python3-pycares: fix CVE-2025-48945

pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism. References: https://nvd.nist.gov/vuln/detail/CVE-2025-48945 Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Jiaying Song <jiaying.song.cn@windriver.com> 2025-07-03 13:28:24 +0800
committer: Armin Kuster <akuster808@gmail.com> 2025-07-06 19:23:22 -0400
commit: 32200384c737234abf5ef1bbd6825095298e589a (patch)
tree: a5c47b6b5acd1e002824d17ddccb16a28add75bb /meta-python/recipes-devtools/python/python3-pycares_4.6.0.bb
parent: 6b9b9658e67e14b20cee33572f5dac0ec02e5496 (diff)
download: meta-openembedded-32200384c737234abf5ef1bbd6825095298e589a.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-pycares_4.6.0.bb b/meta-python/recipes-devtools/python/python3-pycares_4.6.0.bb
index aa87112c88..90e52a4dec 100644
--- a/meta-python/recipes-devtools/python/python3-pycares_4.6.0.bb
+++ b/meta-python/recipes-devtools/python/python3-pycares_4.6.0.bb
@@ -6,6 +6,7 @@ HOMEPAGE = "https://github.com/saghul/pycares"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=b1538fcaea82ebf2313ed648b96c69b1"
+SRC_URI += "file://CVE-2025-48945.patch"
 SRC_URI[sha256sum] = "b8a004b18a7465ac9400216bc3fad9d9966007af1ee32f4412d2b3a94e33456e"
 PYPI_PACKAGE = "pycares"
author	Jiaying Song <jiaying.song.cn@windriver.com>	2025-07-03 13:28:24 +0800
committer	Armin Kuster <akuster808@gmail.com>	2025-07-06 19:23:22 -0400
commit	32200384c737234abf5ef1bbd6825095298e589a (patch)
tree	a5c47b6b5acd1e002824d17ddccb16a28add75bb /meta-python/recipes-devtools/python/python3-pycares_4.6.0.bb
parent	6b9b9658e67e14b20cee33572f5dac0ec02e5496 (diff)
download	meta-openembedded-32200384c737234abf5ef1bbd6825095298e589a.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-pycares_4.6.0.bb b/meta-python/recipes-devtools/python/python3-pycares_4.6.0.bb index aa87112c88..90e52a4dec 100644 --- a/meta-python/recipes-devtools/python/python3-pycares_4.6.0.bb +++ b/meta-python/recipes-devtools/python/python3-pycares_4.6.0.bb
@@ -6,6 +6,7 @@ HOMEPAGE = "https://github.com/saghul/pycares"
6	LICENSE = "MIT"	6	LICENSE = "MIT"
7	LIC_FILES_CHKSUM = "file://LICENSE;md5=b1538fcaea82ebf2313ed648b96c69b1"	7	LIC_FILES_CHKSUM = "file://LICENSE;md5=b1538fcaea82ebf2313ed648b96c69b1"
8		8
		9	SRC_URI += "file://CVE-2025-48945.patch"
9	SRC_URI[sha256sum] = "b8a004b18a7465ac9400216bc3fad9d9966007af1ee32f4412d2b3a94e33456e"	10	SRC_URI[sha256sum] = "b8a004b18a7465ac9400216bc3fad9d9966007af1ee32f4412d2b3a94e33456e"
10		11
11	PYPI_PACKAGE = "pycares"	12	PYPI_PACKAGE = "pycares"