python3: upgrade 3.10.9 -> 3.10.12

Security and bugfix updates. * Drop cve-2023-24329.patch as it is merged in 3.10.12 CVE: CVE-2023-24329 Includes openssl 1.1.1u which addresses: CVE: CVE-2023-0286 CVE: CVE-2022-4304 CVE: CVE-2022-4203 https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-12-final https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-11-final https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-10-final License-Update: Update Copyright years to include 2023 (From OE-Core rev: 4df594dbc1b391afbe703f663fb2d5c9e9d35078) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Tim Orling <ticotimo@gmail.com> 2023-07-23 17:06:40 -0500
committer: Steve Sakoman <steve@sakoman.com> 2023-08-02 04:47:13 -1000
commit: 7658d8f2c979a23278be653d87bfecedccd77577 (patch)
tree: d21533e04c262210f77b17bf256eca69ac29a05f /meta/recipes-devtools/python/python3/cve-2023-24329.patch
parent: f4c5d9a3a6ee2d974e55aec4b1602a368dbacf72 (diff)
download: poky-7658d8f2c979a23278be653d87bfecedccd77577.tar.gz
1 files changed, 0 insertions, 50 deletions
diff --git a/meta/recipes-devtools/python/python3/cve-2023-24329.patch b/meta/recipes-devtools/python/python3/cve-2023-24329.patch
deleted file mode 100644
index d47425d239..0000000000
--- a/meta/recipes-devtools/python/python3/cve-2023-24329.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9 Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-islington@users.noreply.github.com>
-Date: Sun, 13 Nov 2022 11:00:25 -0800
-Subject: [PATCH] gh-99418: Make urllib.parse.urlparse enforce that a scheme
- must begin with an alphabetical ASCII character. (GH-99421)
-Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character.
-RFC 3986 defines a scheme like this: `scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )`
-RFC 2234 defines an ALPHA like this: `ALPHA = %x41-5A / %x61-7A`
-The WHATWG URL spec defines a scheme like this:
-`"A URL-scheme string must be one ASCII alpha, followed by zero or more of ASCII alphanumeric, U+002B (+), U+002D (-), and U+002E (.)."`
-(cherry picked from commit 439b9cfaf43080e91c4ad69f312f21fa098befc7)
-Co-authored-by: Ben Kallus <49924171+kenballus@users.noreply.github.com>
--- end original header ---
-CVE: CVE-2023-24329
-Upstream-Status: Backport [see below]
-Taken from https://github.com/python/cpython.git
-commit 72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9
-CVE fix extracted; test case and update to NEWS abandoned.
-Defuzzed.
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
---
- Lib/urllib/parse.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
-index 26ddf30..1c53acb 100644
--- a/Lib/urllib/parse.py
-+++ b/Lib/urllib/parse.py
-@@ -469,7 +469,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
-         clear_cache()
-     netloc = query = fragment = ''
-     i = url.find(':')
-    if i > 0:
-+    if i > 0 and url[0].isascii() and url[0].isalpha():
-         for c in url[:i]:
-             if c not in scheme_chars:
-                 break
-- 
-2.25.1
author	Tim Orling <ticotimo@gmail.com>	2023-07-23 17:06:40 -0500
committer	Steve Sakoman <steve@sakoman.com>	2023-08-02 04:47:13 -1000
commit	7658d8f2c979a23278be653d87bfecedccd77577 (patch)
tree	d21533e04c262210f77b17bf256eca69ac29a05f /meta/recipes-devtools/python/python3/cve-2023-24329.patch
parent	f4c5d9a3a6ee2d974e55aec4b1602a368dbacf72 (diff)
download	poky-7658d8f2c979a23278be653d87bfecedccd77577.tar.gz

diff --git a/meta/recipes-devtools/python/python3/cve-2023-24329.patch b/meta/recipes-devtools/python/python3/cve-2023-24329.patch deleted file mode 100644 index d47425d239..0000000000 --- a/meta/recipes-devtools/python/python3/cve-2023-24329.patch +++ /dev/null
@@ -1,50 +0,0 @@
1	From 72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9 Mon Sep 17 00:00:00 2001
2	From: "Miss Islington (bot)"
3	<31488909+miss-islington@users.noreply.github.com>
4	Date: Sun, 13 Nov 2022 11:00:25 -0800
5	Subject: [PATCH] gh-99418: Make urllib.parse.urlparse enforce that a scheme
6	must begin with an alphabetical ASCII character. (GH-99421)
7
8	Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character.
9
10	RFC 3986 defines a scheme like this: `scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )`
11	RFC 2234 defines an ALPHA like this: `ALPHA = %x41-5A / %x61-7A`
12
13	The WHATWG URL spec defines a scheme like this:
14	`"A URL-scheme string must be one ASCII alpha, followed by zero or more of ASCII alphanumeric, U+002B (+), U+002D (-), and U+002E (.)."`
15	(cherry picked from commit 439b9cfaf43080e91c4ad69f312f21fa098befc7)
16
17	Co-authored-by: Ben Kallus <49924171+kenballus@users.noreply.github.com>
18	--- end original header ---
19
20	CVE: CVE-2023-24329
21
22	Upstream-Status: Backport [see below]
23
24	Taken from https://github.com/python/cpython.git
25	commit 72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9
26
27	CVE fix extracted; test case and update to NEWS abandoned.
28	Defuzzed.
29
30	Signed-off-by: Joe Slater <joe.slater@windriver.com>
31	---
32	Lib/urllib/parse.py \| 2 +-
33	1 file changed, 1 insertion(+), 1 deletion(-)
34
35	diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
36	index 26ddf30..1c53acb 100644
37	--- a/Lib/urllib/parse.py
38	+++ b/Lib/urllib/parse.py
39	@@ -469,7 +469,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
40	clear_cache()
41	netloc = query = fragment = ''
42	i = url.find(':')
43	- if i > 0:
44	+ if i > 0 and url[0].isascii() and url[0].isalpha():
45	for c in url[:i]:
46	if c not in scheme_chars:
47	break
48	--
49	2.25.1
50