mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-30 21:38:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
31ea437bf7785201dd4fb04622ec97feba110c93
poky/meta/recipes-devtools/python/python3
History
Soumya Sambu 31ea437bf7 python3: Fix CVE-2024-8088 
There is a HIGH severity vulnerability affecting the CPython "zipfile"
module. When iterating over names of entries in a zip archive (for example,
methodsof "zipfile.ZipFile" like "namelist()", "iterdir()", "extractall()",
etc) the process can be put into an infinite loop with a maliciously crafted
zip archive. This defect applies when reading only metadata or extracting
the contents of the zip archive. Programs that are not handling
user-controlled zip archives are not affected.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-8088

Upstream-Patch:
7ae310c56a

(From OE-Core rev: 2d98276ba70ed6c44afecd42a7352f1b3030438f)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-09-09 06:08:10 -07:00
..
0001-Avoid-shebang-overflow-on-python-config.py.patch
python3: upgrade 3.12.1 -> 3.12.2
2024-03-01 09:28:52 +00:00
0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
python3: Treat UID/GID overflow as failure
2024-08-01 06:08:09 -07:00
0001-gh-114492-Initialize-struct-termios-before-calling-t.patch
python3: upgrade 3.12.1 -> 3.12.2
2024-03-01 09:28:52 +00:00
0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
python: update 3.11.5 -> 3.12.1
2024-01-19 12:21:22 +00:00
0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
python: update 3.11.5 -> 3.12.1
2024-01-19 12:21:22 +00:00
0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
python3: upgrade 3.12.1 -> 3.12.2
2024-03-01 09:28:52 +00:00
0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
python3: upgrade 3.12.1 -> 3.12.2
2024-03-01 09:28:52 +00:00
0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
python3: upgrade 3.12.1 -> 3.12.2
2024-03-01 09:28:52 +00:00
0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
python3: upgrade 3.12.1 -> 3.12.2
2024-03-01 09:28:52 +00:00
0001-sysconfig.py-use-platlibdir-also-for-purelib.patch
python: update 3.11.5 -> 3.12.1
2024-01-19 12:21:22 +00:00
0001-test_active_children-skip-problematic-test.patch
python3: skip test_multiprocessing/test_active_children test
2024-08-01 06:08:09 -07:00
0001-test_ctypes.test_find-skip-without-tools-sdk.patch
python: update 3.11.5 -> 3.12.1
2024-01-19 12:21:22 +00:00
0001-test_deadlock-skip-problematic-test.patch
python3: skip test_concurrent_futures/test_deadlock
2024-08-01 06:08:09 -07:00
0001-test_locale.py-correct-the-test-output-format.patch
python: update 3.11.5 -> 3.12.1
2024-01-19 12:21:22 +00:00
0001-test_shutdown-skip-problematic-test.patch
python3: skip test_concurrent_futures/test_shutdown
2024-05-09 04:45:06 -07:00
0001-test_storlines-skip-due-to-load-variability.patch
python: update 3.11.5 -> 3.12.1
2024-01-19 12:21:22 +00:00
0001-Update-test_sysconfig-for-posix_user-purelib.patch
python: update 3.11.5 -> 3.12.1
2024-01-19 12:21:22 +00:00
0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
python3: upgrade 3.12.1 -> 3.12.2
2024-03-01 09:28:52 +00:00
cgi_py.patch
python: update 3.11.5 -> 3.12.1
2024-01-19 12:21:22 +00:00
check_build_completeness.py
python3: upgrade to 3.7.2
2019-02-08 10:57:19 +00:00
create_manifest3.py
python3: Improve logging, syntax and update deprecated modules to create_manifest
2021-04-18 11:37:26 +01:00
crosspythonpath.patch
python: update 3.11.5 -> 3.12.1
2024-01-19 12:21:22 +00:00
CVE-2024-7592.patch
python3: Fix CVE-2024-7592
2024-09-09 06:08:10 -07:00
CVE-2024-8088.patch
python3: Fix CVE-2024-8088
2024-09-09 06:08:10 -07:00
deterministic_imports.patch
python3: submit deterministic_imports.patch upstream as a ticket
2024-08-01 06:08:09 -07:00
get_module_deps3.py
python3: fix missing comma in get_module_deps3.py
2023-07-10 11:36:34 +01:00
makerace.patch
python3: upgrade 3.12.1 -> 3.12.2
2024-03-01 09:28:52 +00:00
python3-manifest.json
python3-manifest: Sync RDEPENDS with latest version
2024-03-22 16:25:08 +00:00
reformat_sysconfig.py
python3: Fix sysroot reproducibility
2021-10-01 14:51:45 +01:00
run-ptest
python3: Fix ptests on musl
2023-09-04 20:14:14 +01:00