From: Tim Orling <tim.orling@konsulko.com> Dependency for python3-cryptography Signed-off-by: Tim Orling <tim.orling@konsulko.com> --- .../python/python3-ply_3.11.bb | 18 ++++++++++++++++++
I was looking at a python3-ply CVE the other day and I noticed
that
the upstream repository was archived by the owner on Dec 21, 2025.
It is now read-only.
https://github.com/dabeaz/ply
so we'll have to see if anyone takes over maintenance or
if the users switch to a different lex/yacc in python
implementation.
On master there are only 2 current users via a layer index
depends query:
https://layers.openembedded.org/layerindex/branch/master/recipes/?q=depends%3Apython3-ply
but there could be some recipes that use it such as meta-sca.
I don't see where it was ever used by python3-cryptography but it
is still declared as a dependency for spdx-tools:
❯ rg python3-ply
..
meta/recipes-devtools/python/python3-spdx-tools_0.8.3.bb
16:# Dependencies required for conversion to spdx3 :
python3-semantic-version, python3-ply
24: python3-ply \
Consider this a head up for those CCed.
Since it's not maintained, it would be nice to replace it
or if not really used by spdx-tools, move it back to meta-oe.
../Randy
1 file changed, 18 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-ply_3.11.bb diff --git a/meta/recipes-devtools/python/python3-ply_3.11.bb b/meta/recipes-devtools/python/python3-ply_3.11.bb new file mode 100644 index 00000000000..99c037bb734 --- /dev/null +++ b/meta/recipes-devtools/python/python3-ply_3.11.bb @@ -0,0 +1,18 @@ +SUMMARY = "Python Lex and Yacc" +DESCRIPTION = "Python ply: PLY is yet another implementation of lex and yacc for Python" +HOMEPAGE = "https://pypi.python.org/pypi/ply" +SECTION = "devel/python" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://README.md;beginline=5;endline=32;md5=f5ee5c355c0e6719c787a71b8f0fa96c" + +SRC_URI[md5sum] = "6465f602e656455affcd7c5734c638f8" +SRC_URI[sha256sum] = "00c7c1aaa88358b9c765b6d3000c6eec0ba42abca5351b095321aef446081da3" + +inherit pypi setuptools3 + +RDEPENDS:${PN}:class-target += "\ + ${PYTHON_PN}-netclient \ + ${PYTHON_PN}-shell \ +" + +BBCLASSEXTEND = "native"
-- # Randy MacLeod # Wind River Linux