libcap-ng: upgrade 0.7.4 -> 0.7.7

* Port changes from meta-oe: commit bce4dba5546480c8e43c6442959ac7d0a4ef32f6 Author: Li xin <lixin.fnst@cn.fujitsu.com> Date: Thu Jul 23 15:29:31 2015 +0800 libcap-ng: upgrade 0.7.4 -> 0.7.7 Update python.patch,since the contents has been changed. Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> * Remove patch CVE-2014-3215.patch that included by 0.7.7 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
author: Wenzong Fan <wenzong.fan@windriver.com> 2015-08-14 02:38:17 -0400
committer: Joe MacDonald <joe_macdonald@mentor.com> 2015-08-14 12:38:41 -0400
commit: cd04049ee2710cdcfa1f738f3453b1622c895854 (patch)
tree: 74e3cf23f7509b28964dde7f98056cc288937cb1
parent: 61a2cc84afee1e7d144475781b3d887e42746822 (diff)
download: meta-selinux-cd04049ee2710cdcfa1f738f3453b1622c895854.tar.gz
3 files changed, 41 insertions, 100 deletions
diff --git a/recipes-security/libcap-ng/libcap-ng/CVE-2014-3215.patch b/recipes-security/libcap-ng/libcap-ng/CVE-2014-3215.patch
deleted file mode 100644
index d7a868d..0000000
--- a/recipes-security/libcap-ng/libcap-ng/CVE-2014-3215.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-Upstream-Status: Pending
-diff --git a/docs/capng_lock.3 b/docs/capng_lock.3
-index 7683119..a070c1e 100644
--- a/docs/capng_lock.3
-+++ b/docs/capng_lock.3
-@@ -8,12 +8,13 @@ int capng_lock(void);
- 
- .SH "DESCRIPTION"
- 
-capng_lock will take steps to prevent children of the current process to regain full privileges if the uid is 0. This should be called while possessing the CAP_SETPCAP capability in the kernel. This function will do the following if permitted by the kernel: Set the NOROOT option on for PR_SET_SECUREBITS, set the NOROOT_LOCKED option to on for PR_SET_SECUREBITS, set the PR_NO_SETUID_FIXUP option on for PR_SET_SECUREBITS, and set the PR_NO_SETUID_FIXUP_LOCKED option on for PR_SET_SECUREBITS.
-+capng_lock will take steps to prevent children of the current process from gaining privileges by executing setuid programs.  This should be called while possessing the CAP_SETPCAP capability in the kernel.
- 
-+This function will do the following if permitted by the kernel:  If the kernel supports PR_SET_NO_NEW_PRIVS, it will use it.  Otherwise it will set the NOROOT option on for PR_SET_SECUREBITS, set the NOROOT_LOCKED option to on for PR_SET_SECUREBITS, set the PR_NO_SETUID_FIXUP option on for PR_SET_SECUREBITS, and set the PR_NO_SETUID_FIXUP_LOCKED option on for PR_SET_SECUREBITS.  If both fail, it will return an error.
- 
- .SH "RETURN VALUE"
- 
-This returns 0 on success and a negative number on failure. -1 means a failure setting any of the PR_SET_SECUREBITS options.
-+This returns 0 on success and a negative number on failure. -1 means a failure to use PR_SET_NO_NEW_PRIVS and a failure setting any of the PR_SET_SECUREBITS options.
- 
- .SH "SEE ALSO"
- 
-diff --git a/src/cap-ng.c b/src/cap-ng.c
-index bd105ba..422f2bc 100644
--- a/src/cap-ng.c
-+++ b/src/cap-ng.c
-@@ -45,6 +45,7 @@
-  * 2.6.24 kernel       XATTR_NAME_CAPS
-  * 2.6.25 kernel       PR_CAPBSET_DROP, CAPABILITY_VERSION_2
-  * 2.6.26 kernel       PR_SET_SECUREBITS, SECURE_*_LOCKED, VERSION_3
-+ * 3.5    kernel       PR_SET_NO_NEW_PRIVS
-  */
- 
- /* External syscall prototypes */
-@@ -122,6 +123,14 @@ extern int capget(cap_user_header_t header, const cap_user_data_t data);
- #define SECURE_NO_SETUID_FIXUP_LOCKED   3  /* make bit-2 immutable */
- #endif
- 
-+/* prctl values that we use */
-+#ifndef PR_SET_SECUREBITS
-+#define PR_SET_SECUREBITS              28
-+#endif
-+#ifndef PR_SET_NO_NEW_PRIVS
-+#define PR_SET_NO_NEW_PRIVS            38
-+#endif
-+
- // States: new, allocated, initted, updated, applied
- typedef enum { CAPNG_NEW, CAPNG_ERROR, CAPNG_ALLOCATED, CAPNG_INIT,
-        CAPNG_UPDATED, CAPNG_APPLIED } capng_states_t;
-@@ -663,15 +672,22 @@ int capng_change_id(int uid, int gid, capng_flags_t flag)
- 
- int capng_lock(void)
- {
-#ifdef PR_SET_SECUREBITS
-       int rc = prctl(PR_SET_SECUREBITS,
-                       1 << SECURE_NOROOT |
-                       1 << SECURE_NOROOT_LOCKED |
-                       1 << SECURE_NO_SETUID_FIXUP |
-                       1 << SECURE_NO_SETUID_FIXUP_LOCKED, 0, 0, 0);
-+       int rc;
-+
-+       // On Linux 3.5 and up, we can directly prevent ourselves and
-+       // our descendents from gaining privileges.
-+       if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == 0)
-+               return 0;
-+
-+       // This kernel is too old or otherwise doesn't support
-+       // PR_SET_NO_NEW_PRIVS.  Fall back to using securebits.
-+       rc = prctl(PR_SET_SECUREBITS,
-+                  1 << SECURE_NOROOT |
-+                  1 << SECURE_NOROOT_LOCKED |
-+                  1 << SECURE_NO_SETUID_FIXUP |
-+                  1 << SECURE_NO_SETUID_FIXUP_LOCKED, 0, 0, 0);
-        if (rc)
-                return -1;
-#endif
- 
-        return 0;
- }
diff --git a/recipes-security/libcap-ng/libcap-ng/python.patch b/recipes-security/libcap-ng/libcap-ng/python.patch
index d82ceb4..59591eb 100644
--- a/recipes-security/libcap-ng/libcap-ng/python.patch
+++ b/recipes-security/libcap-ng/libcap-ng/python.patch
@@ -1,16 +1,44 @@
-configure.ac - Avoid an incorrect check for python.
+From b01bb2694f66cd981e6d61523433dc3eb5ed32f2 Mon Sep 17 00:00:00 2001
-Makefile.am - avoid hard coded host include paths.
+From: Li xin <lixin.fnst@cn.fujitsu.com>
+Date: Sat, 18 Jul 2015 23:03:30 +0900
+Subject: [PATCH] configure.ac - Avoid an incorrect check for python.
+ Makefile.am - avoid hard coded host include paths.
+Upstream-Status: pending
 Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
+---
+ bindings/python/Makefile.am |  3 ++-
+ configure.ac                | 15 ++-------------
+ 2 files changed, 4 insertions(+), 14 deletions(-)
--- libcap-ng-0.6.5/configure.ac.orig   2012-01-17 13:59:03.645898989 -0600
+diff --git a/bindings/python/Makefile.am b/bindings/python/Makefile.am
-+++ libcap-ng-0.6.5/configure.ac        2012-01-17 13:59:46.353959252 -0600
+index 82b9bb8..f9fe7a8 100644
-@@ -120,17 +120,8 @@
+--- a/bindings/python/Makefile.am
+++ b/bindings/python/Makefile.am
+@@ -23,7 +23,8 @@ SUBDIRS = test
+ CONFIG_CLEAN_FILES = *.loT *.rej *.orig
+ AM_CFLAGS = -fPIC -DPIC
+ PYLIBVER ?= python$(PYTHON_VERSION)
+-AM_CPPFLAGS = -I. -I$(top_builddir) -I@PYINCLUDEDIR@
+PYINC ?= /usr/include/$(PYLIBVER)
+AM_CPPFLAGS = -I. -I$(top_builddir) -I$(PYINC)
+ LIBS = $(top_builddir)/src/libcap-ng.la
+ SWIG_FLAGS = -python
+ SWIG_INCLUDES = ${AM_CPPFLAGS}
+diff --git a/configure.ac b/configure.ac
+index 1d777d5..9d90f64 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -123,19 +123,8 @@ if test x$use_python = xno ; then
 else
 AC_MSG_RESULT(testing)
 AM_PATH_PYTHON
-if test -f /usr/include/python${am_cv_python_version}/Python.h ; then
+-PYINCLUDEDIR=`python${am_cv_python_version} -c "from distutils import sysconfig; print(sysconfig.get_config_var('INCLUDEPY'))"`
+-if test -f ${PYINCLUDEDIR}/Python.h ; then
 -       python_found="yes"
+-       AC_SUBST(PYINCLUDEDIR)
 -       AC_MSG_NOTICE(Python bindings will be built)
 -else
 -       python_found="no"
@@ -25,15 +53,6 @@ Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
 fi
 AM_CONDITIONAL(HAVE_PYTHON, test ${python_found} = "yes")
 
--- libcap-ng-0.6.5/bindings/python/Makefile.am.orig    2010-11-03 12:31:59.000000000 -0500
+-- 
-+++ libcap-ng-0.6.5/bindings/python/Makefile.am 2012-01-17 14:05:50.199834467 -0600
+1.8.4.2
-@@ -24,7 +24,8 @@
- CONFIG_CLEAN_FILES = *.loT *.rej *.orig
- AM_CFLAGS = -fPIC -DPIC
- PYLIBVER ?= python$(PYTHON_VERSION)
-INCLUDES = -I. -I$(top_builddir) -I/usr/include/$(PYLIBVER)
-+PYINC ?= /usr/include/$(PYLIBVER)
-+INCLUDES = -I. -I$(top_builddir) -I$(PYINC)
- LIBS = $(top_builddir)/src/libcap-ng.la
- pyexec_PYTHON = capng.py
- pyexec_LTLIBRARIES = _capng.la
diff --git a/recipes-security/libcap-ng/libcap-ng_0.7.3.bb b/recipes-security/libcap-ng/libcap-ng_0.7.7.bb
index e729518..5c5cd3d 100644
--- a/recipes-security/libcap-ng/libcap-ng_0.7.3.bb
+++ b/recipes-security/libcap-ng/libcap-ng_0.7.7.bb
@@ -9,16 +9,17 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
 SRC_URI = "http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${PV}.tar.gz \
           file://python.patch \
-           file://CVE-2014-3215.patch \
          "
 inherit lib_package autotools pythonnative
-SRC_URI[md5sum] = "610afb774f80a8032b711281df126283"
+SRC_URI[md5sum] = "3d7d126b29e2869a0257c17c8b0d9b2e"
-SRC_URI[sha256sum] = "5ca441c8d3a1e4cfe8a8151907977662679457311ccaa7eaac91447c33a35bb1"
+SRC_URI[sha256sum] = "615549ce39b333f6b78baee0c0b4ef18bc726c6bf1cca123dfd89dd963f6d06b"
 DEPENDS += "swig-native python"
+EXTRA_OECONF += "--without-python3"
 EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' PYINC='${STAGING_INCDIR}/${PYLIBVER}'"
 PACKAGES += "${PN}-python"
author	Wenzong Fan <wenzong.fan@windriver.com>	2015-08-14 02:38:17 -0400
committer	Joe MacDonald <joe_macdonald@mentor.com>	2015-08-14 12:38:41 -0400
commit	cd04049ee2710cdcfa1f738f3453b1622c895854 (patch)
tree	74e3cf23f7509b28964dde7f98056cc288937cb1
parent	61a2cc84afee1e7d144475781b3d887e42746822 (diff)
download	meta-selinux-cd04049ee2710cdcfa1f738f3453b1622c895854.tar.gz

diff --git a/recipes-security/libcap-ng/libcap-ng/CVE-2014-3215.patch b/recipes-security/libcap-ng/libcap-ng/CVE-2014-3215.patch deleted file mode 100644 index d7a868d..0000000 --- a/recipes-security/libcap-ng/libcap-ng/CVE-2014-3215.patch +++ /dev/null
@@ -1,79 +0,0 @@
1	Upstream-Status: Pending
2
3	diff --git a/docs/capng_lock.3 b/docs/capng_lock.3
4	index 7683119..a070c1e 100644
5	--- a/docs/capng_lock.3
6	+++ b/docs/capng_lock.3
7	@@ -8,12 +8,13 @@ int capng_lock(void);
8
9	.SH "DESCRIPTION"
10
11	-capng_lock will take steps to prevent children of the current process to regain full privileges if the uid is 0. This should be called while possessing the CAP_SETPCAP capability in the kernel. This function will do the following if permitted by the kernel: Set the NOROOT option on for PR_SET_SECUREBITS, set the NOROOT_LOCKED option to on for PR_SET_SECUREBITS, set the PR_NO_SETUID_FIXUP option on for PR_SET_SECUREBITS, and set the PR_NO_SETUID_FIXUP_LOCKED option on for PR_SET_SECUREBITS.
12	+capng_lock will take steps to prevent children of the current process from gaining privileges by executing setuid programs. This should be called while possessing the CAP_SETPCAP capability in the kernel.
13
14	+This function will do the following if permitted by the kernel: If the kernel supports PR_SET_NO_NEW_PRIVS, it will use it. Otherwise it will set the NOROOT option on for PR_SET_SECUREBITS, set the NOROOT_LOCKED option to on for PR_SET_SECUREBITS, set the PR_NO_SETUID_FIXUP option on for PR_SET_SECUREBITS, and set the PR_NO_SETUID_FIXUP_LOCKED option on for PR_SET_SECUREBITS. If both fail, it will return an error.
15
16	.SH "RETURN VALUE"
17
18	-This returns 0 on success and a negative number on failure. -1 means a failure setting any of the PR_SET_SECUREBITS options.
19	+This returns 0 on success and a negative number on failure. -1 means a failure to use PR_SET_NO_NEW_PRIVS and a failure setting any of the PR_SET_SECUREBITS options.
20
21	.SH "SEE ALSO"
22
23	diff --git a/src/cap-ng.c b/src/cap-ng.c
24	index bd105ba..422f2bc 100644
25	--- a/src/cap-ng.c
26	+++ b/src/cap-ng.c
27	@@ -45,6 +45,7 @@
28	* 2.6.24 kernel XATTR_NAME_CAPS
29	* 2.6.25 kernel PR_CAPBSET_DROP, CAPABILITY_VERSION_2
30	* 2.6.26 kernel PR_SET_SECUREBITS, SECURE_*_LOCKED, VERSION_3
31	+ * 3.5 kernel PR_SET_NO_NEW_PRIVS
32	*/
33
34	/* External syscall prototypes */
35	@@ -122,6 +123,14 @@ extern int capget(cap_user_header_t header, const cap_user_data_t data);
36	#define SECURE_NO_SETUID_FIXUP_LOCKED 3 /* make bit-2 immutable */
37	#endif
38
39	+/* prctl values that we use */
40	+#ifndef PR_SET_SECUREBITS
41	+#define PR_SET_SECUREBITS 28
42	+#endif
43	+#ifndef PR_SET_NO_NEW_PRIVS
44	+#define PR_SET_NO_NEW_PRIVS 38
45	+#endif
46	+
47	// States: new, allocated, initted, updated, applied
48	typedef enum { CAPNG_NEW, CAPNG_ERROR, CAPNG_ALLOCATED, CAPNG_INIT,
49	CAPNG_UPDATED, CAPNG_APPLIED } capng_states_t;
50	@@ -663,15 +672,22 @@ int capng_change_id(int uid, int gid, capng_flags_t flag)
51
52	int capng_lock(void)
53	{
54	-#ifdef PR_SET_SECUREBITS
55	- int rc = prctl(PR_SET_SECUREBITS,
56	- 1 << SECURE_NOROOT \|
57	- 1 << SECURE_NOROOT_LOCKED \|
58	- 1 << SECURE_NO_SETUID_FIXUP \|
59	- 1 << SECURE_NO_SETUID_FIXUP_LOCKED, 0, 0, 0);
60	+ int rc;
61	+
62	+ // On Linux 3.5 and up, we can directly prevent ourselves and
63	+ // our descendents from gaining privileges.
64	+ if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == 0)
65	+ return 0;
66	+
67	+ // This kernel is too old or otherwise doesn't support
68	+ // PR_SET_NO_NEW_PRIVS. Fall back to using securebits.
69	+ rc = prctl(PR_SET_SECUREBITS,
70	+ 1 << SECURE_NOROOT \|
71	+ 1 << SECURE_NOROOT_LOCKED \|
72	+ 1 << SECURE_NO_SETUID_FIXUP \|
73	+ 1 << SECURE_NO_SETUID_FIXUP_LOCKED, 0, 0, 0);
74	if (rc)
75	return -1;
76	-#endif
77
78	return 0;
79	}


diff --git a/recipes-security/libcap-ng/libcap-ng/python.patch b/recipes-security/libcap-ng/libcap-ng/python.patch index d82ceb4..59591eb 100644 --- a/recipes-security/libcap-ng/libcap-ng/python.patch +++ b/recipes-security/libcap-ng/libcap-ng/python.patch
@@ -1,16 +1,44 @@
1	configure.ac - Avoid an incorrect check for python.	1	From b01bb2694f66cd981e6d61523433dc3eb5ed32f2 Mon Sep 17 00:00:00 2001
2	Makefile.am - avoid hard coded host include paths.	2	From: Li xin <lixin.fnst@cn.fujitsu.com>
		3	Date: Sat, 18 Jul 2015 23:03:30 +0900
		4	Subject: [PATCH] configure.ac - Avoid an incorrect check for python.
		5	Makefile.am - avoid hard coded host include paths.
		6
		7	Upstream-Status: pending
3		8
4	Signed-off-by: Mark Hatle <mark.hatle@windriver.com>	9	Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
		10	Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
		11	---
		12	bindings/python/Makefile.am \| 3 ++-
		13	configure.ac \| 15 ++-------------
		14	2 files changed, 4 insertions(+), 14 deletions(-)
5		15
6	--- libcap-ng-0.6.5/configure.ac.orig 2012-01-17 13:59:03.645898989 -0600	16	diff --git a/bindings/python/Makefile.am b/bindings/python/Makefile.am
7	+++ libcap-ng-0.6.5/configure.ac 2012-01-17 13:59:46.353959252 -0600	17	index 82b9bb8..f9fe7a8 100644
8	@@ -120,17 +120,8 @@	18	--- a/bindings/python/Makefile.am
		19	+++ b/bindings/python/Makefile.am
		20	@@ -23,7 +23,8 @@ SUBDIRS = test
		21	CONFIG_CLEAN_FILES = .loT .rej *.orig
		22	AM_CFLAGS = -fPIC -DPIC
		23	PYLIBVER ?= python$(PYTHON_VERSION)
		24	-AM_CPPFLAGS = -I. -I$(top_builddir) -I@PYINCLUDEDIR@
		25	+PYINC ?= /usr/include/$(PYLIBVER)
		26	+AM_CPPFLAGS = -I. -I$(top_builddir) -I$(PYINC)
		27	LIBS = $(top_builddir)/src/libcap-ng.la
		28	SWIG_FLAGS = -python
		29	SWIG_INCLUDES = ${AM_CPPFLAGS}
		30	diff --git a/configure.ac b/configure.ac
		31	index 1d777d5..9d90f64 100644
		32	--- a/configure.ac
		33	+++ b/configure.ac
		34	@@ -123,19 +123,8 @@ if test x$use_python = xno ; then
9	else	35	else
10	AC_MSG_RESULT(testing)	36	AC_MSG_RESULT(testing)
11	AM_PATH_PYTHON	37	AM_PATH_PYTHON
12	-if test -f /usr/include/python${am_cv_python_version}/Python.h ; then	38	-PYINCLUDEDIR=`python${am_cv_python_version} -c "from distutils import sysconfig; print(sysconfig.get_config_var('INCLUDEPY'))"`
		39	-if test -f ${PYINCLUDEDIR}/Python.h ; then
13	- python_found="yes"	40	- python_found="yes"
		41	- AC_SUBST(PYINCLUDEDIR)
14	- AC_MSG_NOTICE(Python bindings will be built)	42	- AC_MSG_NOTICE(Python bindings will be built)
15	-else	43	-else
16	- python_found="no"	44	- python_found="no"
@@ -25,15 +53,6 @@ Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
25	fi	53	fi
26	AM_CONDITIONAL(HAVE_PYTHON, test ${python_found} = "yes")	54	AM_CONDITIONAL(HAVE_PYTHON, test ${python_found} = "yes")
27		55
28	--- libcap-ng-0.6.5/bindings/python/Makefile.am.orig 2010-11-03 12:31:59.000000000 -0500	56	--
29	+++ libcap-ng-0.6.5/bindings/python/Makefile.am 2012-01-17 14:05:50.199834467 -0600	57	1.8.4.2
30	@@ -24,7 +24,8 @@	58
31	CONFIG_CLEAN_FILES = .loT .rej *.orig
32	AM_CFLAGS = -fPIC -DPIC
33	PYLIBVER ?= python$(PYTHON_VERSION)
34	-INCLUDES = -I. -I$(top_builddir) -I/usr/include/$(PYLIBVER)
35	+PYINC ?= /usr/include/$(PYLIBVER)
36	+INCLUDES = -I. -I$(top_builddir) -I$(PYINC)
37	LIBS = $(top_builddir)/src/libcap-ng.la
38	pyexec_PYTHON = capng.py
39	pyexec_LTLIBRARIES = _capng.la


diff --git a/recipes-security/libcap-ng/libcap-ng_0.7.3.bb b/recipes-security/libcap-ng/libcap-ng_0.7.7.bb index e729518..5c5cd3d 100644 --- a/recipes-security/libcap-ng/libcap-ng_0.7.3.bb +++ b/recipes-security/libcap-ng/libcap-ng_0.7.7.bb
@@ -9,16 +9,17 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
9		9
10	SRC_URI = "http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${PV}.tar.gz \	10	SRC_URI = "http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${PV}.tar.gz \
11	file://python.patch \	11	file://python.patch \
12	file://CVE-2014-3215.patch \
13	"	12	"
14		13
15	inherit lib_package autotools pythonnative	14	inherit lib_package autotools pythonnative
16		15
17	SRC_URI[md5sum] = "610afb774f80a8032b711281df126283"	16	SRC_URI[md5sum] = "3d7d126b29e2869a0257c17c8b0d9b2e"
18	SRC_URI[sha256sum] = "5ca441c8d3a1e4cfe8a8151907977662679457311ccaa7eaac91447c33a35bb1"	17	SRC_URI[sha256sum] = "615549ce39b333f6b78baee0c0b4ef18bc726c6bf1cca123dfd89dd963f6d06b"
19		18
20	DEPENDS += "swig-native python"	19	DEPENDS += "swig-native python"
21		20
		21	EXTRA_OECONF += "--without-python3"
		22
22	EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' PYINC='${STAGING_INCDIR}/${PYLIBVER}'"	23	EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' PYINC='${STAGING_INCDIR}/${PYLIBVER}'"
23		24
24	PACKAGES += "${PN}-python"	25	PACKAGES += "${PN}-python"