[08/19] python3-cryptography{-vectors}: 46.0.4 -> 46.0.5

Message ID	20260303065640.2541884-8-hongxu.jia@windriver.com
State	Under Review
Headers	show Return-Path: <hongxu.jia@windriver.com> ip: 205.220.178.238, mailfrom: prvs=75229269e5=hongxu.jia@windriver.com) From: Hongxu Jia <hongxu.jia@windriver.com> To: <openembedded-core@lists.openembedded.org> Subject: [PATCH 08/19] python3-cryptography{-vectors}: 46.0.4 -> 46.0.5 Date: Tue, 3 Mar 2026 14:56:29 +0800 Message-ID: <20260303065640.2541884-8-hongxu.jia@windriver.com> In-Reply-To: <20260303065640.2541884-1-hongxu.jia@windriver.com> References: <20260303065640.2541884-1-hongxu.jia@windriver.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	[01/19] btrfs-tools: upgrade 6.17.1 -> 6.19 \| expand [01/19] btrfs-tools: upgrade 6.17.1 -> 6.19 [02/19] ncurses: upgrade 6.5 -> 6.6 [03/19] connman: upgrade 1.45 -> 2.0 [04/19] ell: upgrade 0.81 -> 0.82 [05/19] font-alias: upgrade 1.0.5 -> 1.0.6 [06/19] gn: upgrade to latest revision [07/19] openssl: upgrade 3.5.5 -> 3.6.1 [08/19] python3-cryptography{-vectors}: 46.0.4 -> 46.0.5 [09/19] python3-hypothesis: upgrade 6.151.4 -> 6.151.9 [10/19] python3-markdown: upgrade 3.10.1 -> 3.10.2 [11/19] python3-pip: upgrade 26.0 -> 26.0.1 [12/19] python3-pycparser: upgrade 2.23 -> 3.0 [13/19] python3-pyproject-metadata: upgrade 0.10.0 -> 0.11.0 [14/19] python3-setuptools: upgrade 80.9.0 -> 82.0.0 [15/19] python3-testtools: upgrade 2.8.2 -> 2.8.3 [16/19] python3-trove-classifiers: upgrade 2025.12.1.14 -> 2026.1.14.14 [17/19] python3-uv-build: upgrade 0.9.28 -> 0.10.4 [18/19] python3-xmltodict: upgrade 1.0.2 -> 1.0.3 [19/19] xauth: upgrade 1.1.4 -> 1.1.5

Message ID

20260303065640.2541884-8-hongxu.jia@windriver.com

State

Under Review

Headers

From: Hongxu Jia <hongxu.jia@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Subject: [PATCH 08/19] python3-cryptography{-vectors}: 46.0.4 -> 46.0.5
Date: Tue, 3 Mar 2026 14:56:29 +0800
Message-ID: <20260303065640.2541884-8-hongxu.jia@windriver.com>
In-Reply-To: <20260303065640.2541884-1-hongxu.jia@windriver.com>
References: <20260303065640.2541884-1-hongxu.jia@windriver.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Series

[01/19] btrfs-tools: upgrade 6.17.1 -> 6.19 | expand

Commit Message

Hongxu Jia March 3, 2026, 6:56 a.m. UTC

46.0.5 - 2026-02-10 [1]

- An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to XlabAI Team of Tencent Xuanwu Lab and Atuin
  Automated Vulnerability Discovery Engine for reporting the issue. CVE-2026-26007

- Support for SECT* binary elliptic curves is deprecated and will be removed in
  the next release.

[1] https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst#4605---2026-02-10

Backport 0001-bump-uv_build-to-0.10.0-14271.patch to fix compile failure
...
| ERROR Missing dependencies:
|       uv_build<0.10.0,>=0.7.19
| WARNING: exit code 1 from a shell command.
...

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 .../python/python3-cryptography-common.inc    |  2 +-
 .../python/python3-cryptography-vectors.bb    |  6 +++--
 .../0001-bump-uv_build-to-0.10.0-14271.patch  | 27 +++++++++++++++++++
 ...ml-bump-uv_build-version-requirement.patch |  4 +--
 .../python/python3-cryptography.bb            |  2 +-
 ...toml-remove-benchmark-disable-option.patch |  4 +--
 6 files changed, 37 insertions(+), 8 deletions(-)
 create mode 100644 meta/recipes-devtools/python/python3-cryptography-vectors/0001-bump-uv_build-to-0.10.0-14271.patch

Comments

patchtest@automation.yoctoproject.org March 3, 2026, 7:16 a.m. UTC | #1

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch /home/patchtest/share/mboxes/08-19-python3-cryptography--vectors-46.0.4---46.0.5.patch

FAIL: test CVE tag format: Missing or incorrectly formatted CVE tag in patch file. Correct or include the CVE tag in the patch with format: "CVE: CVE-YYYY-XXXX" (test_patch.TestPatch.test_cve_tag_format)

PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test Signed-off-by presence (test_patch.TestPatch.test_signed_off_by_presence)
PASS: test Upstream-Status presence (test_patch.TestPatch.test_upstream_status_presence_format)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence)
PASS: test commit message user tags (test_mbox.TestMbox.test_commit_message_user_tags)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)
PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list)

SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint)
SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

diff --git a/meta/recipes-devtools/python/python3-cryptography-common.inc b/meta/recipes-devtools/python/python3-cryptography-common.inc
index 789ce89e53..4e4434bd66 100644
--- a/meta/recipes-devtools/python/python3-cryptography-common.inc
+++ b/meta/recipes-devtools/python/python3-cryptography-common.inc
@@ -3,4 +3,4 @@ 
 #
 # Additionally AUH will detect that they share this .inc file and
 # perform a lockstep upgrade for both.
-PV = "46.0.4"
+PV = "46.0.5"
diff --git a/meta/recipes-devtools/python/python3-cryptography-vectors.bb b/meta/recipes-devtools/python/python3-cryptography-vectors.bb
index 1408b6b010..3ed3160072 100644
--- a/meta/recipes-devtools/python/python3-cryptography-vectors.bb
+++ b/meta/recipes-devtools/python/python3-cryptography-vectors.bb
@@ -9,8 +9,10 @@  LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \
 # NOTE: Make sure to keep this recipe at the same version as python3-cryptography
 #       Upgrade both recipes at the same time
 require python3-cryptography-common.inc
-SRC_URI += "file://0001-pyproject.toml-bump-uv_build-version-requirement.patch"
-SRC_URI[sha256sum] = "fb8e489f5688d9751fd9631d4be0a0df3275698e78d6d753c1b8cf3ce4127c78"
+SRC_URI += "file://0001-pyproject.toml-bump-uv_build-version-requirement.patch \
+            file://0001-bump-uv_build-to-0.10.0-14271.patch \
+"
+SRC_URI[sha256sum] = "ffbccee9455201c01b37c63d65d9f83b362d40c2bed9caac248ebbdfa4e4fc7c"
 
 PYPI_PACKAGE = "cryptography_vectors"
 UPSTREAM_CHECK_PYPI_PACKAGE = "${PYPI_PACKAGE}"
diff --git a/meta/recipes-devtools/python/python3-cryptography-vectors/0001-bump-uv_build-to-0.10.0-14271.patch b/meta/recipes-devtools/python/python3-cryptography-vectors/0001-bump-uv_build-to-0.10.0-14271.patch
new file mode 100644
index 0000000000..9fa4d1cd47
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-cryptography-vectors/0001-bump-uv_build-to-0.10.0-14271.patch
@@ -0,0 +1,27 @@ 
+From 1f6626557e4766ffa40874984f1e29197ed66eb8 Mon Sep 17 00:00:00 2001
+From: Ridai Govinda Pombo <beholderseye@vivaldi.net>
+Date: Tue, 3 Mar 2026 10:38:12 +0800
+Subject: [PATCH] bump uv_build to 0.10.0 (#14271)
+
+Co-authored-by: Ridai Govinda Pombo <beholders.eye@disroot.org>
+
+Upstream-Status: Backport [https://github.com/pyca/cryptography/commit/14cfa5757461d5c228600fc0104ac0ef08ea15d9]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ pyproject.toml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pyproject.toml b/pyproject.toml
+index f01d2c1..f7af712 100644
+--- a/pyproject.toml
++++ b/pyproject.toml
+@@ -1,5 +1,5 @@
+ [build-system]
+-requires = ["uv_build>=0.7.19,<0.10.0"]
++requires = ["uv_build>=0.7.19,<0.11.0"]
+ build-backend = "uv_build"
+ 
+ [project]
+-- 
+2.34.1
+
diff --git a/meta/recipes-devtools/python/python3-cryptography-vectors/0001-pyproject.toml-bump-uv_build-version-requirement.patch b/meta/recipes-devtools/python/python3-cryptography-vectors/0001-pyproject.toml-bump-uv_build-version-requirement.patch
index 23af7c200d..6faaf1051d 100644
--- a/meta/recipes-devtools/python/python3-cryptography-vectors/0001-pyproject.toml-bump-uv_build-version-requirement.patch
+++ b/meta/recipes-devtools/python/python3-cryptography-vectors/0001-pyproject.toml-bump-uv_build-version-requirement.patch
@@ -1,4 +1,4 @@ 
-From f2f6b2b391a34a10ad5d94f5c8c70c32a72a34a3 Mon Sep 17 00:00:00 2001
+From 6d4c14a2781fb02903fd4d59f638cf72ee370b8d Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex@linutronix.de>
 Date: Thu, 18 Dec 2025 20:20:13 +0100
 Subject: [PATCH] pyproject.toml: bump uv_build version requirement
@@ -10,7 +10,7 @@  Signed-off-by: Alexander Kanavin <alex@linutronix.de>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/pyproject.toml b/pyproject.toml
-index 9beed0d..0c421f3 100644
+index 2ed12a3..f01d2c1 100644
 --- a/pyproject.toml
 +++ b/pyproject.toml
 @@ -1,5 +1,5 @@
diff --git a/meta/recipes-devtools/python/python3-cryptography.bb b/meta/recipes-devtools/python/python3-cryptography.bb
index 036bfd2117..fc5cb50b02 100644
--- a/meta/recipes-devtools/python/python3-cryptography.bb
+++ b/meta/recipes-devtools/python/python3-cryptography.bb
@@ -11,7 +11,7 @@  LDSHARED += "-pthread"
 # NOTE: Make sure to keep this recipe at the same version as python3-cryptography-vectors
 #       Upgrade both recipes at the same time
 require python3-cryptography-common.inc
-SRC_URI[sha256sum] = "bfd019f60f8abc2ed1b9be4ddc21cfef059c841d86d710bb69909a688cbb8f59"
+SRC_URI[sha256sum] = "abace499247268e3757271b2f1e244b36b06f8515cf27c4d49468fc9eb16e93d"
 
 SRC_URI += "file://0001-pyproject.toml-remove-benchmark-disable-option.patch \
             file://check-memfree.py \
diff --git a/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch b/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch
index 866b7a058f..5c2e3c53ba 100644
--- a/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch
+++ b/meta/recipes-devtools/python/python3-cryptography/0001-pyproject.toml-remove-benchmark-disable-option.patch
@@ -1,4 +1,4 @@ 
-From 1fb7785f80037fa1258added61470d0c73fd3222 Mon Sep 17 00:00:00 2001
+From 6d6fbe77732ce3c4d2dcf3a5f75bb20ea352bf4a Mon Sep 17 00:00:00 2001
 From: Mingli Yu <mingli.yu@windriver.com>
 Date: Tue, 17 May 2022 17:22:48 +0800
 Subject: [PATCH] pyproject.toml: remove --benchmark-disable option
@@ -26,7 +26,7 @@  Signed-off-by: Tim Orling <tim.orling@konsulko.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/pyproject.toml b/pyproject.toml
-index b3d8c31..6593057 100644
+index 95ced11..75bfcbb 100644
 --- a/pyproject.toml
 +++ b/pyproject.toml
 @@ -134,7 +134,7 @@ exclude = [