This PR makes several fixes to python-gevent. Previously, ptests were not running because they could not possibly run on 3.12. Additionally, the spec was not using the pyproject build process. Finally, the package was previously upgraded, but one of its core dependencies was not added to Azure Linux.
Several tests are either inherently flaky or were reliant on networking configuration assumptions which are not valid in our build process. These have been disabled via patch.
Finally, a patch was added for CVE-2024-24806 in the embedded version of libuv included in the project source.
Change Log
Add patch for CVE-2024-24806
Update python-gevent build process and dependencies to enable testing.
Patch out tests which are inherently flaky or which rely on specific configurations for networking.
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-static
subpackages, etc.) have had theirRelease
tag incremented../cgmanifest.json
,./toolkit/scripts/toolchain/cgmanifest.json
,.github/workflows/cgmanifest.json
)./SPECS/LICENSES-AND-NOTICES/data/licenses.json
,./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
,./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON
)*.signatures.json
filessudo make go-tidy-all
andsudo make go-test-coverage
passSummary
This PR makes several fixes to python-gevent. Previously, ptests were not running because they could not possibly run on 3.12. Additionally, the spec was not using the pyproject build process. Finally, the package was previously upgraded, but one of its core dependencies was not added to Azure Linux.
Several tests are either inherently flaky or were reliant on networking configuration assumptions which are not valid in our build process. These have been disabled via patch.
Finally, a patch was added for CVE-2024-24806 in the embedded version of libuv included in the project source.
Change Log
Does this affect the toolchain?
NO
Links to CVEs
Test Methodology