mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-05 16:28:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
71ae82a596d3abee349327f46260920bc1a4aca9
poky/meta/recipes-devtools/python/python3/0017-setup.py-do-not-report-missing-dependencies-for-disa.patch
Peter Marko 8cd040c218 python3: upgrade 3.10.16 -> 3.10.18 
Drop upstreamed patch and refresh remaining patches.

* https://www.python.org/downloads/release/python-31017/

  Security content in this release
  * gh-131809: Upgrade vendored expat to 2.7.1
  * gh-80222: Folding of quoted string in display_name violates RFC
  * gh-121284: Invalid RFC 2047 address header after refolding with
    email.policy.default
  * gh-131261: Update libexpat to 2.7.0
  * gh-105704: CVE-2025-0938 urlparse does not flag hostname containing
    [ or ] as incorrect
  * gh-119511: OOM vulnerability in the imaplib module

* https://www.python.org/downloads/release/python-31018/

  Security content in this release
  * gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330]
    [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed
    tarfile extraction filters (filter="data" and filter="tar") to be
    bypassed using crafted symlinks and hard links.
  * gh-133767: Fix use-after-free in the “unicode-escape” decoder with a
    non-“strict” error handler.
  * gh-128840: Short-circuit the processing of long IPv6 addresses early
    in ipaddress to prevent excessive memory consumption and a minor
    denial-of-service.

gh-133767 got meawhile CVE-2025-4516 assigned.

(From OE-Core rev: 838a8b5ca148dfa6c6c2c76f1705d1e358a31648)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-13 08:42:35 -07:00

41 lines
1.7 KiB
Diff
Raw Blame History

From 246c5ffe75a2d494e415d8a7522df9fe22056d41 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 7 Oct 2019 13:22:14 +0200
Subject: [PATCH] setup.py: do not report missing dependencies for disabled
modules
Reporting those missing dependencies is misleading as the modules would not
have been built anyway. This particularly matters in oe-core's automated
build completeness checker which relies on the report.
Upstream-Status: Inappropriate [oe-core specific]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Alejandro Hernandez Samaniego <alejandro@enedino.org>
Refresh for 3.10.7:
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
---
setup.py | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/setup.py b/setup.py
index 85a2b26357..7605347bf5 100644
--- a/setup.py
+++ b/setup.py
@@ -517,6 +517,14 @@ class PyBuildExt(build_ext):
print("%-*s %-*s %-*s" % (longest, e, longest, f,
longest, g))
+ # There is no need to report missing module dependencies,
+ # if the modules have been disabled in the first place.
+ # cannot use mods_disabled here, because remove_configured_extensions adds
+ # only disabled extensions into it (doesn't cover _dbm, _gdbm, readline
+ # we support disabling through PACKAGECONFIG)
+ sysconf_dis = sysconfig.get_config_var('MODDISABLED_NAMES').split()
+ self.missing = list(set(self.missing) - set(sysconf_dis))
+
if self.missing:
print()
print("The necessary bits to build these optional modules were not "
Reference in New Issue View Git Blame Copy Permalink