[scarthgap] python3: upgrade 3.12.4 -> 3.12.5

From: Vijay Anusuri <vanusuri@mvista.com>

Changelog: https://docs.python.org/release/3.12.5/whatsnew/changelog.html

Include security fix
CVE-2024-6923

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-6923
https://github.com/python/cpython/pull/122233

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 .../python/{python3_3.12.4.bb => python3_3.12.5.bb}             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3_3.12.4.bb => python3_3.12.5.bb} (99%)

Unfortunately this results in failures in core-image-ptest-python3:

https://errors.yoctoproject.org/Errors/Details/805686/

Steve

On Fri, Sep 6, 2024 at 6:23 AM Vijay Anusuri via
lists.openembedded.org <vanusuri=mvista.com@lists.openembedded.org>
wrote:
>
> From: Vijay Anusuri <vanusuri@mvista.com>
>
> Changelog: https://docs.python.org/release/3.12.5/whatsnew/changelog.html
>
> Include security fix
> CVE-2024-6923
>
> Reference:
> https://nvd.nist.gov/vuln/detail/CVE-2024-6923
> https://github.com/python/cpython/pull/122233
>
> Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> ---
>  .../python/{python3_3.12.4.bb => python3_3.12.5.bb}             | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>  rename meta/recipes-devtools/python/{python3_3.12.4.bb => python3_3.12.5.bb} (99%)
>
> diff --git a/meta/recipes-devtools/python/python3_3.12.4.bb b/meta/recipes-devtools/python/python3_3.12.5.bb
> similarity index 99%
> rename from meta/recipes-devtools/python/python3_3.12.4.bb
> rename to meta/recipes-devtools/python/python3_3.12.5.bb
> index 3ac83166ac..5c3b7a92f8 100644
> --- a/meta/recipes-devtools/python/python3_3.12.4.bb
> +++ b/meta/recipes-devtools/python/python3_3.12.5.bb
> @@ -42,7 +42,7 @@ SRC_URI:append:class-native = " \
>             file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \
>             "
>
> -SRC_URI[sha256sum] = "f6d419a6d8743ab26700801b4908d26d97e8b986e14f95de31b32de2b0e79554"
> +SRC_URI[sha256sum] = "fa8a2e12c5e620b09f53e65bcd87550d2e5a1e2e04bf8ba991dcc55113876397"
>
>  # exclude pre-releases for both python 2.x and 3.x
>  UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#204263): https://lists.openembedded.org/g/openembedded-core/message/204263
> Mute This Topic: https://lists.openembedded.org/mt/108303922/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Hi I suspect this patch needs to be backported at the same time (see link). It was added to master branch along with the upgrade.

https://git.openembedded.org/openembedded-core/commit/?id=de569ddffd5ea36b70c56df21dec9c892e5dee7d

On Tue, Sep 17, 2024 at 9:34 AM Guðni Már Gilbert via
lists.openembedded.org <gudni.m.g=gmail.com@lists.openembedded.org>
wrote:
>
> Hi I suspect this patch needs to be backported at the same time (see link). It was added to master branch along with the upgrade.
>
> https://git.openembedded.org/openembedded-core/commit/?id=de569ddffd5ea36b70c56df21dec9c892e5dee7d

Thanks!  I see that Peter Marko sent a series with this included, so
hopefully that will resolve the issue.

Steve

> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#204626): https://lists.openembedded.org/g/openembedded-core/message/204626
> Mute This Topic: https://lists.openembedded.org/mt/108303922/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>