[RFC PATCH 01/10][dunfell] python3: upgrade 3.8.2 -> 3.8.3

[RFC PATCH 01/10][dunfell] python3: upgrade 3.8.2 -> 3.8.3

[Tim Orling]

Release Date: May 13, 2020

Note: The release you're looking at is Python 3.8.3, a bugfix release for the
legacy 3.8 series. Python 3.9 is now the latest feature release series of
Python 3.

Notable changes in Python 3.8.3:

The constant values of future flags in the __future__ module are updated in
order to prevent collision with compiler flags. Previously
PyCF_ALLOW_TOP_LEVEL_AWAIT was clashing with CO_FUTURE_DIVISION.
(Contributed by Batuhan Taskaya in bpo-39562)

* Drop patch for CVE-2020-3492 fixed since 3.8.1

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-8492
https://www.python.org/downloads/release/python-383/
https://docs.python.org/release/3.8.3/whatsnew/changelog.html#changelog

Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
---
 ...20-8492-Fix-AbstractBasicAuthHandler.patch | 248 ------------------
 .../{python3_3.8.2.bb => python3_3.8.3.bb}    |   5 +-
 2 files changed, 2 insertions(+), 251 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3/0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch
 rename meta/recipes-devtools/python/{python3_3.8.2.bb => python3_3.8.3.bb} (98%)

diff --git a/meta/recipes-devtools/python/python3/0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch b/meta/recipes-devtools/python/python3/0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch
deleted file mode 100644
index e16b99bcb96..00000000000
--- a/meta/recipes-devtools/python/python3/0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch
+++ /dev/null
@@ -1,248 +0,0 @@
-From 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4 Mon Sep 17 00:00:00 2001
-From: Victor Stinner <vstinner@python.org>
-Date: Thu, 2 Apr 2020 02:52:20 +0200
-Subject: [PATCH] bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler
- (GH-18284)
-
-Upstream-Status: Backport
-(https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4)
-
-CVE: CVE-2020-8492
-
-The AbstractBasicAuthHandler class of the urllib.request module uses
-an inefficient regular expression which can be exploited by an
-attacker to cause a denial of service. Fix the regex to prevent the
-catastrophic backtracking. Vulnerability reported by Ben Caller
-and Matt Schwager.
-
-AbstractBasicAuthHandler of urllib.request now parses all
-WWW-Authenticate HTTP headers and accepts multiple challenges per
-header: use the realm of the first Basic challenge.
-
-Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com>
-Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
----
- Lib/test/test_urllib2.py                      | 90 ++++++++++++-------
- Lib/urllib/request.py                         | 69 ++++++++++----
- .../2020-03-25-16-02-16.bpo-39503.YmMbYn.rst  |  3 +
- .../2020-01-30-16-15-29.bpo-39503.B299Yq.rst  |  5 ++
- 4 files changed, 115 insertions(+), 52 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Library/2020-03-25-16-02-16.bpo-39503.YmMbYn.rst
- create mode 100644 Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst
-
-diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py
-index 8abedaac98..e69ac3e213 100644
---- a/Lib/test/test_urllib2.py
-+++ b/Lib/test/test_urllib2.py
-@@ -1446,40 +1446,64 @@ class HandlerTests(unittest.TestCase):
-         bypass = {'exclude_simple': True, 'exceptions': []}
-         self.assertTrue(_proxy_bypass_macosx_sysconf('test', bypass))
- 
--    def test_basic_auth(self, quote_char='"'):
--        opener = OpenerDirector()
--        password_manager = MockPasswordManager()
--        auth_handler = urllib.request.HTTPBasicAuthHandler(password_manager)
--        realm = "ACME Widget Store"
--        http_handler = MockHTTPHandler(
--            401, 'WWW-Authenticate: Basic realm=%s%s%s\r\n\r\n' %
--            (quote_char, realm, quote_char))
--        opener.add_handler(auth_handler)
--        opener.add_handler(http_handler)
--        self._test_basic_auth(opener, auth_handler, "Authorization",
--                              realm, http_handler, password_manager,
--                              "http://acme.example.com/protected",
--                              "http://acme.example.com/protected",
--                              )
--
--    def test_basic_auth_with_single_quoted_realm(self):
--        self.test_basic_auth(quote_char="'")
--
--    def test_basic_auth_with_unquoted_realm(self):
--        opener = OpenerDirector()
--        password_manager = MockPasswordManager()
--        auth_handler = urllib.request.HTTPBasicAuthHandler(password_manager)
--        realm = "ACME Widget Store"
--        http_handler = MockHTTPHandler(
--            401, 'WWW-Authenticate: Basic realm=%s\r\n\r\n' % realm)
--        opener.add_handler(auth_handler)
--        opener.add_handler(http_handler)
--        with self.assertWarns(UserWarning):
-+    def check_basic_auth(self, headers, realm):
-+        with self.subTest(realm=realm, headers=headers):
-+            opener = OpenerDirector()
-+            password_manager = MockPasswordManager()
-+            auth_handler = urllib.request.HTTPBasicAuthHandler(password_manager)
-+            body = '\r\n'.join(headers) + '\r\n\r\n'
-+            http_handler = MockHTTPHandler(401, body)
-+            opener.add_handler(auth_handler)
-+            opener.add_handler(http_handler)
-             self._test_basic_auth(opener, auth_handler, "Authorization",
--                                realm, http_handler, password_manager,
--                                "http://acme.example.com/protected",
--                                "http://acme.example.com/protected",
--                                )
-+                                  realm, http_handler, password_manager,
-+                                  "http://acme.example.com/protected",
-+                                  "http://acme.example.com/protected")
-+
-+    def test_basic_auth(self):
-+        realm = "realm2@example.com"
-+        realm2 = "realm2@example.com"
-+        basic = f'Basic realm="{realm}"'
-+        basic2 = f'Basic realm="{realm2}"'
-+        other_no_realm = 'Otherscheme xxx'
-+        digest = (f'Digest realm="{realm2}", '
-+                  f'qop="auth, auth-int", '
-+                  f'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", '
-+                  f'opaque="5ccc069c403ebaf9f0171e9517f40e41"')
-+        for realm_str in (
-+            # test "quote" and 'quote'
-+            f'Basic realm="{realm}"',
-+            f"Basic realm='{realm}'",
-+
-+            # charset is ignored
-+            f'Basic realm="{realm}", charset="UTF-8"',
-+
-+            # Multiple challenges per header
-+            f'{basic}, {basic2}',
-+            f'{basic}, {other_no_realm}',
-+            f'{other_no_realm}, {basic}',
-+            f'{basic}, {digest}',
-+            f'{digest}, {basic}',
-+        ):
-+            headers = [f'WWW-Authenticate: {realm_str}']
-+            self.check_basic_auth(headers, realm)
-+
-+        # no quote: expect a warning
-+        with support.check_warnings(("Basic Auth Realm was unquoted",
-+                                     UserWarning)):
-+            headers = [f'WWW-Authenticate: Basic realm={realm}']
-+            self.check_basic_auth(headers, realm)
-+
-+        # Multiple headers: one challenge per header.
-+        # Use the first Basic realm.
-+        for challenges in (
-+            [basic,  basic2],
-+            [basic,  digest],
-+            [digest, basic],
-+        ):
-+            headers = [f'WWW-Authenticate: {challenge}'
-+                       for challenge in challenges]
-+            self.check_basic_auth(headers, realm)
- 
-     def test_proxy_basic_auth(self):
-         opener = OpenerDirector()
-diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
-index 7fe50535da..2a3d71554f 100644
---- a/Lib/urllib/request.py
-+++ b/Lib/urllib/request.py
-@@ -937,8 +937,15 @@ class AbstractBasicAuthHandler:
- 
-     # allow for double- and single-quoted realm values
-     # (single quotes are a violation of the RFC, but appear in the wild)
--    rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+'
--                    'realm=(["\']?)([^"\']*)\\2', re.I)
-+    rx = re.compile('(?:^|,)'   # start of the string or ','
-+                    '[ \t]*'    # optional whitespaces
-+                    '([^ \t]+)' # scheme like "Basic"
-+                    '[ \t]+'    # mandatory whitespaces
-+                    # realm=xxx
-+                    # realm='xxx'
-+                    # realm="xxx"
-+                    'realm=(["\']?)([^"\']*)\\2',
-+                    re.I)
- 
-     # XXX could pre-emptively send auth info already accepted (RFC 2617,
-     # end of section 2, and section 1.2 immediately after "credentials"
-@@ -950,27 +957,51 @@ class AbstractBasicAuthHandler:
-         self.passwd = password_mgr
-         self.add_password = self.passwd.add_password
- 
-+    def _parse_realm(self, header):
-+        # parse WWW-Authenticate header: accept multiple challenges per header
-+        found_challenge = False
-+        for mo in AbstractBasicAuthHandler.rx.finditer(header):
-+            scheme, quote, realm = mo.groups()
-+            if quote not in ['"', "'"]:
-+                warnings.warn("Basic Auth Realm was unquoted",
-+                              UserWarning, 3)
-+
-+            yield (scheme, realm)
-+
-+            found_challenge = True
-+
-+        if not found_challenge:
-+            if header:
-+                scheme = header.split()[0]
-+            else:
-+                scheme = ''
-+            yield (scheme, None)
-+
-     def http_error_auth_reqed(self, authreq, host, req, headers):
-         # host may be an authority (without userinfo) or a URL with an
-         # authority
--        # XXX could be multiple headers
--        authreq = headers.get(authreq, None)
-+        headers = headers.get_all(authreq)
-+        if not headers:
-+            # no header found
-+            return
- 
--        if authreq:
--            scheme = authreq.split()[0]
--            if scheme.lower() != 'basic':
--                raise ValueError("AbstractBasicAuthHandler does not"
--                                 " support the following scheme: '%s'" %
--                                 scheme)
--            else:
--                mo = AbstractBasicAuthHandler.rx.search(authreq)
--                if mo:
--                    scheme, quote, realm = mo.groups()
--                    if quote not in ['"',"'"]:
--                        warnings.warn("Basic Auth Realm was unquoted",
--                                      UserWarning, 2)
--                    if scheme.lower() == 'basic':
--                        return self.retry_http_basic_auth(host, req, realm)
-+        unsupported = None
-+        for header in headers:
-+            for scheme, realm in self._parse_realm(header):
-+                if scheme.lower() != 'basic':
-+                    unsupported = scheme
-+                    continue
-+
-+                if realm is not None:
-+                    # Use the first matching Basic challenge.
-+                    # Ignore following challenges even if they use the Basic
-+                    # scheme.
-+                    return self.retry_http_basic_auth(host, req, realm)
-+
-+        if unsupported is not None:
-+            raise ValueError("AbstractBasicAuthHandler does not "
-+                             "support the following scheme: %r"
-+                             % (scheme,))
- 
-     def retry_http_basic_auth(self, host, req, realm):
-         user, pw = self.passwd.find_user_password(realm, host)
-diff --git a/Misc/NEWS.d/next/Library/2020-03-25-16-02-16.bpo-39503.YmMbYn.rst b/Misc/NEWS.d/next/Library/2020-03-25-16-02-16.bpo-39503.YmMbYn.rst
-new file mode 100644
-index 0000000000..be80ce79d9
---- /dev/null
-+++ b/Misc/NEWS.d/next/Library/2020-03-25-16-02-16.bpo-39503.YmMbYn.rst
-@@ -0,0 +1,3 @@
-+:class:`~urllib.request.AbstractBasicAuthHandler` of :mod:`urllib.request`
-+now parses all WWW-Authenticate HTTP headers and accepts multiple challenges
-+per header: use the realm of the first Basic challenge.
-diff --git a/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst b/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst
-new file mode 100644
-index 0000000000..9f2800581c
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst
-@@ -0,0 +1,5 @@
-+CVE-2020-8492: The :class:`~urllib.request.AbstractBasicAuthHandler` class of the
-+:mod:`urllib.request` module uses an inefficient regular expression which can
-+be exploited by an attacker to cause a denial of service. Fix the regex to
-+prevent the catastrophic backtracking. Vulnerability reported by Ben Caller
-+and Matt Schwager.
--- 
-2.24.1
-
diff --git a/meta/recipes-devtools/python/python3_3.8.2.bb b/meta/recipes-devtools/python/python3_3.8.3.bb
similarity index 98%
rename from meta/recipes-devtools/python/python3_3.8.2.bb
rename to meta/recipes-devtools/python/python3_3.8.3.bb
index 072ce974725..3aa8980e13b 100644
--- a/meta/recipes-devtools/python/python3_3.8.2.bb
+++ b/meta/recipes-devtools/python/python3_3.8.3.bb
@@ -33,7 +33,6 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://0001-configure.ac-fix-LIBPL.patch \
            file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \
            file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \
-           file://0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch \
            file://CVE-2019-20907.patch \
            file://CVE-2020-14422.patch \
            file://CVE-2020-26116.patch \
@@ -47,8 +46,8 @@ SRC_URI_append_class-native = " \
            file://0001-Don-t-search-system-for-headers-libraries.patch \
            "
 
-SRC_URI[md5sum] = "e9d6ebc92183a177b8e8a58cad5b8d67"
-SRC_URI[sha256sum] = "2646e7dc233362f59714c6193017bb2d6f7b38d6ab4a0cb5fbac5c36c4d845df"
+SRC_URI[md5sum] = "3000cf50aaa413052aef82fd2122ca78"
+SRC_URI[sha256sum] = "dfab5ec723c218082fe3d5d7ae17ecbdebffa9a1aea4d64aa3a2ecdd2e795864"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
-- 
2.30.2

[RFC PATCH 00/10][dunfell] python3 bugfix upgrades

[Tim Orling]

Every dot release in the 3.8.y series is by definition a bugfix release.

We have been individually patching individual CVEs, when they could
instead have been handled by bumping the dot release.

The only CVE currently known to not be patched by this series is
CVE-2021-29921 which does not yet have an upstream fix in the 3.8.y
branch.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-29921
https://bugs.python.org/issue36384

Tested on qemux86-64 core-image-minimal with:

IMAGE_INSTALL_append = " python3"

#  enable_gtk_in_qemu: |
DISTRO_FEATURES_append = "opengl"
PACKAGECONFIG_pn-qemu-system-native = "fdt alsa kvm virglrenderer glx gtk+"
#  enable_ptest_and_testimage: |
IMAGE_CLASSES += " testimage"
DISTRO_FEAURES_append = " ptest"
EXTRA_IMAGE_FEATURES = "debug-tweaks ssh-server-dropbear"
TESTIMAGE_AUTO = "1"
TEST_SUITES = " ping ssh python ptest"
TEST_QEMUPARAMS += "-smp 4 -m 8192"
TEST_RUNQEMUPARAMS = "kvm gl-es gtk"
IMAGE_ROOTFS_SIZE ?= "8192"
IMAGE_ROOTFS_EXTRA_SPACE_append = "${@bb.utils.contains("DISTRO_FEATURES", "systemd", " + 4096", "", d)}"
IMAGE_INSTALL_append = " ptest-runner procps coreutils iproute2 sysstat python3-ptest"

The following changes since commit ac8181d9b9ad8360f7dba03aba8b00f008c6ebb4:

  Revert "python3: fix CVE-2021-23336" (2021-06-19 13:11:58 -1000)

are available in the Git repository at:

  git://push.openembedded.org/openembedded-core-contrib timo/dunfell/python3-3.8.10

Tim Orling (10):
  python3: upgrade 3.8.2 -> 3.8.3
  python3: upgrade 3.8.3 -> 3.8.4
  python3: upgrade 3.8.4 -> 3.8.5
  python3: upgrade 3.8.5 -> 3.8.6
  python3: upgrade 3.8.6 -> 3.8.7
  python3: upgrade 3.8.7 -> 3.8.8
  python3: skip tests requiring tools-sdk
  python3: upgrade 3.8.8 -> 3.8.9
  python3: upgrade 3.8.9 -> 3.8.10
  python3-ptest: add newly discovered missing rdeps

 ...20-8492-Fix-AbstractBasicAuthHandler.patch | 248 ------------------
 ...pes.test_find-skip-without-tools-sdk.patch |  33 +++
 ...le.py-correct-the-test-output-format.patch |  24 +-
 .../python/python3/CVE-2019-20907.patch       |  44 ----
 .../python/python3/CVE-2020-14422.patch       |  77 ------
 .../python/python3/CVE-2020-26116.patch       | 104 --------
 .../python/python3/CVE-2020-27619.patch       |  70 -----
 .../python/python3/CVE-2021-3177.patch        | 191 --------------
 .../{python3_3.8.2.bb => python3_3.8.10.bb}   |  20 +-
 9 files changed, 54 insertions(+), 757 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3/0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch
 create mode 100644 meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2019-20907.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-14422.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-26116.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-27619.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2021-3177.patch
 rename meta/recipes-devtools/python/{python3_3.8.2.bb => python3_3.8.10.bb} (95%)

-- 
2.30.2

[RFC PATCH 02/10][dunfell] python3: upgrade 3.8.3 -> 3.8.4

[Tim Orling]

Release Date: July 13, 2020

Note: The release you're looking at is Python 3.8.4, a bugfix release for the
legacy 3.8 series. Python 3.9 is now the latest feature release series of
Python 3.

* Drop patch for CVE-2020-14422 fixed in 3.8.4
* Refresh CVE-2021-23336 patch

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-14422
https://www.python.org/downloads/release/python-384/
https://docs.python.org/release/3.8.4/whatsnew/changelog.html#changelog

Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
---
 .../python/python3/CVE-2020-14422.patch       | 77 -------------------
 .../{python3_3.8.3.bb => python3_3.8.4.bb}    |  5 +-
 2 files changed, 2 insertions(+), 80 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-14422.patch
 rename meta/recipes-devtools/python/{python3_3.8.3.bb => python3_3.8.4.bb} (98%)

diff --git a/meta/recipes-devtools/python/python3/CVE-2020-14422.patch b/meta/recipes-devtools/python/python3/CVE-2020-14422.patch
deleted file mode 100644
index 6889e46da98..00000000000
--- a/meta/recipes-devtools/python/python3/CVE-2020-14422.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From dc8ce8ead182de46584cc1ed8a8c51d48240cbd5 Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-islington@users.noreply.github.com>
-Date: Mon, 29 Jun 2020 11:12:50 -0700
-Subject: [PATCH] bpo-41004: Resolve hash collisions for IPv4Interface and
- IPv6Interface (GH-21033)
-
-The __hash__() methods of classes IPv4Interface and IPv6Interface had issue
-of generating constant hash values of 32 and 128 respectively causing hash collisions.
-The fix uses the hash() function to generate hash values for the objects
-instead of XOR operation
-(cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28)
-
-Co-authored-by: Ravi Teja P <rvteja92@gmail.com>
-
-Upstream-Status: Backport [https://github.com/python/cpython/commit/dc8ce8ead182de46584cc1ed8a8c51d48240cbd5]
-CVE: CVE-2020-14422
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
----
- Lib/ipaddress.py                                     |  4 ++--
- Lib/test/test_ipaddress.py                           | 12 ++++++++++++
- .../2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst         |  1 +
- 3 files changed, 15 insertions(+), 2 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
-
-diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py
-index 873c7644081af..a3a04f7f4b309 100644
---- a/Lib/ipaddress.py
-+++ b/Lib/ipaddress.py
-@@ -1370,7 +1370,7 @@ def __lt__(self, other):
-             return False
- 
-     def __hash__(self):
--        return self._ip ^ self._prefixlen ^ int(self.network.network_address)
-+        return hash((self._ip, self._prefixlen, int(self.network.network_address)))
- 
-     __reduce__ = _IPAddressBase.__reduce__
- 
-@@ -2017,7 +2017,7 @@ def __lt__(self, other):
-             return False
- 
-     def __hash__(self):
--        return self._ip ^ self._prefixlen ^ int(self.network.network_address)
-+        return hash((self._ip, self._prefixlen, int(self.network.network_address)))
- 
-     __reduce__ = _IPAddressBase.__reduce__
- 
-diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py
-index de77111705b69..2eba740e5e7a4 100644
---- a/Lib/test/test_ipaddress.py
-+++ b/Lib/test/test_ipaddress.py
-@@ -2053,6 +2053,18 @@ def testsixtofour(self):
-                          sixtofouraddr.sixtofour)
-         self.assertFalse(bad_addr.sixtofour)
- 
-+    # issue41004 Hash collisions in IPv4Interface and IPv6Interface
-+    def testV4HashIsNotConstant(self):
-+        ipv4_address1 = ipaddress.IPv4Interface("1.2.3.4")
-+        ipv4_address2 = ipaddress.IPv4Interface("2.3.4.5")
-+        self.assertNotEqual(ipv4_address1.__hash__(), ipv4_address2.__hash__())
-+
-+    # issue41004 Hash collisions in IPv4Interface and IPv6Interface
-+    def testV6HashIsNotConstant(self):
-+        ipv6_address1 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:1")
-+        ipv6_address2 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:2")
-+        self.assertNotEqual(ipv6_address1.__hash__(), ipv6_address2.__hash__())
-+
- 
- if __name__ == '__main__':
-     unittest.main()
-diff --git a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
-new file mode 100644
-index 0000000000000..1380b31fbe9f4
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
-@@ -0,0 +1 @@
-+The __hash__() methods of  ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).
diff --git a/meta/recipes-devtools/python/python3_3.8.3.bb b/meta/recipes-devtools/python/python3_3.8.4.bb
similarity index 98%
rename from meta/recipes-devtools/python/python3_3.8.3.bb
rename to meta/recipes-devtools/python/python3_3.8.4.bb
index 3aa8980e13b..438b3e55042 100644
--- a/meta/recipes-devtools/python/python3_3.8.3.bb
+++ b/meta/recipes-devtools/python/python3_3.8.4.bb
@@ -34,7 +34,6 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \
            file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \
            file://CVE-2019-20907.patch \
-           file://CVE-2020-14422.patch \
            file://CVE-2020-26116.patch \
            file://CVE-2020-27619.patch \
            file://CVE-2021-3177.patch \
@@ -46,8 +45,8 @@ SRC_URI_append_class-native = " \
            file://0001-Don-t-search-system-for-headers-libraries.patch \
            "
 
-SRC_URI[md5sum] = "3000cf50aaa413052aef82fd2122ca78"
-SRC_URI[sha256sum] = "dfab5ec723c218082fe3d5d7ae17ecbdebffa9a1aea4d64aa3a2ecdd2e795864"
+SRC_URI[md5sum] = "e16df33cd7b58702e57e137f8f5d13e7"
+SRC_URI[sha256sum] = "5f41968a95afe9bc12192d7e6861aab31e80a46c46fa59d3d837def6a4cd4d37"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
-- 
2.30.2

[RFC PATCH 03/10][dunfell] python3: upgrade 3.8.4 -> 3.8.5

[Tim Orling]

Release Date: July 20, 2020

Note: The release you're looking at is Python 3.8.5, a bugfix release for the
legacy 3.8 series. Python 3.9 is now the latest feature release series of
Python 3.

Drop patches fixed in 3.8.5:
- CVE-2019-20907
- CVE-2019-26116

References:
https://nvd.nist.gov/vuln/detail/CVE-2019-20907
https://nvd.nist.gov/vuln/detail/CVE-2020-26116
https://www.python.org/downloads/release/python-385/
https://docs.python.org/release/3.8.5/whatsnew/changelog.html#changelog

Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
---
 .../python/python3/CVE-2019-20907.patch       |  44 --------
 .../python/python3/CVE-2020-26116.patch       | 104 ------------------
 .../{python3_3.8.4.bb => python3_3.8.5.bb}    |   6 +-
 3 files changed, 2 insertions(+), 152 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2019-20907.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-26116.patch
 rename meta/recipes-devtools/python/{python3_3.8.4.bb => python3_3.8.5.bb} (98%)

diff --git a/meta/recipes-devtools/python/python3/CVE-2019-20907.patch b/meta/recipes-devtools/python/python3/CVE-2019-20907.patch
deleted file mode 100644
index a2e72372dd5..00000000000
--- a/meta/recipes-devtools/python/python3/CVE-2019-20907.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From a06a6bf4e67a50561f6d6fb33534df1d3035ea34 Mon Sep 17 00:00:00 2001
-From: Rishi <rishi_devan@mail.com>
-Date: Wed, 15 Jul 2020 13:51:00 +0200
-Subject: [PATCH] bpo-39017: Avoid infinite loop in the tarfile module
- (GH-21454)
-
-Avoid infinite loop when reading specially crafted TAR files using the tarfile module
-(CVE-2019-20907).
-(cherry picked from commit 5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4)
-
-Co-authored-by: Rishi <rishi_devan@mail.com>
-
-Removed testing 'recursion.tar' tar file due to binary data
-
-Upstream-Status: Backport [https://github.com/python/cpython/commit/c55479556db015f48fc8bbca17f64d3e65598559]
-CVE: CVE-2019-20907
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
----
- Lib/tarfile.py                                    |   2 ++
- .../2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst      |   1 +
- 4 files changed, 10 insertions(+)
- create mode 100644 Lib/test/recursion.tar
- create mode 100644 Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
-
-diff --git a/Lib/tarfile.py b/Lib/tarfile.py
-index d31b9cbb51d65..7a69e1b1aa544 100755
---- a/Lib/tarfile.py
-+++ b/Lib/tarfile.py
-@@ -1241,6 +1241,8 @@ def _proc_pax(self, tarfile):
- 
-             length, keyword = match.groups()
-             length = int(length)
-+            if length == 0:
-+                raise InvalidHeaderError("invalid header")
-             value = buf[match.end(2) + 1:match.start(1) + length - 1]
- 
-             # Normally, we could just use "utf-8" as the encoding and "strict"
-diff --git a/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
-new file mode 100644
-index 0000000000000..ad26676f8b856
---- /dev/null
-+++ b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
-@@ -0,0 +1 @@
-+Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).
diff --git a/meta/recipes-devtools/python/python3/CVE-2020-26116.patch b/meta/recipes-devtools/python/python3/CVE-2020-26116.patch
deleted file mode 100644
index c019db2a762..00000000000
--- a/meta/recipes-devtools/python/python3/CVE-2020-26116.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 668d321476d974c4f51476b33aaca870272523bf Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-islington@users.noreply.github.com>
-Date: Sat, 18 Jul 2020 13:39:12 -0700
-Subject: [PATCH] bpo-39603: Prevent header injection in http methods
- (GH-18485)
-
-reject control chars in http method in http.client.putrequest to prevent http header injection
-(cherry picked from commit 8ca8a2e8fb068863c1138f07e3098478ef8be12e)
-
-Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com>
-
-Upstream-Status: Backport [https://github.com/python/cpython/commit/668d321476d974c4f51476b33aaca870272523bf]
-CVE: CVE-2020-26116
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
-
----
- Lib/http/client.py                            | 15 +++++++++++++
- Lib/test/test_httplib.py                      | 22 +++++++++++++++++++
- .../2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst  |  2 ++
- 3 files changed, 39 insertions(+)
- create mode 100644 Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst
-
-diff --git a/Lib/http/client.py b/Lib/http/client.py
-index 019380a720318..c2ad0471bfee5 100644
---- a/Lib/http/client.py
-+++ b/Lib/http/client.py
-@@ -147,6 +147,10 @@
- #  _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$")
- # We are more lenient for assumed real world compatibility purposes.
- 
-+# These characters are not allowed within HTTP method names
-+# to prevent http header injection.
-+_contains_disallowed_method_pchar_re = re.compile('[\x00-\x1f]')
-+
- # We always set the Content-Length header for these methods because some
- # servers will otherwise respond with a 411
- _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'}
-@@ -1087,6 +1091,8 @@ def putrequest(self, method, url, skip_host=False,
-         else:
-             raise CannotSendRequest(self.__state)
- 
-+        self._validate_method(method)
-+
-         # Save the method for use later in the response phase
-         self._method = method
- 
-@@ -1177,6 +1183,15 @@ def _encode_request(self, request):
-         # ASCII also helps prevent CVE-2019-9740.
-         return request.encode('ascii')
- 
-+    def _validate_method(self, method):
-+        """Validate a method name for putrequest."""
-+        # prevent http header injection
-+        match = _contains_disallowed_method_pchar_re.search(method)
-+        if match:
-+            raise ValueError(
-+                    f"method can't contain control characters. {method!r} "
-+                    f"(found at least {match.group()!r})")
-+
-     def _validate_path(self, url):
-         """Validate a url for putrequest."""
-         # Prevent CVE-2019-9740.
-diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py
-index 8f0e27a1fb836..5a5fcecbc9c15 100644
---- a/Lib/test/test_httplib.py
-+++ b/Lib/test/test_httplib.py
-@@ -364,6 +364,28 @@ def test_headers_debuglevel(self):
-         self.assertEqual(lines[3], "header: Second: val2")
- 
- 
-+class HttpMethodTests(TestCase):
-+    def test_invalid_method_names(self):
-+        methods = (
-+            'GET\r',
-+            'POST\n',
-+            'PUT\n\r',
-+            'POST\nValue',
-+            'POST\nHOST:abc',
-+            'GET\nrHost:abc\n',
-+            'POST\rRemainder:\r',
-+            'GET\rHOST:\n',
-+            '\nPUT'
-+        )
-+
-+        for method in methods:
-+            with self.assertRaisesRegex(
-+                    ValueError, "method can't contain control characters"):
-+                conn = client.HTTPConnection('example.com')
-+                conn.sock = FakeSocket(None)
-+                conn.request(method=method, url="/")
-+
-+
- class TransferEncodingTest(TestCase):
-     expected_body = b"It's just a flesh wound"
- 
-diff --git a/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst b/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst
-new file mode 100644
-index 0000000000000..990affc3edd9d
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst
-@@ -0,0 +1,2 @@
-+Prevent http header injection by rejecting control characters in
-+http.client.putrequest(...).
diff --git a/meta/recipes-devtools/python/python3_3.8.4.bb b/meta/recipes-devtools/python/python3_3.8.5.bb
similarity index 98%
rename from meta/recipes-devtools/python/python3_3.8.4.bb
rename to meta/recipes-devtools/python/python3_3.8.5.bb
index 438b3e55042..21b6be58f70 100644
--- a/meta/recipes-devtools/python/python3_3.8.4.bb
+++ b/meta/recipes-devtools/python/python3_3.8.5.bb
@@ -33,8 +33,6 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://0001-configure.ac-fix-LIBPL.patch \
            file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \
            file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \
-           file://CVE-2019-20907.patch \
-           file://CVE-2020-26116.patch \
            file://CVE-2020-27619.patch \
            file://CVE-2021-3177.patch \
            "
@@ -45,8 +43,8 @@ SRC_URI_append_class-native = " \
            file://0001-Don-t-search-system-for-headers-libraries.patch \
            "
 
-SRC_URI[md5sum] = "e16df33cd7b58702e57e137f8f5d13e7"
-SRC_URI[sha256sum] = "5f41968a95afe9bc12192d7e6861aab31e80a46c46fa59d3d837def6a4cd4d37"
+SRC_URI[md5sum] = "35b5a3d0254c1c59be9736373d429db7"
+SRC_URI[sha256sum] = "e3003ed57db17e617acb382b0cade29a248c6026b1bd8aad1f976e9af66a83b0"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
-- 
2.30.2

[RFC PATCH 04/10][dunfell] python3: upgrade 3.8.5 -> 3.8.6

[Tim Orling]

Release Date: Sept. 24, 2020

Note: The release you're looking at is Python 3.8.6, a bugfix release for the
legacy 3.8 series. Python 3.9 is now the latest feature release series of
Python 3.

References:
https://www.python.org/downloads/release/python-386/
https://docs.python.org/release/3.8.6/whatsnew/changelog.html#changelog

License-Update: PSFv2 -> PSF-2.0 and BSD-0-Clause

Starting with Python 3.8.6, examples, recipes, and other code in
the documentation are dual licensed under the PSF License Version 2
and the Zero-Clause BSD license.

Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
---
 .../python/{python3_3.8.5.bb => python3_3.8.6.bb}         | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 rename meta/recipes-devtools/python/{python3_3.8.5.bb => python3_3.8.6.bb} (98%)

diff --git a/meta/recipes-devtools/python/python3_3.8.5.bb b/meta/recipes-devtools/python/python3_3.8.6.bb
similarity index 98%
rename from meta/recipes-devtools/python/python3_3.8.5.bb
rename to meta/recipes-devtools/python/python3_3.8.6.bb
index 21b6be58f70..bf33fce891b 100644
--- a/meta/recipes-devtools/python/python3_3.8.5.bb
+++ b/meta/recipes-devtools/python/python3_3.8.6.bb
@@ -1,10 +1,10 @@
 SUMMARY = "The Python Programming Language"
 HOMEPAGE = "http://www.python.org"
 DESCRIPTION = "Python is a programming language that lets you work more quickly and integrate your systems more effectively."
-LICENSE = "PSFv2"
+LICENSE = "PSF-2.0 & BSD-0-Clause"
 SECTION = "devel/python"
 
-LIC_FILES_CHKSUM = "file://LICENSE;md5=203a6dbc802ee896020a47161e759642"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=33223c9ef60c31e3f0e866cb09b65e83"
 
 SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://run-ptest \
@@ -43,8 +43,8 @@ SRC_URI_append_class-native = " \
            file://0001-Don-t-search-system-for-headers-libraries.patch \
            "
 
-SRC_URI[md5sum] = "35b5a3d0254c1c59be9736373d429db7"
-SRC_URI[sha256sum] = "e3003ed57db17e617acb382b0cade29a248c6026b1bd8aad1f976e9af66a83b0"
+SRC_URI[md5sum] = "69e73c49eeb1a853cefd26d18c9d069d"
+SRC_URI[sha256sum] = "a9e0b79d27aa056eb9cce8d63a427b5f9bab1465dee3f942dcfdb25a82f4ab8a"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
-- 
2.30.2

[RFC PATCH 05/10][dunfell] python3: upgrade 3.8.6 -> 3.8.7

[Tim Orling]

Release Date: Dec. 21, 2020

Note: The release you're looking at is Python 3.8.7, a bugfix release for the
legacy 3.8 series. Python 3.9 is now the latest feature release series of
Python 3.

* Drop patch for CVE-2020-27619 fixed in 3.8.7

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-27619
https://www.python.org/downloads/release/python-387/
https://docs.python.org/release/3.8.7/whatsnew/changelog.html

Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
---
 .../python/python3/CVE-2020-27619.patch       | 70 -------------------
 .../{python3_3.8.6.bb => python3_3.8.7.bb}    |  5 +-
 2 files changed, 2 insertions(+), 73 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-27619.patch
 rename meta/recipes-devtools/python/{python3_3.8.6.bb => python3_3.8.7.bb} (98%)

diff --git a/meta/recipes-devtools/python/python3/CVE-2020-27619.patch b/meta/recipes-devtools/python/python3/CVE-2020-27619.patch
deleted file mode 100644
index bafa1cb9991..00000000000
--- a/meta/recipes-devtools/python/python3/CVE-2020-27619.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 6c6c256df3636ff6f6136820afaefa5a10a3ac33 Mon Sep 17 00:00:00 2001
-From: "Miss Skeleton (bot)" <31488909+miss-islington@users.noreply.github.com>
-Date: Tue, 6 Oct 2020 05:38:54 -0700
-Subject: [PATCH] bpo-41944: No longer call eval() on content received via HTTP
- in the CJK codec tests (GH-22566) (GH-22577)
-
-(cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8)
-
-Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
-
-Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
-
-Upstream-Status: Backport [https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33]
-CVE: CVE-2020-27619
-Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
----
- Lib/test/multibytecodec_support.py            | 22 +++++++------------
- .../2020-10-05-17-43-46.bpo-41944.rf1dYb.rst  |  1 +
- 2 files changed, 9 insertions(+), 14 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
-
-diff --git a/Lib/test/multibytecodec_support.py b/Lib/test/multibytecodec_support.py
-index cca8af67d6d1d..f76c0153f5ecf 100644
---- a/Lib/test/multibytecodec_support.py
-+++ b/Lib/test/multibytecodec_support.py
-@@ -305,29 +305,23 @@ def test_mapping_file(self):
-             self._test_mapping_file_plain()
- 
-     def _test_mapping_file_plain(self):
--        unichrs = lambda s: ''.join(map(chr, map(eval, s.split('+'))))
-+        def unichrs(s):
-+            return ''.join(chr(int(x, 16)) for x in s.split('+'))
-+
-         urt_wa = {}
- 
-         with self.open_mapping_file() as f:
-             for line in f:
-                 if not line:
-                     break
--                data = line.split('#')[0].strip().split()
-+                data = line.split('#')[0].split()
-                 if len(data) != 2:
-                     continue
- 
--                csetval = eval(data[0])
--                if csetval <= 0x7F:
--                    csetch = bytes([csetval & 0xff])
--                elif csetval >= 0x1000000:
--                    csetch = bytes([(csetval >> 24), ((csetval >> 16) & 0xff),
--                                    ((csetval >> 8) & 0xff), (csetval & 0xff)])
--                elif csetval >= 0x10000:
--                    csetch = bytes([(csetval >> 16), ((csetval >> 8) & 0xff),
--                                    (csetval & 0xff)])
--                elif csetval >= 0x100:
--                    csetch = bytes([(csetval >> 8), (csetval & 0xff)])
--                else:
-+                if data[0][:2] != '0x':
-+                    self.fail(f"Invalid line: {line!r}")
-+                csetch = bytes.fromhex(data[0][2:])
-+                if len(csetch) == 1 and 0x80 <= csetch[0]:
-                     continue
- 
-                 unich = unichrs(data[1])
-diff --git a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
-new file mode 100644
-index 0000000000000..4f9782f1c85af
---- /dev/null
-+++ b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
-@@ -0,0 +1 @@
-+Tests for CJK codecs no longer call ``eval()`` on content received via HTTP.
diff --git a/meta/recipes-devtools/python/python3_3.8.6.bb b/meta/recipes-devtools/python/python3_3.8.7.bb
similarity index 98%
rename from meta/recipes-devtools/python/python3_3.8.6.bb
rename to meta/recipes-devtools/python/python3_3.8.7.bb
index bf33fce891b..11a69ea808a 100644
--- a/meta/recipes-devtools/python/python3_3.8.6.bb
+++ b/meta/recipes-devtools/python/python3_3.8.7.bb
@@ -33,7 +33,6 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://0001-configure.ac-fix-LIBPL.patch \
            file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \
            file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \
-           file://CVE-2020-27619.patch \
            file://CVE-2021-3177.patch \
            "
 
@@ -43,8 +42,8 @@ SRC_URI_append_class-native = " \
            file://0001-Don-t-search-system-for-headers-libraries.patch \
            "
 
-SRC_URI[md5sum] = "69e73c49eeb1a853cefd26d18c9d069d"
-SRC_URI[sha256sum] = "a9e0b79d27aa056eb9cce8d63a427b5f9bab1465dee3f942dcfdb25a82f4ab8a"
+SRC_URI[md5sum] = "60fe018fffc7f33818e6c340d29e2db9"
+SRC_URI[sha256sum] = "ddcc1df16bb5b87aa42ec5d20a5b902f2d088caa269b28e01590f97a798ec50a"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
-- 
2.30.2

[RFC PATCH 06/10][dunfell] python3: upgrade 3.8.7 -> 3.8.8

[Tim Orling]

Release Date: Feb. 19, 2021

Note: The release you're looking at is Python 3.8.8, a bugfix release for the
legacy 3.8 series. Python 3.9 is now the latest feature release series of
Python 3.

Notable changes in Python 3.8.8

Earlier Python versions allowed using both ; and & as query parameter
separators in urllib.parse.parse_qs() and urllib.parse.parse_qsl(). Due to
security concerns, and to conform with newer W3C recommendations, this has been
changed to allow only a single separator key, with & as the default. This
change also affects cgi.parse() and cgi.parse_multipart() as they use the
affected functions internally. For more details, please see their respective
documentation. (Contributed by Adam Goldschmidt, Senthil Kumaran and Ken Jin
in bpo-42967.)

License-Update: update copyright years

Drop patches fixed in 3.8.8:
- CVE-2021-3177

Fixes:
CVE: CVE-2021-3426
CVE: CVE-2021-23336

References:
https://www.python.org/downloads/release/python-388/
https://docs.python.org/release/3.8.8/whatsnew/changelog.html#changelog
https://docs.python.org/3/whatsnew/3.8.html#notable-changes-in-python-3-8-8
https://nvd.nist.gov/vuln/detail/CVE-2021-3177
https://nvd.nist.gov/vuln/detail/CVE-2021-3426

Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
---
 .../python/python3/CVE-2021-3177.patch        | 191 ------------------
 .../{python3_3.8.7.bb => python3_3.8.8.bb}    |   7 +-
 2 files changed, 3 insertions(+), 195 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2021-3177.patch
 rename meta/recipes-devtools/python/{python3_3.8.7.bb => python3_3.8.8.bb} (98%)

diff --git a/meta/recipes-devtools/python/python3/CVE-2021-3177.patch b/meta/recipes-devtools/python/python3/CVE-2021-3177.patch
deleted file mode 100644
index 43d678db467..00000000000
--- a/meta/recipes-devtools/python/python3/CVE-2021-3177.patch
+++ /dev/null
@@ -1,191 +0,0 @@
-From ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-islington@users.noreply.github.com>
-Date: Mon, 18 Jan 2021 13:28:52 -0800
-Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode
- formatting in ctypes param reprs. (GH-24248)
-
-(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
-
-Co-authored-by: Benjamin Peterson <benjamin@python.org>
-
-Co-authored-by: Benjamin Peterson <benjamin@python.org>
-
-CVE: CVE-2021-3177
-Upstream-Status: Backport [https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f]
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- Lib/ctypes/test/test_parameters.py            | 43 ++++++++++++++++
- .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst  |  2 +
- Modules/_ctypes/callproc.c                    | 51 +++++++------------
- 3 files changed, 64 insertions(+), 32 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
-
-diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py
-index e4c25fd880cef..531894fdec838 100644
---- a/Lib/ctypes/test/test_parameters.py
-+++ b/Lib/ctypes/test/test_parameters.py
-@@ -201,6 +201,49 @@ def __dict__(self):
-         with self.assertRaises(ZeroDivisionError):
-             WorseStruct().__setstate__({}, b'foo')
- 
-+    def test_parameter_repr(self):
-+        from ctypes import (
-+            c_bool,
-+            c_char,
-+            c_wchar,
-+            c_byte,
-+            c_ubyte,
-+            c_short,
-+            c_ushort,
-+            c_int,
-+            c_uint,
-+            c_long,
-+            c_ulong,
-+            c_longlong,
-+            c_ulonglong,
-+            c_float,
-+            c_double,
-+            c_longdouble,
-+            c_char_p,
-+            c_wchar_p,
-+            c_void_p,
-+        )
-+        self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' at 0x[A-Fa-f0-9]+>$")
-+        self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>")
-+        self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at 0x[A-Fa-f0-9]+>$")
-+        self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
-+        self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>")
-+        self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>")
-+        self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>")
-+        self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
-+        self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
-+        self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
-+        self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
-+        self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam '[liq]' \(20000\)>$")
-+        self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam '[LIQ]' \(20000\)>$")
-+        self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>")
-+        self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>")
-+        self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (1e+300)>")
-+        self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
-+        self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z' \(0x[A-Fa-f0-9]+\)>$")
-+        self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z' \(0x[A-Fa-f0-9]+\)>$")
-+        self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' \(0x0*12\)>$")
-+
- ################################################################
- 
- if __name__ == '__main__':
-diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
-new file mode 100644
-index 0000000000000..7df65a156feab
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
-@@ -0,0 +1,2 @@
-+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
-+:class:`ctypes.c_longdouble` values.
-diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
-index a9b8675cd951b..de75918d49f37 100644
---- a/Modules/_ctypes/callproc.c
-+++ b/Modules/_ctypes/callproc.c
-@@ -484,58 +484,47 @@ is_literal_char(unsigned char c)
- static PyObject *
- PyCArg_repr(PyCArgObject *self)
- {
--    char buffer[256];
-     switch(self->tag) {
-     case 'b':
-     case 'B':
--        sprintf(buffer, "<cparam '%c' (%d)>",
-+        return PyUnicode_FromFormat("<cparam '%c' (%d)>",
-             self->tag, self->value.b);
--        break;
-     case 'h':
-     case 'H':
--        sprintf(buffer, "<cparam '%c' (%d)>",
-+        return PyUnicode_FromFormat("<cparam '%c' (%d)>",
-             self->tag, self->value.h);
--        break;
-     case 'i':
-     case 'I':
--        sprintf(buffer, "<cparam '%c' (%d)>",
-+        return PyUnicode_FromFormat("<cparam '%c' (%d)>",
-             self->tag, self->value.i);
--        break;
-     case 'l':
-     case 'L':
--        sprintf(buffer, "<cparam '%c' (%ld)>",
-+        return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
-             self->tag, self->value.l);
--        break;
- 
-     case 'q':
-     case 'Q':
--        sprintf(buffer,
--#ifdef MS_WIN32
--            "<cparam '%c' (%I64d)>",
--#else
--            "<cparam '%c' (%lld)>",
--#endif
-+        return PyUnicode_FromFormat("<cparam '%c' (%lld)>",
-             self->tag, self->value.q);
--        break;
-     case 'd':
--        sprintf(buffer, "<cparam '%c' (%f)>",
--            self->tag, self->value.d);
--        break;
--    case 'f':
--        sprintf(buffer, "<cparam '%c' (%f)>",
--            self->tag, self->value.f);
--        break;
--
-+    case 'f': {
-+        PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d);
-+        if (f == NULL) {
-+            return NULL;
-+        }
-+        PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>", self->tag, f);
-+        Py_DECREF(f);
-+        return result;
-+    }
-     case 'c':
-         if (is_literal_char((unsigned char)self->value.c)) {
--            sprintf(buffer, "<cparam '%c' ('%c')>",
-+            return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
-                 self->tag, self->value.c);
-         }
-         else {
--            sprintf(buffer, "<cparam '%c' ('\\x%02x')>",
-+            return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>",
-                 self->tag, (unsigned char)self->value.c);
-         }
--        break;
- 
- /* Hm, are these 'z' and 'Z' codes useful at all?
-    Shouldn't they be replaced by the functionality of c_string
-@@ -544,22 +533,20 @@ PyCArg_repr(PyCArgObject *self)
-     case 'z':
-     case 'Z':
-     case 'P':
--        sprintf(buffer, "<cparam '%c' (%p)>",
-+        return PyUnicode_FromFormat("<cparam '%c' (%p)>",
-             self->tag, self->value.p);
-         break;
- 
-     default:
-         if (is_literal_char((unsigned char)self->tag)) {
--            sprintf(buffer, "<cparam '%c' at %p>",
-+            return PyUnicode_FromFormat("<cparam '%c' at %p>",
-                 (unsigned char)self->tag, (void *)self);
-         }
-         else {
--            sprintf(buffer, "<cparam 0x%02x at %p>",
-+            return PyUnicode_FromFormat("<cparam 0x%02x at %p>",
-                 (unsigned char)self->tag, (void *)self);
-         }
--        break;
-     }
--    return PyUnicode_FromString(buffer);
- }
- 
- static PyMemberDef PyCArgType_members[] = {
-
diff --git a/meta/recipes-devtools/python/python3_3.8.7.bb b/meta/recipes-devtools/python/python3_3.8.8.bb
similarity index 98%
rename from meta/recipes-devtools/python/python3_3.8.7.bb
rename to meta/recipes-devtools/python/python3_3.8.8.bb
index 11a69ea808a..d77c7d87fb7 100644
--- a/meta/recipes-devtools/python/python3_3.8.7.bb
+++ b/meta/recipes-devtools/python/python3_3.8.8.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "Python is a programming language that lets you work more quickly
 LICENSE = "PSF-2.0 & BSD-0-Clause"
 SECTION = "devel/python"
 
-LIC_FILES_CHKSUM = "file://LICENSE;md5=33223c9ef60c31e3f0e866cb09b65e83"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=c22d2438294c784731bf9dd224a467b7"
 
 SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://run-ptest \
@@ -33,7 +33,6 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://0001-configure.ac-fix-LIBPL.patch \
            file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \
            file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \
-           file://CVE-2021-3177.patch \
            "
 
 SRC_URI_append_class-native = " \
@@ -42,8 +41,8 @@ SRC_URI_append_class-native = " \
            file://0001-Don-t-search-system-for-headers-libraries.patch \
            "
 
-SRC_URI[md5sum] = "60fe018fffc7f33818e6c340d29e2db9"
-SRC_URI[sha256sum] = "ddcc1df16bb5b87aa42ec5d20a5b902f2d088caa269b28e01590f97a798ec50a"
+SRC_URI[md5sum] = "23e6b769857233c1ac07b6be7442eff4"
+SRC_URI[sha256sum] = "7c664249ff77e443d6ea0e4cf0e587eae918ca3c48d081d1915fe2a1f1bcc5cc"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
-- 
2.30.2

[RFC PATCH 07/10][dunfell] python3: skip tests requiring tools-sdk

[Tim Orling]

Conditionally skip test_ctypes.test_find unless
IMAGE_FEATURES contains 'tools-sdk' as these test
cases require full packagegroup-core-buildessential

Fixes:
AssertionError: Failed ptests:
{'python3': ['test_find_library_with_gcc', 'test_find_library_with_ld']}

Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
---
 ...pes.test_find-skip-without-tools-sdk.patch | 33 +++++++++++++++++++
 meta/recipes-devtools/python/python3_3.8.8.bb |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch

diff --git a/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
new file mode 100644
index 00000000000..a44d3396a61
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/0001-test_ctypes.test_find-skip-without-tools-sdk.patch
@@ -0,0 +1,33 @@
+From 7a2bddfa437be633bb6945d0e6b7d6f27da870ad Mon Sep 17 00:00:00 2001
+From: Tim Orling <timothy.t.orling@intel.com>
+Date: Fri, 18 Jun 2021 11:56:50 -0700
+Subject: [PATCH] test_ctypes.test_find: skip without tools-sdk
+
+These tests need full packagegroup-core-buildessential, the
+easiest way to dynamically check for that is looking for
+'tools-sdk' in IMAGE_FEATURES.
+
+Upstream-Status: Inappropriate [oe-specific]
+
+Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
+---
+ Lib/ctypes/test/test_find.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/Lib/ctypes/test/test_find.py b/Lib/ctypes/test/test_find.py
+index 92ac184..0d009d1 100644
+--- a/Lib/ctypes/test/test_find.py
++++ b/Lib/ctypes/test/test_find.py
+@@ -112,10 +112,12 @@ class FindLibraryLinux(unittest.TestCase):
+                 # LD_LIBRARY_PATH)
+                 self.assertEqual(find_library(libname), 'lib%s.so' % libname)
+
++    @unittest.skip("Needs IMAGE_FEATURES += \"tools-sdk\"")
+     def test_find_library_with_gcc(self):
+         with unittest.mock.patch("ctypes.util._findSoname_ldconfig", lambda *args: None):
+             self.assertNotEqual(find_library('c'), None)
+
++    @unittest.skip("Needs IMAGE_FEATURES += \"tools-sdk\"")
+     def test_find_library_with_ld(self):
+         with unittest.mock.patch("ctypes.util._findSoname_ldconfig", lambda *args: None), \
+              unittest.mock.patch("ctypes.util._findLib_gcc", lambda *args: None):
diff --git a/meta/recipes-devtools/python/python3_3.8.8.bb b/meta/recipes-devtools/python/python3_3.8.8.bb
index d77c7d87fb7..0febe6b672d 100644
--- a/meta/recipes-devtools/python/python3_3.8.8.bb
+++ b/meta/recipes-devtools/python/python3_3.8.8.bb
@@ -33,6 +33,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://0001-configure.ac-fix-LIBPL.patch \
            file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \
            file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \
+           ${@bb.utils.contains('IMAGE_FEATURES', 'tools-sdk', '', 'file://0001-test_ctypes.test_find-skip-without-tools-sdk.patch', d)} \
            "
 
 SRC_URI_append_class-native = " \
-- 
2.30.2

[RFC PATCH 08/10][dunfell] python3: upgrade 3.8.8 -> 3.8.9

[Tim Orling]

Release Date: April 2, 2021

Note: The release you're looking at is Python 3.8.9, a bugfix release for the
legacy 3.8 series. Python 3.9 is now the latest feature release series of
Python 3.

* Refresh test_local.py patch for upstream changes
* Add DEPENDS on autoconf-archive:
  - bpo-43617: Improve configure.ac: Check for presence of autoconf-archive
    package and remove our copies of M4 macros.

References:
https://www.python.org/downloads/release/python-389/
https://docs.python.org/release/3.8.9/whatsnew/changelog.html#python-3-8-9
https://bugs.python.org/issue43617

Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
---
 ...le.py-correct-the-test-output-format.patch | 24 ++++++++++---------
 .../{python3_3.8.8.bb => python3_3.8.9.bb}    |  6 ++---
 2 files changed, 16 insertions(+), 14 deletions(-)
 rename meta/recipes-devtools/python/{python3_3.8.8.bb => python3_3.8.9.bb} (98%)

diff --git a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch
index 35b7e0c480a..f9d2eadc119 100644
--- a/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch
@@ -1,6 +1,6 @@
-From b94995e0c694ec9561efec0d1a59b323340e6105 Mon Sep 17 00:00:00 2001
-From: Mingli Yu <mingli.yu@windriver.com>
-Date: Mon, 5 Aug 2019 15:57:39 +0800
+From e11787d373baa6d7b0e0d94aff8ccd373203bfb1 Mon Sep 17 00:00:00 2001
+From: Tim Orling <ticotimo@gmail.com>
+Date: Wed, 16 Jun 2021 07:49:52 -0700
 Subject: [PATCH] test_locale.py: correct the test output format
 
 Before this patch:
@@ -24,23 +24,25 @@ Before this patch:
 Upstream-Status: Submitted [https://github.com/python/cpython/pull/15132]
 
 Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+
+
+Refresh patch for upstream changes in 3.8.9
+
+Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
 ---
  Lib/test/test_locale.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Lib/test/test_locale.py b/Lib/test/test_locale.py
-index e2c2178..558d63c 100644
+index 39091c0..5050f3d 100644
 --- a/Lib/test/test_locale.py
 +++ b/Lib/test/test_locale.py
-@@ -527,7 +527,7 @@ class TestMiscellaneous(unittest.TestCase):
+@@ -563,7 +563,7 @@ class TestMiscellaneous(unittest.TestCase):
              self.skipTest('test needs Turkish locale')
          loc = locale.getlocale(locale.LC_CTYPE)
          if verbose:
 -            print('testing with %a' % (loc,), end=' ', flush=True)
 +            print('testing with %a...' % (loc,), end=' ', flush=True)
-         locale.setlocale(locale.LC_CTYPE, loc)
-         self.assertEqual(loc, locale.getlocale(locale.LC_CTYPE))
- 
--- 
-2.7.4
-
+         try:
+             locale.setlocale(locale.LC_CTYPE, loc)
+         except locale.Error as exc:
diff --git a/meta/recipes-devtools/python/python3_3.8.8.bb b/meta/recipes-devtools/python/python3_3.8.9.bb
similarity index 98%
rename from meta/recipes-devtools/python/python3_3.8.8.bb
rename to meta/recipes-devtools/python/python3_3.8.9.bb
index 0febe6b672d..c6e7e593787 100644
--- a/meta/recipes-devtools/python/python3_3.8.8.bb
+++ b/meta/recipes-devtools/python/python3_3.8.9.bb
@@ -42,8 +42,8 @@ SRC_URI_append_class-native = " \
            file://0001-Don-t-search-system-for-headers-libraries.patch \
            "
 
-SRC_URI[md5sum] = "23e6b769857233c1ac07b6be7442eff4"
-SRC_URI[sha256sum] = "7c664249ff77e443d6ea0e4cf0e587eae918ca3c48d081d1915fe2a1f1bcc5cc"
+SRC_URI[md5sum] = "51b5bbf2ab447e66d15af4883db1c133"
+SRC_URI[sha256sum] = "5e391f3ec45da2954419cab0beaefd8be38895ea5ce33577c3ec14940c4b9572"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
@@ -73,7 +73,7 @@ ALTERNATIVE_LINK_NAME[python3-config] = "${bindir}/python${PYTHON_MAJMIN}-config
 ALTERNATIVE_TARGET[python3-config] = "${bindir}/python${PYTHON_MAJMIN}-config-${MULTILIB_SUFFIX}"
 
 
-DEPENDS = "bzip2-replacement-native libffi bzip2 openssl sqlite3 zlib virtual/libintl xz virtual/crypt util-linux libtirpc libnsl2"
+DEPENDS = "bzip2-replacement-native libffi bzip2 openssl sqlite3 zlib virtual/libintl xz virtual/crypt util-linux libtirpc libnsl2 autoconf-archive"
 DEPENDS_append_class-target = " python3-native"
 DEPENDS_append_class-nativesdk = " python3-native"
 
-- 
2.30.2

[RFC PATCH 09/10][dunfell] python3: upgrade 3.8.9 -> 3.8.10

[Tim Orling]

Release Date: May 3, 2021

This is the tenth and final regular maintenance release of Python 3.8

Note: The release you're looking at is Python 3.8.10, a bugfix release for the
legacy 3.8 series. Python 3.9 is now the latest feature release series of
Python 3.

FIXME:
AssertionError: Failed ptests:
{'python3': ['test_record_extensions', 'test_build_ext']}

References:
https://www.python.org/downloads/release/python-3810/
https://docs.python.org/release/3.8.10/whatsnew/changelog.html

Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
---
 .../python/{python3_3.8.9.bb => python3_3.8.10.bb}            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/python/{python3_3.8.9.bb => python3_3.8.10.bb} (99%)

diff --git a/meta/recipes-devtools/python/python3_3.8.9.bb b/meta/recipes-devtools/python/python3_3.8.10.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.8.9.bb
rename to meta/recipes-devtools/python/python3_3.8.10.bb
index c6e7e593787..3e4386e57c8 100644
--- a/meta/recipes-devtools/python/python3_3.8.9.bb
+++ b/meta/recipes-devtools/python/python3_3.8.10.bb
@@ -42,8 +42,8 @@ SRC_URI_append_class-native = " \
            file://0001-Don-t-search-system-for-headers-libraries.patch \
            "
 
-SRC_URI[md5sum] = "51b5bbf2ab447e66d15af4883db1c133"
-SRC_URI[sha256sum] = "5e391f3ec45da2954419cab0beaefd8be38895ea5ce33577c3ec14940c4b9572"
+SRC_URI[md5sum] = "d9eee4b20155553830a2025e4dcaa7b3"
+SRC_URI[sha256sum] = "6af24a66093dd840bcccf371d4044a3027e655cf24591ce26e48022bc79219d9"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
-- 
2.30.2

[RFC PATCH 10/10][dunfell] python3-ptest: add newly discovered missing rdeps

[Tim Orling]

Making ptest images based on core-image-minimal uncovered quite a
few missing depenendcies from various recipes, here they are.

(From OE-Core rev: 2cda6242f2f0f6f9c6bdef72bbb271eab7e5e1f5)

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Backport to Python 3.8.10 (only python3 portion of patch)
Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
---
 meta/recipes-devtools/python/python3_3.8.10.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/python/python3_3.8.10.bb b/meta/recipes-devtools/python/python3_3.8.10.bb
index 3e4386e57c8..c3da6718a89 100644
--- a/meta/recipes-devtools/python/python3_3.8.10.bb
+++ b/meta/recipes-devtools/python/python3_3.8.10.bb
@@ -332,6 +332,7 @@ PACKAGES =+ "libpython3 libpython3-staticdev"
 FILES_libpython3 = "${libdir}/libpython*.so.*"
 FILES_libpython3-staticdev += "${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_MAJMIN}-*/libpython${PYTHON_MAJMIN}.a"
 INSANE_SKIP_${PN}-dev += "dev-elf"
+INSANE_SKIP_${PN}-ptest += "dev-deps"
 
 # catch all the rest (unsorted)
 PACKAGES += "${PN}-misc"
@@ -347,7 +348,7 @@ FILES_${PN}-man = "${datadir}/man"
 # See https://bugs.python.org/issue18748 and https://bugs.python.org/issue37395
 RDEPENDS_libpython3_append_libc-glibc = " libgcc"
 RDEPENDS_${PN}-ctypes_append_libc-glibc = " ${MLPREFIX}ldconfig"
-RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests unzip bzip2 libgcc tzdata-europe coreutils sed"
+RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests ${PN}-dev unzip bzip2 libgcc tzdata-europe coreutils sed"
 RDEPENDS_${PN}-ptest_append_libc-glibc = " locale-base-tr-tr.iso-8859-9"
 RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk tk-lib', '', d)}"
 RDEPENDS_${PN}-dev = ""
-- 
2.30.2