python3: Fix CVE-2024-7592

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. References: https://nvd.nist.gov/vuln/detail/CVE-2024-7592 Upstream-Patch: https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1 (From OE-Core rev: 3bb9684eef5227e7b1280ee9051884310b0d0b7f) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Soumya Sambu <soumya.sambu@windriver.com> 2024-09-03 12:50:34 +0000
committer: Steve Sakoman <steve@sakoman.com> 2024-09-09 06:08:10 -0700
commit: 9541ad965035b28697b8df400d7b9bddc4d2519a (patch)
tree: fc357bcda13bcc939c260c7ad7ed9f4c9c8a3655 /meta/recipes-devtools/python/python3_3.12.4.bb
parent: 67aa29393db111a67b64f3394a0c490c33946c02 (diff)
download: poky-9541ad965035b28697b8df400d7b9bddc4d2519a.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python3_3.12.4.bb b/meta/recipes-devtools/python/python3_3.12.4.bb
index e4c3fbb673..9199edce3d 100644
--- a/meta/recipes-devtools/python/python3_3.12.4.bb
+++ b/meta/recipes-devtools/python/python3_3.12.4.bb
@@ -34,6 +34,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
           file://0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch \
           file://0001-test_deadlock-skip-problematic-test.patch \
           file://0001-test_active_children-skip-problematic-test.patch \
+           file://CVE-2024-7592.patch \
           "
 SRC_URI:append:class-native = " \
author	Soumya Sambu <soumya.sambu@windriver.com>	2024-09-03 12:50:34 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-09-09 06:08:10 -0700
commit	9541ad965035b28697b8df400d7b9bddc4d2519a (patch)
tree	fc357bcda13bcc939c260c7ad7ed9f4c9c8a3655 /meta/recipes-devtools/python/python3_3.12.4.bb
parent	67aa29393db111a67b64f3394a0c490c33946c02 (diff)
download	poky-9541ad965035b28697b8df400d7b9bddc4d2519a.tar.gz

diff --git a/meta/recipes-devtools/python/python3_3.12.4.bb b/meta/recipes-devtools/python/python3_3.12.4.bb index e4c3fbb673..9199edce3d 100644 --- a/meta/recipes-devtools/python/python3_3.12.4.bb +++ b/meta/recipes-devtools/python/python3_3.12.4.bb
@@ -34,6 +34,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
34	file://0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch \	34	file://0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch \
35	file://0001-test_deadlock-skip-problematic-test.patch \	35	file://0001-test_deadlock-skip-problematic-test.patch \
36	file://0001-test_active_children-skip-problematic-test.patch \	36	file://0001-test_active_children-skip-problematic-test.patch \
		37	file://CVE-2024-7592.patch \
37	"	38	"
38		39
39	SRC_URI:append:class-native = " \	40	SRC_URI:append:class-native = " \