python3-pip: Fix CVE-2026-1703

Pick patch according to [1] [1] https://security-tracker.debian.org/tracker/CVE-2026-1703 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-1703 [3] https://github.com/pypa/pip/pull/13777 (From OE-Core rev: 29c72a4729a42f75af47b6a7e04c9d52155e3c1f) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
2026-03-28 10:02:21 +01:00 · 2026-03-11 12:05:13 +05:30
parent 195c9264bb
commit 49bfa3f8e0
2 changed files with 40 additions and 1 deletions
--- a/meta/recipes-devtools/python/python3-pip_24.0.bb
+++ b/meta/recipes-devtools/python/python3-pip_24.0.bb
@@ -31,7 +31,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=63ec52baf95163b597008bb46db68030 \

 inherit pypi python_setuptools_build_meta

-SRC_URI += "file://no_shebang_mangling.patch"
+SRC_URI += "file://no_shebang_mangling.patch \
+            file://CVE-2026-1703.patch \
+           "

 SRC_URI[sha256sum] = "ea9bd1a847e8c5774a5777bb398c19e80bcd4e2aa16a4b301b718fe6f593aba2"