From: Bernd Kuhls <bernd@kuhls.net>
To: buildroot@buildroot.org
Cc: James Hilliard <james.hilliard1@gmail.com>,
Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Subject: [Buildroot] [PATCH 1/1] package/python3: security bump version to 3.14.4
Date: Thu, 9 Apr 2026 15:17:27 +0200 [thread overview]
Message-ID: <20260409131728.278764-1-bernd@kuhls.net> (raw)
https://www.python.org/downloads/release/python-3144/
https://docs.python.org/release/3.14.4/whatsnew/changelog.html
Fixes
CVE 2026-4224: https://www.cve.org/CVERecord?id=CVE-2026-4224
CVE 2026-3644: https://www.cve.org/CVERecord?id=CVE-2026-3644
CVE 2026-2297: https://www.cve.org/CVERecord?id=CVE-2026-2297
Rebased patch 0010 due to upstream commit
https://github.com/python/cpython/commit/616e6118442832544fab0b93e9dd7d15411a2a58
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
...-Fix-compilation-of-Modules-_remote_debuggi.patch | 12 ++++++------
package/python3/python3.hash | 4 ++--
package/python3/python3.mk | 2 +-
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/package/python3/0010-gh-139275-Fix-compilation-of-Modules-_remote_debuggi.patch b/package/python3/0010-gh-139275-Fix-compilation-of-Modules-_remote_debuggi.patch
index 716d9d3e8a..b000a68e9b 100644
--- a/package/python3/0010-gh-139275-Fix-compilation-of-Modules-_remote_debuggi.patch
+++ b/package/python3/0010-gh-139275-Fix-compilation-of-Modules-_remote_debuggi.patch
@@ -7,7 +7,7 @@ Subject: [PATCH] gh-139275: Fix compilation of
Upstream: https://github.com/python/cpython/commit/1963e701001839389cfb1b11d803b0743f4705d7
-[ Bernd Kuhls: ported to Python 3.14.2]
+[ Bernd Kuhls: ported to Python 3.14.4]
[ Vincent Fazio: update to apply cleanly to 3.14.3 ]
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
@@ -29,28 +29,28 @@ diff --git a/Modules/_remote_debugging_module.c b/Modules/_remote_debugging_modu
index b46538b76df..e86a27d5812 100644
--- a/Modules/_remote_debugging_module.c
+++ b/Modules/_remote_debugging_module.c
-@@ -812,7 +812,7 @@ _Py_RemoteDebug_GetAsyncioDebugAddress(proc_handle_t* handle)
+@@ -834,7 +834,7 @@ _Py_RemoteDebug_GetAsyncioDebugAddress(proc_handle_t* handle)
PyErr_SetString(PyExc_RuntimeError, "Failed to find the AsyncioDebug section in the process.");
_PyErr_ChainExceptions1(exc);
}
-#elif defined(__linux__)
+#elif defined(__linux__) && HAVE_PROCESS_VM_READV
// On Linux, search for asyncio debug in executable or DLL
- address = search_linux_map_for_section(handle, "AsyncioDebug", "_asyncio.cpython");
+ address = search_linux_map_for_section(handle, "AsyncioDebug", "_asyncio.cpython", NULL);
if (address == 0) {
diff --git a/Python/remote_debug.h b/Python/remote_debug.h
index 8f9b6cd4c49..b7d17a0f345 100644
--- a/Python/remote_debug.h
+++ b/Python/remote_debug.h
-@@ -886,7 +886,7 @@ _Py_RemoteDebug_GetPyRuntimeAddress(proc_handle_t* handle)
+@@ -923,7 +923,7 @@
handle->pid);
_PyErr_ChainExceptions1(exc);
}
-#elif defined(__linux__)
+#elif defined(__linux__) && HAVE_PROCESS_VM_READV
// On Linux, search for 'python' in executable or DLL
- address = search_linux_map_for_section(handle, "PyRuntime", "python");
- if (address == 0) {
+ address = search_linux_map_for_section(handle, "PyRuntime", "python",
+ _Py_RemoteDebug_ValidatePyRuntimeCookie);
--
2.47.3
diff --git a/package/python3/python3.hash b/package/python3/python3.hash
index b674b589bd..13e2b94336 100644
--- a/package/python3/python3.hash
+++ b/package/python3/python3.hash
@@ -1,4 +1,4 @@
-# From https://www.python.org/downloads/release/python-3143/
-sha256 a97d5549e9ad81fe17159ed02c68774ad5d266c72f8d9a0b5a9c371fe85d902b Python-3.14.3.tar.xz
+# From https://www.python.org/downloads/release/python-3144/
+sha256 d923c51303e38e249136fc1bdf3568d56ecb03214efdef48516176d3d7faaef8 Python-3.14.4.tar.xz
# Locally computed
sha256 b0e25a78cffb43f4d92de8b61ccfa1f1f98ecbc22330b54b5251e7b6ba010231 LICENSE
diff --git a/package/python3/python3.mk b/package/python3/python3.mk
index 07cba7c02d..c71cb0b05b 100644
--- a/package/python3/python3.mk
+++ b/package/python3/python3.mk
@@ -5,7 +5,7 @@
################################################################################
PYTHON3_VERSION_MAJOR = 3.14
-PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).3
+PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).4
PYTHON3_SOURCE = Python-$(PYTHON3_VERSION).tar.xz
PYTHON3_SITE = https://python.org/ftp/python/$(PYTHON3_VERSION)
PYTHON3_LICENSE = Python-2.0, others
--
2.47.3
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next reply other threads:[~2026-04-09 13:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-09 13:17 Bernd Kuhls [this message]
2026-04-09 19:44 ` [Buildroot] [PATCH 1/1] package/python3: security bump version to 3.14.4 Julien Olivain via buildroot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260409131728.278764-1-bernd@kuhls.net \
--to=bernd@kuhls.net \
--cc=buildroot@buildroot.org \
--cc=james.hilliard1@gmail.com \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox