summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/python/python3_3.12.4.bb
Commit message (Collapse)AuthorAgeFilesLines
* python3: upgrade 3.12.4 -> 3.12.5Trevor Gamblin2024-09-251-476/+0
| | | | | | | | | | | | | | Changelog: https://docs.python.org/release/3.12.5/whatsnew/changelog.html (From OE-Core rev: d9e2ebd6b24b802d1d4cd38b3b910e068c308809) (From OE-Core rev: ae0e8f6932359959535e901e64bdb47189de14cd) Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: Fix CVE-2024-8088Soumya Sambu2024-09-091-0/+1
| | | | | | | | | | | | | | | | | | | | | There is a HIGH severity vulnerability affecting the CPython "zipfile" module. When iterating over names of entries in a zip archive (for example, methodsof "zipfile.ZipFile" like "namelist()", "iterdir()", "extractall()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected. References: https://nvd.nist.gov/vuln/detail/CVE-2024-8088 Upstream-Patch: https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec (From OE-Core rev: 2d98276ba70ed6c44afecd42a7352f1b3030438f) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: Fix CVE-2024-7592Soumya Sambu2024-09-091-0/+1
| | | | | | | | | | | | | | | | | | | There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. References: https://nvd.nist.gov/vuln/detail/CVE-2024-7592 Upstream-Patch: https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1 (From OE-Core rev: 3bb9684eef5227e7b1280ee9051884310b0d0b7f) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: skip test_multiprocessing/test_active_children testTrevor Gamblin2024-08-011-0/+1
| | | | | | | | | | | This test is causing problems on the Autobuilder, so disable it for now. (From OE-Core rev: 9eafd0c56b279a7c3025b0dcd00745baead15bb6) Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ac000b00ec615b3e51dda8d819015d5e7110ed88) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: skip test_concurrent_futures/test_deadlockTrevor Gamblin2024-08-011-0/+1
| | | | | | | | | | | | These tests are causing hangs on the Autobuilder, so disable them for now. (From OE-Core rev: 141c348ce83552beae88e115d9c4db5802c6e0f4) Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 291f37808f1a2b2fdc8190696867f974994457c0) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: Treat UID/GID overflow as failureKhem Raj2024-08-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | | This fixes ptest failures on 32bit architectures AssertionError: Failed ptests: {'python3': ['test_extractall_none_gid', 'test_extractall_none_gname', 'test_extractall_none_mode', 'test_extractall_none_mtime', 'test_extractall_none_uid', 'test_extractall_none_uname', 'setUpClass', 'python3']} (From OE-Core rev: 371124fa4bf1a255a4fc646b028398db8c9f3681) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 43104b547cb79693c83df0882773ae8dd74b1d35) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: upgrade 3.12.3 -> 3.12.4Trevor Gamblin2024-07-031-0/+471
This release contains numerous security updates and fixes to regressions. Changelog: https://docs.python.org/release/3.12.4/whatsnew/changelog.html#python-3-12-4-final Results of ptests in core-image-ptest-python3 (qemux86-64): == Tests result: SUCCESS == 26 tests skipped: test.test_asyncio.test_windows_events test.test_asyncio.test_windows_utils test.test_gdb.test_backtrace test.test_gdb.test_cfunction test.test_gdb.test_cfunction_full test.test_gdb.test_misc test.test_gdb.test_pretty_print test_asdl_parser test_clinic test_devpoll test_idle test_ioctl test_kqueue test_launcher test_msilib test_startfile test_tcl test_tix test_tkinter test_ttk test_ttk_textonly test_turtle test_winapi test_winconsoleio test_winreg test_wmi 9 tests skipped (resource denied): test_curses test_ossaudiodev test_smtpnet test_socketserver test_urllib2net test_urllibnet test_winsound test_xmlrpc_net test_zipfile64 454 tests OK. Total duration: 2 min 45 sec Total tests: run=41,470 skipped=1,548 Total test files: run=480/489 skipped=26 resource_denied=9 Result: SUCCESS DURATION: 165 END: /usr/lib/python3/ptest 2024-06-10T17:03 STOP: ptest-runner TOTAL: 1 FAIL: 0 (From OE-Core rev: 621b0298e1829a86002ebb57d99850907e775b43) Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 012aeee398af4d4cce4012f71007cfb31266dd6c) Signed-off-by: Steve Sakoman <steve@sakoman.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-05-27 05:25:05 +0000