mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-27 20:13:41 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
703b6800895522a4bccc624c7f34ac08292ffd9a
poky/meta/recipes-devtools/python/python3
History
Sudhir Dumbhare 703b680089 python3: Fix CVE-2026-3644 and CVE-2026-0672 
Apply the upstream v3.13 fix [1], as referenced in [2], to address
CVE-2026-3644 by rejecting control characters in http.cookies.Morsel.update(),
the |= operator, and unpickling paths.

CVE-2026-3644 [2] revealed the CVE-2026-0672 fix was incomplete, as
Morsel.update(), |=, and unpickling could bypass input validation. The fix
also adds output validation to BaseCookie.js_output(), matching the
control-character safeguards already present in BaseCookie.output().

[1] d16ecc6c36
[2] https://security-tracker.debian.org/tracker/CVE-2026-3644

References:
https://security-tracker.debian.org/tracker/CVE-2026-3644
https://security-tracker.debian.org/tracker/CVE-2026-0672
https://nvd.nist.gov/vuln/detail/CVE-2026-3644
https://nvd.nist.gov/vuln/detail/CVE-2026-0672

(From OE-Core rev: ac763f139ba7f836d0fa9377295ef7d3b10f2238)

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
2026-06-26 16:55:53 +01:00
..
0001-Avoid-shebang-overflow-on-python-config.py.patch
python3: upgrade 3.12.9 -> 3.12.11
2025-06-13 08:58:01 -07:00
0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
python3: upgrade 3.12.11 -> 3.12.12
2025-10-24 06:23:40 -07:00
0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
python3: upgrade 3.12.9 -> 3.12.11
2025-06-13 08:58:01 -07:00
0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
python3: upgrade 3.12.8 -> 3.12.9
2025-02-14 06:38:54 -08:00
0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
python3: upgrade 3.12.9 -> 3.12.11
2025-06-13 08:58:01 -07:00
0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
python3: upgrade 3.12.9 -> 3.12.11
2025-06-13 08:58:01 -07:00
0001-sysconfig.py-use-platlibdir-also-for-purelib.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-test_active_children-skip-problematic-test.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-test_ctypes.test_find-skip-without-tools-sdk.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-test_deadlock-skip-problematic-test.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-test_locale.py-correct-the-test-output-format.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-test_readline-skip-limited-history-test.patch
python3: upgrade 3.12.8 -> 3.12.9
2025-02-14 06:38:54 -08:00
0001-test_shutdown-skip-problematic-test.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-test_storlines-skip-due-to-load-variability.patch
python3: upgrade 3.12.9 -> 3.12.11
2025-06-13 08:58:01 -07:00
0001-Update-test_sysconfig-for-posix_user-purelib.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
python3: upgrade 3.12.8 -> 3.12.9
2025-02-14 06:38:54 -08:00
cgi_py.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
check_build_completeness.py
python3: upgrade to 3.7.2
2019-02-08 10:57:19 +00:00
create_manifest3.py
python3: Improve logging, syntax and update deprecated modules to create_manifest
2021-04-18 11:37:26 +01:00
crosspythonpath.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
CVE-2026-1502.patch
python3: fix for CVE-2026-1502
2026-06-19 12:49:08 +01:00
CVE-2026-3644_CVE-2026-0672.patch
python3: Fix CVE-2026-3644 and CVE-2026-0672
2026-06-26 16:55:53 +01:00
CVE-2026-6100.patch
python3: fix CVE-2026-6100
2026-06-19 12:49:08 +01:00
deterministic_imports.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
get_module_deps3.py
python3: fix missing comma in get_module_deps3.py
2023-07-10 11:36:34 +01:00
makerace.patch
python3: upgrade 3.12.9 -> 3.12.11
2025-06-13 08:58:01 -07:00
python3-manifest.json
python3: add dependency on -compression to -core
2024-12-23 05:46:32 -08:00
reformat_sysconfig.py
python3: Fix sysroot reproducibility
2021-10-01 14:51:45 +01:00
run-ptest
python3: Fix ptests on musl
2023-09-04 20:14:14 +01:00