Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=scarthgap 2024-09-25T12:07:47+00:00 2024-09-25T12:07:47+00:00 Trevor Gamblin tgamblin@baylibre.com 2024-09-17T21:34:22+00:00 urn:sha1:a8086d489e076eb145832d7c59bba616dac51481 Changelog: https://docs.python.org/release/3.12.5/whatsnew/changelog.html (From OE-Core rev: d9e2ebd6b24b802d1d4cd38b3b910e068c308809) (From OE-Core rev: ae0e8f6932359959535e901e64bdb47189de14cd) Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-09-09T13:08:10+00:00 Soumya Sambu soumya.sambu@windriver.com 2024-09-03T12:50:49+00:00 urn:sha1:31ea437bf7785201dd4fb04622ec97feba110c93 There is a HIGH severity vulnerability affecting the CPython "zipfile" module. When iterating over names of entries in a zip archive (for example, methodsof "zipfile.ZipFile" like "namelist()", "iterdir()", "extractall()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected. References: https://nvd.nist.gov/vuln/detail/CVE-2024-8088 Upstream-Patch: https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec (From OE-Core rev: 2d98276ba70ed6c44afecd42a7352f1b3030438f) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-09-09T13:08:10+00:00 Soumya Sambu soumya.sambu@windriver.com 2024-09-03T12:50:34+00:00 urn:sha1:9541ad965035b28697b8df400d7b9bddc4d2519a There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. References: https://nvd.nist.gov/vuln/detail/CVE-2024-7592 Upstream-Patch: https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1 (From OE-Core rev: 3bb9684eef5227e7b1280ee9051884310b0d0b7f) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-08-01T13:08:09+00:00 Trevor Gamblin tgamblin@baylibre.com 2024-06-13T15:37:21+00:00 urn:sha1:754724ec73c0e387636dfb33fca94437c83338f3 This test is causing problems on the Autobuilder, so disable it for now. (From OE-Core rev: 9eafd0c56b279a7c3025b0dcd00745baead15bb6) Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ac000b00ec615b3e51dda8d819015d5e7110ed88) Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-08-01T13:08:09+00:00 Trevor Gamblin tgamblin@baylibre.com 2024-06-12T15:05:28+00:00 urn:sha1:a28f4c97b3548786a5b1d6a191f8330fbbaf67b1 These tests are causing hangs on the Autobuilder, so disable them for now. (From OE-Core rev: 141c348ce83552beae88e115d9c4db5802c6e0f4) Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 291f37808f1a2b2fdc8190696867f974994457c0) Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-08-01T13:08:09+00:00 Khem Raj raj.khem@gmail.com 2024-05-09T01:30:46+00:00 urn:sha1:8a203e0f2ad75198afd5227edc28bd2551359aca This fixes ptest failures on 32bit architectures AssertionError: Failed ptests: {'python3': ['test_extractall_none_gid', 'test_extractall_none_gname', 'test_extractall_none_mode', 'test_extractall_none_mtime', 'test_extractall_none_uid', 'test_extractall_none_uname', 'setUpClass', 'python3']} (From OE-Core rev: 371124fa4bf1a255a4fc646b028398db8c9f3681) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 43104b547cb79693c83df0882773ae8dd74b1d35) Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-07-03T13:28:34+00:00 Trevor Gamblin tgamblin@baylibre.com 2024-06-10T17:12:21+00:00 urn:sha1:5da7e1b38a54b75d6b4c5109ffe881a72d12120b This release contains numerous security updates and fixes to regressions. Changelog: https://docs.python.org/release/3.12.4/whatsnew/changelog.html#python-3-12-4-final Results of ptests in core-image-ptest-python3 (qemux86-64): == Tests result: SUCCESS == 26 tests skipped: test.test_asyncio.test_windows_events test.test_asyncio.test_windows_utils test.test_gdb.test_backtrace test.test_gdb.test_cfunction test.test_gdb.test_cfunction_full test.test_gdb.test_misc test.test_gdb.test_pretty_print test_asdl_parser test_clinic test_devpoll test_idle test_ioctl test_kqueue test_launcher test_msilib test_startfile test_tcl test_tix test_tkinter test_ttk test_ttk_textonly test_turtle test_winapi test_winconsoleio test_winreg test_wmi 9 tests skipped (resource denied): test_curses test_ossaudiodev test_smtpnet test_socketserver test_urllib2net test_urllibnet test_winsound test_xmlrpc_net test_zipfile64 454 tests OK. Total duration: 2 min 45 sec Total tests: run=41,470 skipped=1,548 Total test files: run=480/489 skipped=26 resource_denied=9 Result: SUCCESS DURATION: 165 END: /usr/lib/python3/ptest 2024-06-10T17:03 STOP: ptest-runner TOTAL: 1 FAIL: 0 (From OE-Core rev: 621b0298e1829a86002ebb57d99850907e775b43) Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 012aeee398af4d4cce4012f71007cfb31266dd6c) Signed-off-by: Steve Sakoman <steve@sakoman.com>