python3-cryptography: Fix CVE-2026-26007

CVE-2026-26007 is fixed upstream in version 46.0.5. Our current version (42.0.5, scarthgap) is still reported as vulnerable by NVD. Backport the upstream fix to address this CVE. Upstream commit: 0eebb9dbb6 CVE report: https://nvd.nist.gov/vuln/detail/CVE-2026-26007 (From OE-Core rev: a363958725430237160b0a83a6a6acbe8380fba3) Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
2026-04-15 12:32:13 +02:00 · 2026-03-30 17:17:19 +09:00
parent 5c365149ac
commit 7421603502
2 changed files with 150 additions and 0 deletions
--- a/meta/recipes-devtools/python/python3-cryptography_42.0.5.bb
+++ b/meta/recipes-devtools/python/python3-cryptography_42.0.5.bb
@@ -11,6 +11,7 @@ LDSHARED += "-pthread"
 SRC_URI[sha256sum] = "6fe07eec95dfd477eb9530aef5bead34fec819b3aaf6c5bd6d20565da607bfe1"

 SRC_URI += "file://0001-pyproject.toml-remove-benchmark-disable-option.patch \
+            file://CVE-2026-26007.patch \
            file://check-memfree.py \
            file://run-ptest \
           "