Refresh patches.
* https://www.python.org/downloads/release/python-3134/
Security content in this release
* gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330]
[CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed
tarfile extraction filters (filter="data" and filter="tar") to be
bypassed using crafted symlinks and hard links.
* gh-133767: Fix use-after-free in the “unicode-escape” decoder with a
non-“strict” error handler.
* gh-128840: Short-circuit the processing of long IPv6 addresses early
in ipaddress to prevent excessive memory consumption and a minor
denial-of-service.
gh-133767 got meawhile CVE-2025-4516 assigned.
(From OE-Core rev: 55a9cd748531c75d46f5d6d53af692a38c6b6716)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
We use editline by default and test_write_read_append also fails especially on musl
since this needs to be fixed upstream, extend the skip for test_write_read_append along
with other history manipulation tests being skipped.
(From OE-Core rev: fbafd942e6c78d1298fa64129149ff311b61fcf8)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-update: copyright years
Update 0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
to only include tests that do not fail under qemu (following upstream
change that also no longer obscures failures).
Drop
0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
(backport)
0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
(fixed upstream)
0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
(code completely rewritten upstream)
cgi_py.patch
(cgi and cgitb modules removed upstream)
Add fix-armv5.patch
(address armv5 crashes)
Modules removed in 3.13 (look for 'important removals'):
https://docs.python.org/3/whatsnew/3.13.html
Manifest updated accordingly.
Add an explicit dependency on libatomic (needed on mips
and ppc), as upstream has explicitly switched it off
in cross builds. It's a no-op on other targets.
Fcntl relocated to python3-core by the manifest script.
(From OE-Core rev: 0b49c9aa31279ecda565cc66b63d1d61723b37b8)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Python 3.12.5 is failing a newer ptest for reading/writing limited
history when editline (default) is set in PACKAGECONFIG. Skip it for now
until a proper fix (if any) is determined.
A bug has been opened upstream: https://github.com/python/cpython/issues/123018
(From OE-Core rev: de569ddffd5ea36b70c56df21dec9c892e5dee7d)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
