mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-30 00:20:08 +00:00
Code Issues Projects Releases Wiki Activity

python3: patch CVE-2025-8194

Browse Source 
Pick commit from 3.12 branch mentioned in NVD report.
https://nvd.nist.gov/vuln/detail/CVE-2025-8194

(From OE-Core rev: 34f1b4877a0601d2057453c159c76a54754f229a)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Peter Marko
2025-08-09 22:37:21 +02:00
committed by Steve Sakoman
parent 0263c3dfa4
commit 6d83b872af
2 changed files with 224 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-devtools/python/python3_3.12.11.bb
+5 -4
View File
@@ -34,6 +34,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://0001-test_deadlock-skip-problematic-test.patch \
file://0001-test_active_children-skip-problematic-test.patch \
file://0001-test_readline-skip-limited-history-test.patch \
file://CVE-2025-8194.patch \
"
SRC_URI:append:class-native = " \
@@ -184,14 +185,14 @@ do_install:append:class-native() {
# when they're only used for python called with -O or -OO.
#find ${D} -name *opt-*.pyc -delete
# Remove all pyc files. There are a ton of them and it is probably faster to let
# python create the ones it wants at runtime rather than manage in the sstate
# python create the ones it wants at runtime rather than manage in the sstate
# tarballs and sysroot creation.
find ${D} -name *.pyc -delete
# Nothing should be looking into ${B} for python3-native
sed -i -e 's:${B}:/build/path/unavailable/:g' \
${D}/${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_MAJMIN}${PYTHON_ABI}*/Makefile
# disable the lookup in user's site-packages globally
sed -i 's#ENABLE_USER_SITE = None#ENABLE_USER_SITE = False#' ${D}${libdir}/python${PYTHON_MAJMIN}/site.py
@@ -226,7 +227,7 @@ do_install:append() {
rm -f ${D}${libdir}/python${PYTHON_MAJMIN}/test/__pycache__/test_range.cpython*
rm -f ${D}${libdir}/python${PYTHON_MAJMIN}/test/__pycache__/test_xml_etree.cpython*
# Similar to the above, we're getting reproducibility issues with
# Similar to the above, we're getting reproducibility issues with
# /usr/lib/python3.10/__pycache__/traceback.cpython-310.pyc
# so remove it too
rm -f ${D}${libdir}/python${PYTHON_MAJMIN}/__pycache__/traceback.cpython*
@@ -303,7 +304,7 @@ py_package_preprocess () {
cd -
mv ${PKGD}/${bindir}/python${PYTHON_MAJMIN}-config ${PKGD}/${bindir}/python${PYTHON_MAJMIN}-config-${MULTILIB_SUFFIX}
#Remove the unneeded copy of target sysconfig data
rm -rf ${PKGD}/${libdir}/python-sysconfigdata
}