Message ID | 20240906132339.1721751-1-vanusuri@mvista.com |
---|---|
State | Under Review |
Delegated to: | Steve Sakoman |
Headers | show |
Series | [scarthgap] python3: upgrade 3.12.4 -> 3.12.5 | expand |
Unfortunately this results in failures in core-image-ptest-python3: https://errors.yoctoproject.org/Errors/Details/805686/ Steve On Fri, Sep 6, 2024 at 6:23 AM Vijay Anusuri via lists.openembedded.org <vanusuri=mvista.com@lists.openembedded.org> wrote: > > From: Vijay Anusuri <vanusuri@mvista.com> > > Changelog: https://docs.python.org/release/3.12.5/whatsnew/changelog.html > > Include security fix > CVE-2024-6923 > > Reference: > https://nvd.nist.gov/vuln/detail/CVE-2024-6923 > https://github.com/python/cpython/pull/122233 > > Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> > --- > .../python/{python3_3.12.4.bb => python3_3.12.5.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > rename meta/recipes-devtools/python/{python3_3.12.4.bb => python3_3.12.5.bb} (99%) > > diff --git a/meta/recipes-devtools/python/python3_3.12.4.bb b/meta/recipes-devtools/python/python3_3.12.5.bb > similarity index 99% > rename from meta/recipes-devtools/python/python3_3.12.4.bb > rename to meta/recipes-devtools/python/python3_3.12.5.bb > index 3ac83166ac..5c3b7a92f8 100644 > --- a/meta/recipes-devtools/python/python3_3.12.4.bb > +++ b/meta/recipes-devtools/python/python3_3.12.5.bb > @@ -42,7 +42,7 @@ SRC_URI:append:class-native = " \ > file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \ > " > > -SRC_URI[sha256sum] = "f6d419a6d8743ab26700801b4908d26d97e8b986e14f95de31b32de2b0e79554" > +SRC_URI[sha256sum] = "fa8a2e12c5e620b09f53e65bcd87550d2e5a1e2e04bf8ba991dcc55113876397" > > # exclude pre-releases for both python 2.x and 3.x > UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#204263): https://lists.openembedded.org/g/openembedded-core/message/204263 > Mute This Topic: https://lists.openembedded.org/mt/108303922/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Hi I suspect this patch needs to be backported at the same time (see link). It was added to master branch along with the upgrade. https://git.openembedded.org/openembedded-core/commit/?id=de569ddffd5ea36b70c56df21dec9c892e5dee7d
On Tue, Sep 17, 2024 at 9:34 AM Guðni Már Gilbert via lists.openembedded.org <gudni.m.g=gmail.com@lists.openembedded.org> wrote: > > Hi I suspect this patch needs to be backported at the same time (see link). It was added to master branch along with the upgrade. > > https://git.openembedded.org/openembedded-core/commit/?id=de569ddffd5ea36b70c56df21dec9c892e5dee7d Thanks! I see that Peter Marko sent a series with this included, so hopefully that will resolve the issue. Steve > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#204626): https://lists.openembedded.org/g/openembedded-core/message/204626 > Mute This Topic: https://lists.openembedded.org/mt/108303922/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-devtools/python/python3_3.12.4.bb b/meta/recipes-devtools/python/python3_3.12.5.bb similarity index 99% rename from meta/recipes-devtools/python/python3_3.12.4.bb rename to meta/recipes-devtools/python/python3_3.12.5.bb index 3ac83166ac..5c3b7a92f8 100644 --- a/meta/recipes-devtools/python/python3_3.12.4.bb +++ b/meta/recipes-devtools/python/python3_3.12.5.bb @@ -42,7 +42,7 @@ SRC_URI:append:class-native = " \ file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \ " -SRC_URI[sha256sum] = "f6d419a6d8743ab26700801b4908d26d97e8b986e14f95de31b32de2b0e79554" +SRC_URI[sha256sum] = "fa8a2e12c5e620b09f53e65bcd87550d2e5a1e2e04bf8ba991dcc55113876397" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"