openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
sources/poky/meta/recipes-devtools/python/python3-setuptools/0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch Normal file
View File

@@ -0,0 +1,58 @@
From d393759315b189a738e4b6a2ce31dc18dbbfae29 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Wed, 11 May 2022 21:41:14 +0200
Subject: [PATCH] _distutils/sysconfig.py: make it possible to substite the
prefix to target sysroot
This is done by probing STAGING_INCDIR/STAGING_LIBDIRenv vars:
not the most elegant solution, but distutils/sysconfig has been
tweaked to do this for many, many year, and so it's easiest
to replicate here as well, the original is
meta/recipes-devtools/python/python3/12-distutils-prefix-is-inside-staging-area.patch
I'm not sure exactly why setuptools now needs a copy, and what
would happen to this module in light of distutils deprecation.
Upstream-Status: Inappropriate [oe-core specific]
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
setuptools/_distutils/sysconfig.py | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/setuptools/_distutils/sysconfig.py b/setuptools/_distutils/sysconfig.py
index a40a723..14f35e7 100644
--- a/setuptools/_distutils/sysconfig.py
+++ b/setuptools/_distutils/sysconfig.py
@@ -119,6 +119,8 @@ def get_python_inc(plat_specific=0, prefix=None):
sys.base_exec_prefix -- i.e., ignore 'plat_specific'.
"""
default_prefix = BASE_EXEC_PREFIX if plat_specific else BASE_PREFIX
+ if os.environ.get('STAGING_INCDIR', ""):
+ default_prefix = os.environ['STAGING_INCDIR'].rstrip('include')
resolved_prefix = prefix if prefix is not None else default_prefix
try:
getter = globals()[f'_get_python_inc_{os.name}']
@@ -238,7 +240,13 @@ def get_python_lib(plat_specific=0, standard_lib=0, prefix=None):
early_prefix = prefix
- if prefix is None:
+ if os.environ.get('STAGING_LIBDIR', ""):
+ lib_basename = os.environ['STAGING_LIBDIR'].split('/')[-1]
+ else:
+ lib_basename = "lib"
+ if prefix is None and os.environ.get('STAGING_LIBDIR', ""):
+ prefix = os.environ['STAGING_LIBDIR'].rstrip(lib_basename)
+ elif prefix is None:
if standard_lib:
prefix = plat_specific and BASE_EXEC_PREFIX or BASE_PREFIX
else:
@@ -253,7 +261,7 @@ def get_python_lib(plat_specific=0, standard_lib=0, prefix=None):
# Pure Python
libdir = "lib"
implementation = 'pypy' if IS_PYPY else 'python'
- libpython = os.path.join(prefix, libdir, implementation + get_python_version())
+ libpython = os.path.join(prefix, lib_basename, implementation + get_python_version())
return _posix_lib(standard_lib, libpython, early_prefix, prefix)
elif os.name == "nt":
if standard_lib:

31
sources/poky/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch Normal file
View File

@@ -0,0 +1,31 @@
From 40648dfa770f9f7b9b9efa501c9ef7af96be9f2d Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Tue, 17 Jul 2018 10:13:38 +0800
Subject: [PATCH] conditionally do not fetch code by easy_install
If var-NO_FETCH_BUILD is set, do not allow to fetch code from
internet by easy_install.
Upstream-Status: Inappropriate [oe specific]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
setuptools/command/easy_install.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/setuptools/command/easy_install.py b/setuptools/command/easy_install.py
index 5d6fd5c..377e575 100644
--- a/setuptools/command/easy_install.py
+++ b/setuptools/command/easy_install.py
@@ -676,6 +676,11 @@ class easy_install(Command):
os.path.exists(tmpdir) and _rmtree(tmpdir)
def easy_install(self, spec, deps=False):
+ if os.environ.get('NO_FETCH_BUILD', None):
+ log.error("ERROR: Do not try to fetch `%s' for building. "
+ "Please add its native recipe to DEPENDS." % spec)
+ return None
+
with self._tmpdir() as tmpdir:
if not isinstance(spec, Requirement):
if URL_SCHEME(spec):

312
sources/poky/meta/recipes-devtools/python/python3-setuptools/CVE-2024-6345.patch Normal file
View File

@@ -0,0 +1,312 @@
From 88807c7062788254f654ea8c03427adc859321f0 Mon Sep 17 00:00:00 2001
From: Jason R. Coombs <jaraco@jaraco.com>
Date: Mon Apr 29 20:01:38 2024 -0400
Subject: [PATCH] Merge pull request #4332 from pypa/debt/package-index-vcs
Modernize package_index VCS handling
CVE: CVE-2024-6345
Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0]
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
---
setup.cfg | 1 +
setuptools/package_index.py | 145 ++++++++++++++------------
setuptools/tests/test_packageindex.py | 56 +++++-----
3 files changed, 106 insertions(+), 96 deletions(-)
diff --git a/setup.cfg b/setup.cfg
index edf9798..238d00a 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -65,6 +65,7 @@ testing =
sys_platform != "cygwin"
jaraco.develop >= 7.21; python_version >= "3.9" and sys_platform != "cygwin"
pytest-home >= 0.5
+ pytest-subprocess
testing-integration =
pytest
pytest-xdist
diff --git a/setuptools/package_index.py b/setuptools/package_index.py
index 271aa97..00a972d 100644
--- a/setuptools/package_index.py
+++ b/setuptools/package_index.py
@@ -1,6 +1,7 @@
"""PyPI and direct package downloading."""
import sys
+import subprocess
import os
import re
import io
@@ -585,7 +586,7 @@ class PackageIndex(Environment):
scheme = URL_SCHEME(spec)
if scheme:
# It's a url, download it to tmpdir
- found = self._download_url(scheme.group(1), spec, tmpdir)
+ found = self._download_url(spec, tmpdir)
base, fragment = egg_info_for_url(spec)
if base.endswith('.py'):
found = self.gen_setup(found, fragment, tmpdir)
@@ -814,7 +815,7 @@ class PackageIndex(Environment):
else:
raise DistutilsError("Download error for %s: %s" % (url, v)) from v
- def _download_url(self, scheme, url, tmpdir):
+ def _download_url(self, url, tmpdir):
# Determine download filename
#
name, fragment = egg_info_for_url(url)
@@ -829,19 +830,59 @@ class PackageIndex(Environment):
filename = os.path.join(tmpdir, name)
- # Download the file
- #
- if scheme == 'svn' or scheme.startswith('svn+'):
- return self._download_svn(url, filename)
- elif scheme == 'git' or scheme.startswith('git+'):
- return self._download_git(url, filename)
- elif scheme.startswith('hg+'):
- return self._download_hg(url, filename)
- elif scheme == 'file':
- return urllib.request.url2pathname(urllib.parse.urlparse(url)[2])
- else:
- self.url_ok(url, True) # raises error if not allowed
- return self._attempt_download(url, filename)
+ return self._download_vcs(url, filename) or self._download_other(url, filename)
+
+ @staticmethod
+ def _resolve_vcs(url):
+ """
+ >>> rvcs = PackageIndex._resolve_vcs
+ >>> rvcs('git+http://foo/bar')
+ 'git'
+ >>> rvcs('hg+https://foo/bar')
+ 'hg'
+ >>> rvcs('git:myhost')
+ 'git'
+ >>> rvcs('hg:myhost')
+ >>> rvcs('http://foo/bar')
+ """
+ scheme = urllib.parse.urlsplit(url).scheme
+ pre, sep, post = scheme.partition('+')
+ # svn and git have their own protocol; hg does not
+ allowed = set(['svn', 'git'] + ['hg'] * bool(sep))
+ return next(iter({pre} & allowed), None)
+
+ def _download_vcs(self, url, spec_filename):
+ vcs = self._resolve_vcs(url)
+ if not vcs:
+ return
+ if vcs == 'svn':
+ raise DistutilsError(
+ f"Invalid config, SVN download is not supported: {url}"
+ )
+
+ filename, _, _ = spec_filename.partition('#')
+ url, rev = self._vcs_split_rev_from_url(url)
+
+ self.info(f"Doing {vcs} clone from {url} to {filename}")
+ subprocess.check_call([vcs, 'clone', '--quiet', url, filename])
+
+ co_commands = dict(
+ git=[vcs, '-C', filename, 'checkout', '--quiet', rev],
+ hg=[vcs, '--cwd', filename, 'up', '-C', '-r', rev, '-q'],
+ )
+ if rev is not None:
+ self.info(f"Checking out {rev}")
+ subprocess.check_call(co_commands[vcs])
+
+ return filename
+
+ def _download_other(self, url, filename):
+ scheme = urllib.parse.urlsplit(url).scheme
+ if scheme == 'file': # pragma: no cover
+ return urllib.request.url2pathname(urllib.parse.urlparse(url).path)
+ # raise error if not allowed
+ self.url_ok(url, True)
+ return self._attempt_download(url, filename)
def scan_url(self, url):
self.process_url(url, True)
@@ -857,64 +898,36 @@ class PackageIndex(Environment):
os.unlink(filename)
raise DistutilsError(f"Unexpected HTML page found at {url}")
- def _download_svn(self, url, _filename):
- raise DistutilsError(f"Invalid config, SVN download is not supported: {url}")
-
@staticmethod
- def _vcs_split_rev_from_url(url, pop_prefix=False):
- scheme, netloc, path, query, frag = urllib.parse.urlsplit(url)
+ def _vcs_split_rev_from_url(url):
+ """
+ Given a possible VCS URL, return a clean URL and resolved revision if any.
+ >>> vsrfu = PackageIndex._vcs_split_rev_from_url
+ >>> vsrfu('git+https://github.com/pypa/setuptools@v69.0.0#egg-info=setuptools')
+ ('https://github.com/pypa/setuptools', 'v69.0.0')
+ >>> vsrfu('git+https://github.com/pypa/setuptools#egg-info=setuptools')
+ ('https://github.com/pypa/setuptools', None)
+ >>> vsrfu('http://foo/bar')
+ ('http://foo/bar', None)
+ """
+ parts = urllib.parse.urlsplit(url)
- scheme = scheme.split('+', 1)[-1]
+ clean_scheme = parts.scheme.split('+', 1)[-1]
# Some fragment identification fails
- path = path.split('#', 1)[0]
-
- rev = None
- if '@' in path:
- path, rev = path.rsplit('@', 1)
-
- # Also, discard fragment
- url = urllib.parse.urlunsplit((scheme, netloc, path, query, ''))
-
- return url, rev
-
- def _download_git(self, url, filename):
- filename = filename.split('#', 1)[0]
- url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True)
-
- self.info("Doing git clone from %s to %s", url, filename)
- os.system("git clone --quiet %s %s" % (url, filename))
-
- if rev is not None:
- self.info("Checking out %s", rev)
- os.system(
- "git -C %s checkout --quiet %s"
- % (
- filename,
- rev,
- )
- )
+ no_fragment_path, _, _ = parts.path.partition('#')
- return filename
+ pre, sep, post = no_fragment_path.rpartition('@')
+ clean_path, rev = (pre, post) if sep else (post, None)
- def _download_hg(self, url, filename):
- filename = filename.split('#', 1)[0]
- url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True)
+ resolved = parts._replace(
+ scheme=clean_scheme,
+ path=clean_path,
+ # discard the fragment
+ fragment='',
+ ).geturl()
- self.info("Doing hg clone from %s to %s", url, filename)
- os.system("hg clone --quiet %s %s" % (url, filename))
-
- if rev is not None:
- self.info("Updating to %s", rev)
- os.system(
- "hg --cwd %s up -C -r %s -q"
- % (
- filename,
- rev,
- )
- )
-
- return filename
+ return resolved, rev
def debug(self, msg, *args):
log.debug(msg, *args)
diff --git a/setuptools/tests/test_packageindex.py b/setuptools/tests/test_packageindex.py
index 41b9661..e4cd91a 100644
--- a/setuptools/tests/test_packageindex.py
+++ b/setuptools/tests/test_packageindex.py
@@ -2,7 +2,6 @@ import distutils.errors
import urllib.request
import urllib.error
import http.client
-from unittest import mock
import pytest
@@ -171,49 +170,46 @@ class TestPackageIndex:
assert dists[0].version == ''
assert dists[1].version == vc
- def test_download_git_with_rev(self, tmpdir):
+ def test_download_git_with_rev(self, tmp_path, fp):
url = 'git+https://github.example/group/project@master#egg=foo'
index = setuptools.package_index.PackageIndex()
- with mock.patch("os.system") as os_system_mock:
- result = index.download(url, str(tmpdir))
+ expected_dir = tmp_path / 'project@master'
+ fp.register([
+ 'git',
+ 'clone',
+ '--quiet',
+ 'https://github.example/group/project',
+ expected_dir,
+ ])
+ fp.register(['git', '-C', expected_dir, 'checkout', '--quiet', 'master'])
- os_system_mock.assert_called()
+ result = index.download(url, tmp_path)
- expected_dir = str(tmpdir / 'project@master')
- expected = (
- 'git clone --quiet ' 'https://github.example/group/project {expected_dir}'
- ).format(**locals())
- first_call_args = os_system_mock.call_args_list[0][0]
- assert first_call_args == (expected,)
+ assert result == str(expected_dir)
+ assert len(fp.calls) == 2
- tmpl = 'git -C {expected_dir} checkout --quiet master'
- expected = tmpl.format(**locals())
- assert os_system_mock.call_args_list[1][0] == (expected,)
- assert result == expected_dir
-
- def test_download_git_no_rev(self, tmpdir):
+ def test_download_git_no_rev(self, tmp_path, fp):
url = 'git+https://github.example/group/project#egg=foo'
index = setuptools.package_index.PackageIndex()
- with mock.patch("os.system") as os_system_mock:
- result = index.download(url, str(tmpdir))
-
- os_system_mock.assert_called()
-
- expected_dir = str(tmpdir / 'project')
- expected = (
- 'git clone --quiet ' 'https://github.example/group/project {expected_dir}'
- ).format(**locals())
- os_system_mock.assert_called_once_with(expected)
-
- def test_download_svn(self, tmpdir):
+ expected_dir = tmp_path / 'project'
+ fp.register([
+ 'git',
+ 'clone',
+ '--quiet',
+ 'https://github.example/group/project',
+ expected_dir,
+ ])
+ index.download(url, tmp_path)
+
+ def test_download_svn(self, tmp_path):
url = 'svn+https://svn.example/project#egg=foo'
index = setuptools.package_index.PackageIndex()
msg = r".*SVN download is not supported.*"
with pytest.raises(distutils.errors.DistutilsError, match=msg):
- index.download(url, str(tmpdir))
+ index.download(url, tmp_path)
class TestContentCheckers:
--
2.40.0

54
sources/poky/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch Normal file
View File

@@ -0,0 +1,54 @@
From d8390feaa99091d1ba9626bec0e4ba7072fc507a Mon Sep 17 00:00:00 2001
From: "Jason R. Coombs" <jaraco@jaraco.com>
Date: Sat, 19 Apr 2025 12:49:55 -0400
Subject: [PATCH] Extract _resolve_download_filename with test.
Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a]
CVE: CVE-2025-47273 #Dependency Patch
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
setuptools/package_index.py | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/setuptools/package_index.py b/setuptools/package_index.py
index 00a972d..d460fcb 100644
--- a/setuptools/package_index.py
+++ b/setuptools/package_index.py
@@ -815,9 +815,16 @@ class PackageIndex(Environment):
else:
raise DistutilsError("Download error for %s: %s" % (url, v)) from v
- def _download_url(self, url, tmpdir):
- # Determine download filename
- #
+ @staticmethod
+ def _resolve_download_filename(url, tmpdir):
+ """
+ >>> du = PackageIndex._resolve_download_filename
+ >>> root = getfixture('tmp_path')
+ >>> url = 'https://files.pythonhosted.org/packages/a9/5a/0db.../setuptools-78.1.0.tar.gz'
+ >>> import pathlib
+ >>> str(pathlib.Path(du(url, root)).relative_to(root))
+ 'setuptools-78.1.0.tar.gz'
+ """
name, fragment = egg_info_for_url(url)
if name:
while '..' in name:
@@ -828,8 +835,13 @@ class PackageIndex(Environment):
if name.endswith('.egg.zip'):
name = name[:-4] # strip the extra .zip before download
- filename = os.path.join(tmpdir, name)
+ return os.path.join(tmpdir, name)
+ def _download_url(self, url, tmpdir):
+ """
+ Determine the download filename.
+ """
+ filename = self._resolve_download_filename(url, tmpdir)
return self._download_vcs(url, filename) or self._download_other(url, filename)
@staticmethod
--
2.25.1

59
sources/poky/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch Normal file
View File

@@ -0,0 +1,59 @@
From 250a6d17978f9f6ac3ac887091f2d32886fbbb0b Mon Sep 17 00:00:00 2001
From: "Jason R. Coombs" <jaraco@jaraco.com>
Date: Sat, 19 Apr 2025 13:03:47 -0400
Subject: [PATCH] Add a check to ensure the name resolves relative to the
tmpdir.
Closes #4946
Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b]
CVE: CVE-2025-47273
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
setuptools/package_index.py | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/setuptools/package_index.py b/setuptools/package_index.py
index d460fcb..6c7874d 100644
--- a/setuptools/package_index.py
+++ b/setuptools/package_index.py
@@ -818,12 +818,20 @@ class PackageIndex(Environment):
@staticmethod
def _resolve_download_filename(url, tmpdir):
"""
+ >>> import pathlib
>>> du = PackageIndex._resolve_download_filename
>>> root = getfixture('tmp_path')
>>> url = 'https://files.pythonhosted.org/packages/a9/5a/0db.../setuptools-78.1.0.tar.gz'
- >>> import pathlib
>>> str(pathlib.Path(du(url, root)).relative_to(root))
'setuptools-78.1.0.tar.gz'
+
+ Ensures the target is always in tmpdir.
+
+ >>> url = 'https://anyhost/%2fhome%2fuser%2f.ssh%2fauthorized_keys'
+ >>> du(url, root)
+ Traceback (most recent call last):
+ ...
+ ValueError: Invalid filename...
"""
name, fragment = egg_info_for_url(url)
if name:
@@ -835,7 +843,13 @@ class PackageIndex(Environment):
if name.endswith('.egg.zip'):
name = name[:-4] # strip the extra .zip before download
- return os.path.join(tmpdir, name)
+ filename = os.path.join(tmpdir, name)
+
+ # ensure path resolves within the tmpdir
+ if not filename.startswith(str(tmpdir)):
+ raise ValueError(f"Invalid filename {filename}")
+
+ return filename
def _download_url(self, url, tmpdir):
"""
--
2.25.1