[Buildroot] [PATCH 1/1] package/python3: security bump version to 3.14.4

[Buildroot] [PATCH 1/1] package/python3: security bump version to 3.14.4

[Bernd Kuhls]

https://www.python.org/downloads/release/python-3144/
https://docs.python.org/release/3.14.4/whatsnew/changelog.html

Fixes
CVE 2026-4224: https://www.cve.org/CVERecord?id=CVE-2026-4224
CVE 2026-3644: https://www.cve.org/CVERecord?id=CVE-2026-3644
CVE 2026-2297: https://www.cve.org/CVERecord?id=CVE-2026-2297

Rebased patch 0010 due to upstream commit
https://github.com/python/cpython/commit/616e6118442832544fab0b93e9dd7d15411a2a58

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
 ...-Fix-compilation-of-Modules-_remote_debuggi.patch | 12 ++++++------
 package/python3/python3.hash                         |  4 ++--
 package/python3/python3.mk                           |  2 +-
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/package/python3/0010-gh-139275-Fix-compilation-of-Modules-_remote_debuggi.patch b/package/python3/0010-gh-139275-Fix-compilation-of-Modules-_remote_debuggi.patch
index 716d9d3e8a..b000a68e9b 100644
--- a/package/python3/0010-gh-139275-Fix-compilation-of-Modules-_remote_debuggi.patch
+++ b/package/python3/0010-gh-139275-Fix-compilation-of-Modules-_remote_debuggi.patch
@@ -7,7 +7,7 @@ Subject: [PATCH] gh-139275: Fix compilation of
 
 Upstream: https://github.com/python/cpython/commit/1963e701001839389cfb1b11d803b0743f4705d7
 
-[ Bernd Kuhls: ported to Python 3.14.2]
+[ Bernd Kuhls: ported to Python 3.14.4]
 [ Vincent Fazio: update to apply cleanly to 3.14.3 ]
 Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
 ---
@@ -29,28 +29,28 @@ diff --git a/Modules/_remote_debugging_module.c b/Modules/_remote_debugging_modu
 index b46538b76df..e86a27d5812 100644
 --- a/Modules/_remote_debugging_module.c
 +++ b/Modules/_remote_debugging_module.c
-@@ -812,7 +812,7 @@ _Py_RemoteDebug_GetAsyncioDebugAddress(proc_handle_t* handle)
+@@ -834,7 +834,7 @@ _Py_RemoteDebug_GetAsyncioDebugAddress(proc_handle_t* handle)
          PyErr_SetString(PyExc_RuntimeError, "Failed to find the AsyncioDebug section in the process.");
          _PyErr_ChainExceptions1(exc);
      }
 -#elif defined(__linux__)
 +#elif defined(__linux__) && HAVE_PROCESS_VM_READV
      // On Linux, search for asyncio debug in executable or DLL
-     address = search_linux_map_for_section(handle, "AsyncioDebug", "_asyncio.cpython");
+     address = search_linux_map_for_section(handle, "AsyncioDebug", "_asyncio.cpython", NULL);
      if (address == 0) {
 diff --git a/Python/remote_debug.h b/Python/remote_debug.h
 index 8f9b6cd4c49..b7d17a0f345 100644
 --- a/Python/remote_debug.h
 +++ b/Python/remote_debug.h
-@@ -886,7 +886,7 @@ _Py_RemoteDebug_GetPyRuntimeAddress(proc_handle_t* handle)
+@@ -923,7 +923,7 @@
              handle->pid);
          _PyErr_ChainExceptions1(exc);
      }
 -#elif defined(__linux__)
 +#elif defined(__linux__) && HAVE_PROCESS_VM_READV
      // On Linux, search for 'python' in executable or DLL
-     address = search_linux_map_for_section(handle, "PyRuntime", "python");
-     if (address == 0) {
+     address = search_linux_map_for_section(handle, "PyRuntime", "python",
+                                            _Py_RemoteDebug_ValidatePyRuntimeCookie);
 -- 
 2.47.3
 
diff --git a/package/python3/python3.hash b/package/python3/python3.hash
index b674b589bd..13e2b94336 100644
--- a/package/python3/python3.hash
+++ b/package/python3/python3.hash
@@ -1,4 +1,4 @@
-# From https://www.python.org/downloads/release/python-3143/
-sha256  a97d5549e9ad81fe17159ed02c68774ad5d266c72f8d9a0b5a9c371fe85d902b  Python-3.14.3.tar.xz
+# From https://www.python.org/downloads/release/python-3144/
+sha256  d923c51303e38e249136fc1bdf3568d56ecb03214efdef48516176d3d7faaef8  Python-3.14.4.tar.xz
 # Locally computed
 sha256  b0e25a78cffb43f4d92de8b61ccfa1f1f98ecbc22330b54b5251e7b6ba010231  LICENSE
diff --git a/package/python3/python3.mk b/package/python3/python3.mk
index 07cba7c02d..c71cb0b05b 100644
--- a/package/python3/python3.mk
+++ b/package/python3/python3.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 PYTHON3_VERSION_MAJOR = 3.14
-PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).3
+PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).4
 PYTHON3_SOURCE = Python-$(PYTHON3_VERSION).tar.xz
 PYTHON3_SITE = https://python.org/ftp/python/$(PYTHON3_VERSION)
 PYTHON3_LICENSE = Python-2.0, others
-- 
2.47.3

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] package/python3: security bump version to 3.14.4

[Julien Olivain via buildroot]

On 09/04/2026 15:17, Bernd Kuhls wrote:
> https://www.python.org/downloads/release/python-3144/
> https://docs.python.org/release/3.14.4/whatsnew/changelog.html
> 
> Fixes
> CVE 2026-4224: https://www.cve.org/CVERecord?id=CVE-2026-4224
> CVE 2026-3644: https://www.cve.org/CVERecord?id=CVE-2026-3644
> CVE 2026-2297: https://www.cve.org/CVERecord?id=CVE-2026-2297
> 
> Rebased patch 0010 due to upstream commit
> https://github.com/python/cpython/commit/616e6118442832544fab0b93e9dd7d15411a2a58
> 
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

Applied to master, thanks.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot