- Add site-packages path to pdm info and print interpreter URL in
pdm python install -v.
- Support explicit free-threaded Python selection via version suffix t.
- Multiple lockfile/pylock improvements and hash handling fixes.
- Windows path resolution fixes for uv; CLI help formatting preserved.
- Dependencies: require packaging>22.0; bump truststore to 0.10.4.
- Misc: fix AI coding fast apply error
(From OE-Core rev: 5d693522c3aedef8fcbe8ba7ca3b112262427a51)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bugs fixed
LP#2116333: lxml.sax._getNsTag() could fail with an exception on malformed input.
GH#467: Some test adaptations were made for libxml2 2.15. Patch by Nick Wellnhofer.
LP2119510, GH#473: A Python compatibility test was fixed for Python 3.14+. Patch by Lumír Balhar.
GH#471: Wheels for “riscv64” on recent Python versions were added. Patch by ffgan.
GH#469: The wheel build no longer requires the wheel package unconditionally. Patch by Miro Hrončok.
Binary wheels use the library version libxml2 2.14.5.
Windows binary wheels continue to use a security patched library version libxml2 2.11.9.
(From OE-Core rev: 4194aa5de0523070f98a82b5019ba8f94107a14f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The don't show up in CVE metrics anymore since they were either fixed
upstream or recipe version was upgraded meanwhile.
* bind CVE-2019-6470: cpe got corrected in nvd db
* libxml2 CVE-2023-45322: version is now higher than NVD cpe
* zlib CVE-2023-45853: version is now higher than NVD cpe
* gcc CVE-2021-37322: version is now higher than NVD cpe
* python3
* CVE-2007-4559: version is now higher than NVD cpe
* CVE-2019-18348: version is now higher than NVD cpe
* CVE-2020-15523: version is now higher than NVD cpe
* CVE-2022-26488: version is now higher than NVD cpe
* CVE-2015-20107: version is now higher than NVD cpe
* CVE-2023-36632: version is now higher than NVD cpe
* rust
* CVE-2024-24576: NVD has no cpe, but we have newer version as fix
* CVE-2024-43402: version is now higher than NVD cpe
* cups CVE-2021-25317: version is now higher than NVD cpe
* ghostscript CVE-2023-38559: version is now higher than NVD cpe
* libtirpc CVE-2021-46828: version is now higher than NVD cpe
* unzip CVE-2008-0888: version is now higher than NVD cpe
* ffmpeg CVE-2023-39018: cpe got corrected in nvd db
* libxslt CVE-2022-29824: version is now higher than NVD cpe
* libyaml
* CVE-2024-35325: CVE is now rejected in NVD DB
* CVE-2024-35326: CVE is now rejected in NVD DB
* CVE-2024-35328: CVE is now rejected in NVD DB
Also add comment for iputils regarding reports for FKIE/NVD2.
Also remove some trailing spaces in python recipe.
(From OE-Core rev: 73ee9789183aa95072af2b51ac9e08203f4e33f9)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Drop support for Python 3.8
- Officially support Python 3.13
- Avoid a deprecation warning emitted by a dependency when using the tag-pattern option
(From OE-Core rev: bbc00f129553e3c9ccaca0a62afdbc22eb573590)
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Some method calls with 0 or 1 argument failed to use ``PyObject_VectorCallMethod()``.
- Walrus assignments of literal Python integers could generate invalid C code.
(Github issue :issue:`6989`)
- ``cython.pythread_type_lock`` (also used as fallback for ``cython.pymutex``)
could stall on heavily contended locks.
(Github issue :issue:`6999`)
- C string arrays (not pointers) always coerced to the Python default string type,
even on explicit casts to other string types.
(Github issue :issue:`7020`)
- Unterminated ``\N{}`` character escapes in strings could unrail the parser.
(Github issue :issue:`7056`)
- An internal C function was not marked as ``static`` and leaked a linker symbol.
(Github issue :issue:`6957`)
- Some Unicode letters were not recognised as lexically valid name parts.
(Github issue :issue:`7059`)
- Compatibility with PyPy3.8 was lost by accident.
- The Linux binary wheels of 3.1.2 used SSSE3 CPU instructions which are not available on some CPUs.
(Github issue :issue:`7038`)
(From OE-Core rev: 14c2006bce8861eaf2b65d5c71097e67d1af19cf)
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Fix reconciliation of default, flag_value and type parameters for
flag options, as well as parsing and normalization of environment variables.
- Fix typing issue in BadParameter and MissingParameter exceptions for the
parameter param_hint that did not allow for a sequence of string where the
underlying functino _join_param_hints allows for it.
- Use the value of Enum choices to render their default value in help
screen.
- Fix completion for the Z shell (zsh) for completion items containing
colons.
- Don't include envvar in error hint when not configured.
- Fix a rare race in click.testing.StreamMixer's finalization that manifested
as a ValueError on close in a multi-threaded test session.
(From OE-Core rev: 8a5a2fabac46df8ce22c6d645af6b278283c9c00)
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Take a partial patch to disable portion of test_makedev, its also applied
in alpine. NODEV does not exist on musl
Add test_null_dlsym to ignore list on musl, it needs GNU ifunc support
and musl does not implement GNU ifuncs
fixes
Failed ptests:
{'python3': ['test_null_dlsym', 'test_makedev', 'python3']}
(From OE-Core rev: c197de49d6b406be5fc79b6e17c397c834efc1b0)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Do not rely on how python detects the platform triplet
We have been lucky to get it cross-compiling since our build hosts
are also using glibc, so the headers and gcc install locations match
and the values it detects are mostly what we will need for glibc
based targets, but when we use musl e.g. the problems show up where
python3 is not able to automitically discover python modules so any
python package having compiled .so modules fail to load.
Example is ptest failures with TCLIBC = "musl"
and running core-image-ptest-python3-rpds-py
This is revamp of patch [1], currently its working for glibc
based cross-compiling because we build on linux systems which are also
glibc based, but python on musl shows the problem.
When python was upgraded to 3.12 [2], this patch was wrongly dropped
and sadly regression went unnoticed, without this patch
Python's automatic module discovery does not work when it is cross-compiled
this is because it tries host tools and compiler installation during configure
to detect it. .so modules e.g. modulename.cpython-*.so are not seen as a result.
This is seen when running python3-rpds-py ptests where it should load
rpds.cpython-313-x86_64-linux-musl.so rpds.so but it does not and the module test
fail.
root@qemux86-64:/usr/lib/python3-rpds-py/ptest# python3 -c "
import sysconfig
import importlib.machinery
print('Extension suffixes:', importlib.machinery.EXTENSION_SUFFIXES)
print('Soabi:', sysconfig.get_config_var('SOABI'))
print('Ext suffix:', sysconfig.get_config_var('EXT_SUFFIX'))
print('Module suffix:', sysconfig.get_config_var('SO'))
"
Extension suffixes: ['.cpython-313.so', '.abi3.so', '.so']
Soabi: cpython-313
Ext suffix: .cpython-313.so
Module suffix: None
And after fix it is.
root@qemux86-64:~# python3 -c "
import sysconfig
import importlib.machinery
print('Extension suffixes:', importlib.machinery.EXTENSION_SUFFIXES)
print('Soabi:', sysconfig.get_config_var('SOABI'))
print('Ext suffix:', sysconfig.get_config_var('EXT_SUFFIX'))
print('Module suffix:', sysconfig.get_config_var('SO'))
"
Extension suffixes: ['.cpython-313-x86_64-linux-musl.so', '.abi3.so', '.so']
Soabi: cpython-313-x86_64-linux-musl
Ext suffix: .cpython-313-x86_64-linux-musl.so
Module suffix: None
[1] https://git.openembedded.org/openembedded-core/commit/?id=407744b00d702e3133304e1b43064a5634ca02cf
[2] https://git.openembedded.org/openembedded-core/commit/?id=716d82352545d3667a658b69d65d6127678dd150
(From OE-Core rev: 7bb157e48f5e5272db7506c7eb3118209dc3b35f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This test fails [1] with x86-64-v3, surfaces when we switch default
tune for qemux86-64 to be x86-64-v3 or newer
Test seems to compare exact floating point numbers but it might not be
precise enough and comparison may fail.
[1] https://github.com/numpy/numpy/issues/27460
(From OE-Core rev: aaf986bfa93b91a64cbf1c4e23b7fe961bdbb1f7)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With libgcc (working):
Result: inf
Warnings: ['overflow encountered in cast']
With compiler-rt (failing):
Result: inf (probably still correct)
Warnings: [] (no warnings generated)
The issue is likely that compiler-rt on AArch64 doesn't trigger
the floating-point exceptions that NumPy expects for overflow
detection in type casting operations.
(From OE-Core rev: a85f07858b7cf8353541cbe72e2b1a95982d06f3)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
pyrsistent was replaced with rpds in 4.18.0.
zipp doesn't appear to have ever been a dependency, remove. Maybe it was
a transient dependency.
(From OE-Core rev: bc0565683fdc78df8ec58beb4872646c48274e5f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
typing-extensions is only needed with Python <3.10 we have 3.13, remove.
pyparsing and pip are not dependencies, not sure why they're here so
remove.
(From OE-Core rev: 101f2f9f9bf4ea0211963792633dd3c68660132c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The pep517 class no longer called the "build" module directly, so we
can't play games with PYTHONPATH here.
However, the flit_core class has a bootstrap method so this recipe can
use that instead.
(From OE-Core rev: ae85c85b28fd01591ace2f48159cdc7fbc05a26a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update: the code that was ZPL-licensed has been removed[1].
Explicitly set a non-GPLv3 LICENSE on the output package as we don't
actually ship the GPLv3 file.
This fixes the incorrect hashbangs, so we can remove the manual seds.
(From OE-Core rev: b2a105d753310eda94ccf22ec89c276fd2b30dd9)
Signed-off-by: Ross Burton <ross.burton@arm.com>
[1] https://sourceforge.net/p/docutils/code/9977/
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Instead of using the setuptoools class but not using setuptools, use the
new python_pdm class.
(From OE-Core rev: 8f8e4c3e49254853e90080494f2a77b7bdb14921)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Instead of using the setuptoools class but not using setuptools, use the
new python_pdm class.
(From OE-Core rev: bfd94bb972e5a1a4054891694c1b4e674eeb2bb8)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Instead of using the setuptoools class but not using setuptools, use the
new python_pdm class.
(From OE-Core rev: 70510190463df42db0424d44ebf96d42f4ba4add)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This package uses flit, not setuptools.
Also there's no need for it to depend on python3-cryptography.
(From OE-Core rev: 926935eb872408da733103c1d632a901acfd6e69)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Fix usage of typing_extensions.TypedDict nested inside other types
(e.g., typing.Type[typing_extensions.TypedDict]). This is not allowed by the
type system but worked on older versions, so we maintain support.
(From OE-Core rev: a92c8559ea91dc5b4a37e104715d32135341c7cb)
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
