* The type of Cython implemented functions had an incorrect "__module__" attribute.
* Errors while indexing into "bytearray" or "str" in "nogil" sections could crash.
* "bytearray.append()" could silently accept some invalid character numbers.
* The C++11 "<type_traits>" header was included regardless of the C++ version.
* "PyDict_GetItemStringRef()" was accidentally used in older Limited API versions.
* "abort()" was used but not always available in the Limited API.
* Some dependencies were missing from the "depfile".
* Embedded function signatures were not always separated from the existing docstring.
* "numpy.math" was missing from "Cython/Includes/" and could not be cimported.
* Some tests were adapted for NumPy 2.x.
* Some C compiler warnings were fixed.
* "Cython.Build" was not officially exposing the "cythonize" function.
(From OE-Core rev: ad9e2ba3d7c1af3f7084427eb9ddb0822460b108)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The last dependency in core on this recipe was removed in May 2024[1],
and there don't appear to be any other users that I can find. The last
upstream release was in 2018 so this is now obsolete.
[1] oe-core dfa482f199 ("python3-requests: cleanup RDEPENDS")
(From OE-Core rev: 48b6851420ac54b181647bf23fe1ad86c75fa650)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Security content in this release:
- gh-135034: Fixes multiple issues that allowed tarfile extraction filters
(filter="data" and filter="tar") to be bypassed using crafted symlinks and
hard links. Addresses CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, and
CVE-2025-4517.
- gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-
“strict” error handler.
- gh-128840: Short-circuit the processing of long IPv6 addresses early in
ipaddress to prevent excessive memory consumption and a minor denial-of-service.
Includes additional standard library improvements and bug fixes.
References:
https://docs.python.org/3/whatsnew/changelog.html#python-3-13-4-finalhttps://www.python.org/downloads/release/python-3134/
(From OE-Core rev: d2bcfa826aa3a7bd5d6ab250fb8ba083e2688c8b)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libnsl2 and libtirpc were build dependencies for the nis module.
The nis module was deprecated in Python 3.11 and removed in Python 3.13
(From OE-Core rev: 742eca9cb56ab4ad10534181d28de1fdf3880b9f)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
