python3: patch CVE-2025-8194

Pick commit from 3.12 branch mentioned in NVD report. https://nvd.nist.gov/vuln/detail/CVE-2025-8194 (From OE-Core rev: 34f1b4877a0601d2057453c159c76a54754f229a) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Peter Marko <peter.marko@siemens.com> 2025-08-09 22:37:21 +0200
committer: Steve Sakoman <steve@sakoman.com> 2025-08-20 07:37:19 -0700
commit: 6d83b872af7421e1e4f18c999f356855116dc238 (patch)
tree: 7e1d96591659e800508c185dbc19b4606d8fb883 /meta/recipes-devtools/python/python3_3.12.11.bb
parent: 0263c3dfa4fe1b26619f028a6a1c242e7e221dbf (diff)
download: poky-6d83b872af7421e1e4f18c999f356855116dc238.tar.gz
1 files changed, 5 insertions, 4 deletions
diff --git a/meta/recipes-devtools/python/python3_3.12.11.bb b/meta/recipes-devtools/python/python3_3.12.11.bb
index 84c4f74158..1c31077320 100644
--- a/meta/recipes-devtools/python/python3_3.12.11.bb
+++ b/meta/recipes-devtools/python/python3_3.12.11.bb
@@ -34,6 +34,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
           file://0001-test_deadlock-skip-problematic-test.patch \
           file://0001-test_active_children-skip-problematic-test.patch \
           file://0001-test_readline-skip-limited-history-test.patch \
+           file://CVE-2025-8194.patch \
           "
 SRC_URI:append:class-native = " \
@@ -184,14 +185,14 @@ do_install:append:class-native() {
        # when they're only used for python called with -O or -OO.
        #find ${D} -name *opt-*.pyc -delete
        # Remove all pyc files. There are a ton of them and it is probably faster to let
-        # python create the ones it wants at runtime rather than manage in the sstate 
+        # python create the ones it wants at runtime rather than manage in the sstate
        # tarballs and sysroot creation.
        find ${D} -name *.pyc -delete
        # Nothing should be looking into ${B} for python3-native
        sed -i -e 's:${B}:/build/path/unavailable/:g' \
                ${D}/${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_MAJMIN}${PYTHON_ABI}*/Makefile
-        
        # disable the lookup in user's site-packages globally
        sed -i 's#ENABLE_USER_SITE = None#ENABLE_USER_SITE = False#' ${D}${libdir}/python${PYTHON_MAJMIN}/site.py
@@ -226,7 +227,7 @@ do_install:append() {
        rm -f ${D}${libdir}/python${PYTHON_MAJMIN}/test/__pycache__/test_range.cpython*
        rm -f ${D}${libdir}/python${PYTHON_MAJMIN}/test/__pycache__/test_xml_etree.cpython*
-        # Similar to the above, we're getting reproducibility issues with 
+        # Similar to the above, we're getting reproducibility issues with
        # /usr/lib/python3.10/__pycache__/traceback.cpython-310.pyc
        # so remove it too
        rm -f ${D}${libdir}/python${PYTHON_MAJMIN}/__pycache__/traceback.cpython*
@@ -303,7 +304,7 @@ py_package_preprocess () {
        cd -
        mv ${PKGD}/${bindir}/python${PYTHON_MAJMIN}-config ${PKGD}/${bindir}/python${PYTHON_MAJMIN}-config-${MULTILIB_SUFFIX}
-        
        #Remove the unneeded copy of target sysconfig data
        rm -rf ${PKGD}/${libdir}/python-sysconfigdata
 }
author	Peter Marko <peter.marko@siemens.com>	2025-08-09 22:37:21 +0200
committer	Steve Sakoman <steve@sakoman.com>	2025-08-20 07:37:19 -0700
commit	6d83b872af7421e1e4f18c999f356855116dc238 (patch)
tree	7e1d96591659e800508c185dbc19b4606d8fb883 /meta/recipes-devtools/python/python3_3.12.11.bb
parent	0263c3dfa4fe1b26619f028a6a1c242e7e221dbf (diff)
download	poky-6d83b872af7421e1e4f18c999f356855116dc238.tar.gz