linux/poky.git/meta/recipes-devtools/python/python3, branch scarthgapMirror of git.yoctoproject.org/pokyhttps://git.enea.com/cgit/linux/poky.git/atom?h=scarthgap2026-05-04T12:57:31+00:00python3: upgrade 3.12.12 -> 3.12.132026-05-04T12:57:31+00:00Vijay Anusurivanusuri@mvista.com2026-04-04T15:52:31+00:00urn:sha1:2820a673f1a39b95dc187aa32155c7ff6d80ca15
Drop upstreamed patches.
Release information:
* https://www.python.org/downloads/release/python-31213/
* The release you're looking at is Python 3.12.13, a security bugfix
release for the legacy 3.12 series.
Handles CVE-2024-6923 CVE-2025-12084 CVE-2025-13836 CVE-2025-13837
CVE-2025-15282 CVE-2025-59375 CVE-2026-0865 CVE-2026-24515 CVE-2026-25210
(From OE-Core rev: 8b0c626633a1e443cfb6e5f73c6120bff5f6a5ef)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
[YC: Full changelog: https://docs.python.org/release/3.12.13/whatsnew/changelog.html#python-3-12-13]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
python3: patch CVE-2025-138372026-02-16T09:52:35+00:00Peter Markopeter.marko@siemens.com2026-01-18T21:17:49+00:00urn:sha1:534b2c966a7f9f326beecd0756cf0daccb49add9
Pick patch from 3.12 branch per NVD report.
(From OE-Core rev: 37936e0e93ab5c236d8cc8e709ba1faf8380577c)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
python3: patch CVE-2025-138362026-01-26T09:45:38+00:00Peter Markopeter.marko@siemens.com2026-01-19T16:33:11+00:00urn:sha1:2104407814ab7d80bd29ab5421dd04a858edd3c4
Pick commit from branch 3.12 mentioned in [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-13836
(From OE-Core rev: 05aa143fb5f63de0f53e916daa3392917da46131)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
python3: patch CVE-2025-120842026-01-26T09:45:38+00:00Peter Markopeter.marko@siemens.com2025-12-30T15:35:08+00:00urn:sha1:5ae239f8eabf239703297885d06e88da9c075102
Pick patch from 3.12 branch according to [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-12084
(From OE-Core rev: c3ed0dfa3a7b8716008968b0d7f80885b2f61a84)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
python3: fix CVE-2025-60752025-12-05T15:13:42+00:00Praveen Kumarpraveen.kumar@windriver.com2025-11-21T11:27:23+00:00urn:sha1:792947d444022e6bf175c4839af6ed2ad8399456
If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment variables.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-6075
Upstream-patch:
https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742
(From OE-Core rev: 5313fa5236cd3943f90804de2af81358971894bc)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3: upgrade 3.12.11 -> 3.12.122025-10-24T13:23:40+00:00Peter Markopeter.marko@siemens.com2025-10-16T16:11:53+00:00urn:sha1:2e5bb26c2c0b5956a7208867823dd703c382328a
Drop upstreamed patch and refresh remaining patches.
Release information:
* https://www.python.org/downloads/release/python-31212/
* The release you're looking at is Python 3.12.12, a security bugfix
release for the legacy 3.12 series.
Handles CVE-2025-59375.
(From OE-Core rev: f1234b8451ba843b5f9ec1d2066c21f54d6bc3b8)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3: patch CVE-2025-81942025-08-20T14:37:19+00:00Peter Markopeter.marko@siemens.com2025-08-09T20:37:21+00:00urn:sha1:6d83b872af7421e1e4f18c999f356855116dc238
Pick commit from 3.12 branch mentioned in NVD report.
https://nvd.nist.gov/vuln/detail/CVE-2025-8194
(From OE-Core rev: 34f1b4877a0601d2057453c159c76a54754f229a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3: upgrade 3.12.9 -> 3.12.112025-06-13T15:58:01+00:00Peter Markopeter.marko@siemens.com2025-06-08T21:43:27+00:00urn:sha1:c4f82e3fd561ac83c8c836e43d701cff36ca2f42
Drop upstreamed patch and refresh remaining patches.
* https://www.python.org/downloads/release/python-31210/
Python 3.12.10 is the latest maintenance release of Python 3.12, and
the last full maintenance release. Subsequent releases of 3.12 will be
security-fixes only.
* https://www.python.org/downloads/release/python-31211/
Security content in this release
* gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330]
[CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed
tarfile extraction filters (filter="data" and filter="tar") to be
bypassed using crafted symlinks and hard links.
* gh-133767: Fix use-after-free in the “unicode-escape” decoder with a
non-“strict” error handler.
* gh-128840: Short-circuit the processing of long IPv6 addresses early
in ipaddress to prevent excessive memory consumption and a minor
denial-of-service.
gh-133767 got meawhile CVE-2025-4516 assigned.
(From OE-Core rev: 6cca08b2857efd5481e837ecd6bb295cb8a99ee1)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3: upgrade 3.12.8 -> 3.12.92025-02-14T14:38:54+00:00Peter Markopeter.marko@siemens.com2025-02-08T23:23:19+00:00urn:sha1:c9c335583601f5fc08c1dee355fcc19f35cdc76a
Release notes:
https://docs.python.org/release/3.12.9/whatsnew/changelog.html#python-3-12-9
Solves CVE-2025-0938, CVE-2024-12254 and 3 other vulnerabilities without
CVE number assigment.
Add a patch to fix failure of a new test.
(From OE-Core rev: 685b2719ae9b44c238e63942efabe52e5df7d640)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3: upgrade 3.12.7 -> 3.12.82025-01-09T14:25:36+00:00Guðni Már Gilbertgudni.m.g@gmail.com2024-12-28T18:19:11+00:00urn:sha1:321943e627877aabfd1f71599b7619e8bf2e624b
Changelog:
https://docs.python.org/release/3.12.8/whatsnew/changelog.html#python-3-12-8
(From OE-Core rev: db5081254adacf6c87269fd43af7199267ad535c)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>