From 14d464c15094d1758dc14706646a8aa645a3bf34 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Tue, 24 Feb 2026 18:04:48 +0100 Subject: python3-nltk: upgrade 3.9.2 -> 3.9.3 Contains fix for CVE-2026-14009. Changelog: * Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader * Block path traversal/arbitrary reads in nltk.data for protocol-less refs * Block path traversal/abs paths in corpus readers and FS pointers * Validate external StanfordSegmenter JARs using SHA256 * Add optional sandbox enforcement for filestring() * Maintenance: downloader/zipped models, CI/tooling updates Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- .../python3-nltk/python3-nltk_3.9.3.bb | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 meta-python/recipes-devtools/python3-nltk/python3-nltk_3.9.3.bb (limited to 'meta-python/recipes-devtools/python3-nltk/python3-nltk_3.9.3.bb') diff --git a/meta-python/recipes-devtools/python3-nltk/python3-nltk_3.9.3.bb b/meta-python/recipes-devtools/python3-nltk/python3-nltk_3.9.3.bb new file mode 100644 index 0000000000..8953b75b28 --- /dev/null +++ b/meta-python/recipes-devtools/python3-nltk/python3-nltk_3.9.3.bb @@ -0,0 +1,26 @@ +SUMMARY = "Natural Language Toolkit" +DESCRIPTION = "NLTK is a leading platform for building Python programs to work \ + with human language data. It provides easy-to-use interfaces to \ + over 50 corpora and lexical resources such as WordNet" +HOMEPAGE = "https://www.nltk.org" +BUGTRACKER = "https://github.com/nltk/nltk/issues" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57" + +CVE_PRODUCT = "nltk" + +RDEPENDS:${PN} = "\ + python3-click \ + python3-joblib \ + python3-tqdm \ + python3-regex \ + python3-xmlschema \ +" + +RRECOMMENDS:${PN} = "\ + python3-numpy \ +" + +inherit setuptools3 pypi + +SRC_URI[sha256sum] = "cb5945d6424a98d694c2b9a0264519fab4363711065a46aa0ae7a2195b92e71f" -- cgit v1.2.3-54-g00ecf