From: Ankur Tyagi <[email protected]> Details: https://nvd.nist.gov/vuln/detail/CVE-2026-22702
Signed-off-by: Ankur Tyagi <[email protected]> --- .../python3-virtualenv/CVE-2026-22702.patch | 60 +++++++++++++++++++ .../python/python3-virtualenv_20.25.3.bb | 4 +- 2 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 meta-python/recipes-devtools/python/python3-virtualenv/CVE-2026-22702.patch diff --git a/meta-python/recipes-devtools/python/python3-virtualenv/CVE-2026-22702.patch b/meta-python/recipes-devtools/python/python3-virtualenv/CVE-2026-22702.patch new file mode 100644 index 0000000000..30f177b4d7 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-virtualenv/CVE-2026-22702.patch @@ -0,0 +1,60 @@ +From c57ef93ee6f63129d20b24e71a6ddab1c75752b7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bern=C3=A1t=20G=C3=A1bor?= <[email protected]> +Date: Fri, 9 Jan 2026 10:19:39 -0800 +Subject: [PATCH] Merge pull request #3013 from gaborbernat/fix-sec + +CVE: CVE-2026-22702 +Upstream-Status: Backport [https://github.com/pypa/virtualenv/commit/dec4cec5d16edaf83a00a658f32d1e032661cebc] +Signed-off-by: Ankur Tyagi <[email protected]> +--- + src/virtualenv/app_data/__init__.py | 11 +++++------ + src/virtualenv/util/lock.py | 7 +++---- + 2 files changed, 8 insertions(+), 10 deletions(-) + +diff --git a/src/virtualenv/app_data/__init__.py b/src/virtualenv/app_data/__init__.py +index 148c9418..301a00f7 100644 +--- a/src/virtualenv/app_data/__init__.py ++++ b/src/virtualenv/app_data/__init__.py +@@ -34,12 +34,11 @@ def make_app_data(folder, **kwargs): + if is_read_only: + return ReadOnlyAppData(folder) + +- if not os.path.isdir(folder): +- try: +- os.makedirs(folder) +- logging.debug("created app data folder %s", folder) +- except OSError as exception: +- logging.info("could not create app data folder %s due to %r", folder, exception) ++ try: ++ os.makedirs(folder, exist_ok=True) ++ logging.debug("created app data folder %s", folder) ++ except OSError as exception: ++ logging.info("could not create app data folder %s due to %r", folder, exception) + + if os.access(folder, os.W_OK): + return AppDataDiskFolder(folder) +diff --git a/src/virtualenv/util/lock.py b/src/virtualenv/util/lock.py +index b4dc66a3..a28b32f8 100644 +--- a/src/virtualenv/util/lock.py ++++ b/src/virtualenv/util/lock.py +@@ -15,9 +15,8 @@ from filelock import FileLock, Timeout + class _CountedFileLock(FileLock): + def __init__(self, lock_file) -> None: + parent = os.path.dirname(lock_file) +- if not os.path.isdir(parent): +- with suppress(OSError): +- os.makedirs(parent) ++ with suppress(OSError): ++ os.makedirs(parent, exist_ok=True) + + super().__init__(lock_file) + self.count = 0 +@@ -109,7 +108,7 @@ class ReentrantFileLock(PathLockBase): + # a lock, but that lock might then become expensive, and it's not clear where that lock should live. + # Instead here we just ignore if we fail to create the directory. + with suppress(OSError): +- os.makedirs(str(self.path)) ++ os.makedirs(str(self.path), exist_ok=True) + + try: + lock.acquire(0.0001) diff --git a/meta-python/recipes-devtools/python/python3-virtualenv_20.25.3.bb b/meta-python/recipes-devtools/python/python3-virtualenv_20.25.3.bb index a980727dd6..b7dd5729ef 100644 --- a/meta-python/recipes-devtools/python/python3-virtualenv_20.25.3.bb +++ b/meta-python/recipes-devtools/python/python3-virtualenv_20.25.3.bb @@ -8,7 +8,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=0ce089158cf60a8ab6abb452b6405538" SRC_URI[sha256sum] = "7bb554bbdfeaacc3349fa614ea5bff6ac300fc7c335e9facf3a3bcfc703f45be" -SRC_URI += "file://CVE-2024-53899.patch" +SRC_URI += "file://CVE-2024-53899.patch \ + file://CVE-2026-22702.patch \ +" BBCLASSEXTEND = "native nativesdk" inherit pypi python_hatchling
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123472): https://lists.openembedded.org/g/openembedded-devel/message/123472 Mute This Topic: https://lists.openembedded.org/mt/117260250/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
