mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-27 20:13:41 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
7731db5592e3421d3391ded103401dfb1bec43e5
poky/meta/recipes-devtools/python/python3
History
Sudhir Dumbhare 7731db5592 python3: Fix CVE-2026-6019 
This patch applies the upstream fix [1] and follow-up fix [2], as
referenced in [3] and [4], to address an http.cookies.Morsel.js_output()
flaw where inline JavaScript output escaped quotes but did not neutralize
the HTML parser-sensitive </script> sequence.

[1] 3c59b8b53f
[2] e7d4c3ff42
[3] https://github.com/python/cpython/issues/149144
[4] https://security-tracker.debian.org/tracker/CVE-2026-6019

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-6019

(From OE-Core rev: e17af14ae72e21f7f63407ba5c88da160c73bea9)

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
2026-06-26 16:55:53 +01:00
..
0001-Avoid-shebang-overflow-on-python-config.py.patch
python3: upgrade 3.12.9 -> 3.12.11
2025-06-13 08:58:01 -07:00
0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch
python3: upgrade 3.12.11 -> 3.12.12
2025-10-24 06:23:40 -07:00
0001-Lib-pty.py-handle-stdin-I-O-errors-same-way-as-maste.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch
python3: upgrade 3.12.9 -> 3.12.11
2025-06-13 08:58:01 -07:00
0001-Makefile.pre-use-qemu-wrapper-when-gathering-profile.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
python3: upgrade 3.12.8 -> 3.12.9
2025-02-14 06:38:54 -08:00
0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
python3: upgrade 3.12.9 -> 3.12.11
2025-06-13 08:58:01 -07:00
0001-skip-no_stdout_fileno-test-due-to-load-variability.patch
python3: upgrade 3.12.9 -> 3.12.11
2025-06-13 08:58:01 -07:00
0001-sysconfig.py-use-platlibdir-also-for-purelib.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-test_active_children-skip-problematic-test.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-test_ctypes.test_find-skip-without-tools-sdk.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-test_deadlock-skip-problematic-test.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-test_locale.py-correct-the-test-output-format.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-test_readline-skip-limited-history-test.patch
python3: upgrade 3.12.8 -> 3.12.9
2025-02-14 06:38:54 -08:00
0001-test_shutdown-skip-problematic-test.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0001-test_storlines-skip-due-to-load-variability.patch
python3: upgrade 3.12.9 -> 3.12.11
2025-06-13 08:58:01 -07:00
0001-Update-test_sysconfig-for-posix_user-purelib.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
python3: upgrade 3.12.8 -> 3.12.9
2025-02-14 06:38:54 -08:00
cgi_py.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
check_build_completeness.py
python3: upgrade to 3.7.2
2019-02-08 10:57:19 +00:00
create_manifest3.py
python3: Improve logging, syntax and update deprecated modules to create_manifest
2021-04-18 11:37:26 +01:00
crosspythonpath.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
CVE-2026-1502.patch
python3: fix for CVE-2026-1502
2026-06-19 12:49:08 +01:00
CVE-2026-3644_CVE-2026-0672.patch
python3: Fix CVE-2026-3644 and CVE-2026-0672
2026-06-26 16:55:53 +01:00
CVE-2026-4519_CVE-2026-4786.patch
python3: Fix CVE-2026-4519 and CVE-2026-4786
2026-06-26 16:55:53 +01:00
CVE-2026-4519_p1.patch
python3: Fix CVE-2026-4519 and CVE-2026-4786
2026-06-26 16:55:53 +01:00
CVE-2026-4519_p2.patch
python3: Fix CVE-2026-4519 and CVE-2026-4786
2026-06-26 16:55:53 +01:00
CVE-2026-6019_p1.patch
python3: Fix CVE-2026-6019
2026-06-26 16:55:53 +01:00
CVE-2026-6019_p2.patch
python3: Fix CVE-2026-6019
2026-06-26 16:55:53 +01:00
CVE-2026-6100.patch
python3: fix CVE-2026-6100
2026-06-19 12:49:08 +01:00
deterministic_imports.patch
python3: upgrade 3.12.7 -> 3.12.8
2025-01-09 06:25:36 -08:00
get_module_deps3.py
python3: fix missing comma in get_module_deps3.py
2023-07-10 11:36:34 +01:00
makerace.patch
python3: upgrade 3.12.9 -> 3.12.11
2025-06-13 08:58:01 -07:00
python3-manifest.json
python3: add dependency on -compression to -core
2024-12-23 05:46:32 -08:00
reformat_sysconfig.py
python3: Fix sysroot reproducibility
2021-10-01 14:51:45 +01:00
run-ptest
python3: Fix ptests on musl
2023-09-04 20:14:14 +01:00