[OE-core][PATCH] python3: upgrade 3.14.2 -> 3.14.3

Tue, 17 Feb 2026 14:44:48 -0800 

From: Peter Marko <[email protected]>

>From release notes [1]:

Security
* gh-144125: BytesGenerator will now refuse to serialize (write)
  headers that are unsafely folded or delimited; see
  verify_generated_headers. (Contributed by Bas Bloemsaat and Petr
  Viktorin in gh-121650).
* gh-143935: Fixed a bug in the folding of comments when flattening an
  email message using a modern email policy. Comments consisting of a
  very long sequence of non-foldable characters could trigger a forced
  line wrap that omitted the required leading space on the continuation
  line, causing the remainder of the comment to be interpreted as a new
  header field. This enabled header injection with carefully crafted
  inputs.
* gh-143925: Reject control characters in data: URL media types.
* gh-143919: Reject control characters in http.cookies.Morsel fields
  and values.
* gh-143916: Reject C0 control characters within wsgiref.headers.Headers
  fields, values, and parameters.

[1] https://docs.python.org/3/whatsnew/changelog.html#python-3-14-3-final

Signed-off-by: Peter Marko <[email protected]>
---
 .../python/{python3_3.14.2.bb => python3_3.14.3.bb}             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3_3.14.2.bb => python3_3.14.3.bb} 
(99%)

diff --git a/meta/recipes-devtools/python/python3_3.14.2.bb 
b/meta/recipes-devtools/python/python3_3.14.3.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.14.2.bb
rename to meta/recipes-devtools/python/python3_3.14.3.bb
index 6324151f4e..e475c6e042 100644
--- a/meta/recipes-devtools/python/python3_3.14.2.bb
+++ b/meta/recipes-devtools/python/python3_3.14.3.bb
@@ -39,7 +39,7 @@ SRC_URI:append:class-native = " \
            
file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \
            "
 
-SRC_URI[sha256sum] = 
"ce543ab854bc256b61b71e9b27f831ffd1bfd60a479d639f8be7f9757cf573e9"
+SRC_URI[sha256sum] = 
"a97d5549e9ad81fe17159ed02c68774ad5d266c72f8d9a0b5a9c371fe85d902b"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#231280): 
https://lists.openembedded.org/g/openembedded-core/message/231280
Mute This Topic: https://lists.openembedded.org/mt/117866271/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to