poky: reset subtree on master HEAD(a88251b3e7)

As part of the last subtree update, I used master-next as the
subtree basis because there was a fix we needed in order to get QEMU
to pass.  I didn't realize that master-next deviated (because they use
to just have short-term patches in it).  Reset the content to the same
fix but from the master branch.

Change-Id: Ic7d2f0ac42e9da3eb263586b26ba56d8798d5bcf
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

17 files changed, 249 insertions, 101 deletions

diff --git a/poky/meta/classes-global/sstate.bbclass b/poky/meta/classes-global/sstate.bbclass
index 96655ff24f..04539bbb99 100644
--- a/poky/meta/classes-global/sstate.bbclass
+++ b/poky/meta/classes-global/sstate.bbclass
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: MIT
 #
 
-SSTATE_VERSION = "11"
+SSTATE_VERSION = "12"
 
 SSTATE_ZSTD_CLEVEL ??= "8"
 
diff --git a/poky/meta/conf/abi_version.conf b/poky/meta/conf/abi_version.conf
index b6643ea60b..13c2c45b42 100644
--- a/poky/meta/conf/abi_version.conf
+++ b/poky/meta/conf/abi_version.conf
@@ -12,4 +12,4 @@ OELAYOUT_ABI = "15"
 # a reset of the equivalence, for example when reproducibility issues break the
 # existing match data. Distros can also append to this value for the same effect.
 #
-HASHEQUIV_HASH_VERSION  = "15"
+HASHEQUIV_HASH_VERSION  = "16"
diff --git a/poky/meta/conf/layer.conf b/poky/meta/conf/layer.conf
index efbf2610f9..f2bca0aa5b 100644
--- a/poky/meta/conf/layer.conf
+++ b/poky/meta/conf/layer.conf
@@ -7,12 +7,12 @@ BBFILE_COLLECTIONS += "core"
 BBFILE_PATTERN_core = "^${LAYERDIR}/"
 BBFILE_PRIORITY_core = "5"
 
-LAYERSERIES_CORENAMES = "scarthgap"
+LAYERSERIES_CORENAMES = "scarthgap styhead"
 
 # This should only be incremented on significant changes that will
 # cause compatibility issues with other layers
 LAYERVERSION_core = "15"
-LAYERSERIES_COMPAT_core = "scarthgap"
+LAYERSERIES_COMPAT_core = "styhead"
 
 BBLAYERS_LAYERINDEX_NAME_core = "openembedded-core"
 
diff --git a/poky/meta/lib/oe/sstatesig.py b/poky/meta/lib/oe/sstatesig.py
index 5950b3e0e6..a46e5502ab 100644
--- a/poky/meta/lib/oe/sstatesig.py
+++ b/poky/meta/lib/oe/sstatesig.py
@@ -431,10 +431,7 @@ def find_siginfo(pn, taskname, taskhashlist, d):
                 actual_hashval = get_hashval(fullpath)
                 if actual_hashval in hashfiles:
                     continue
-                try:
-                    hashfiles[actual_hashval] = {'path':fullpath, 'sstate':True, 'time':get_time(fullpath)}
-                except FileNotFoundError:
-                    bb.warn("Could not obtain mtime for {}".format(fullpath))
+                hashfiles[actual_hashval] = {'path':fullpath, 'sstate':True, 'time':get_time(fullpath)}
 
     return hashfiles
 
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_9.7p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_9.7p1.bb
index 3b0b47097c..d1468c59fc 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh_9.7p1.bb
+++ b/poky/meta/recipes-connectivity/openssh/openssh_9.7p1.bb
@@ -58,6 +58,7 @@ DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)
 # systemd-sshd-socket-mode means installing sshd.socket
 # and systemd-sshd-service-mode corresponding to sshd.service
 PACKAGECONFIG ??= "systemd-sshd-socket-mode"
+PACKAGECONFIG[fido2] = "--with-security-key-builtin,--disable-security-key,libfido2"
 PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
 PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns"
 PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch
new file mode 100644
index 0000000000..8772f716d5
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch
@@ -0,0 +1,120 @@
+From e9d7083e241670332e0443da0f0d4ffb52829f08 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 5 Mar 2024 15:43:53 +0000
+Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3
+
+In TLSv1.3 we create a new session object for each ticket that we send.
+We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
+use then the new session will be added to the session cache. However, if
+early data is not in use (and therefore anti-replay protection is being
+used), then multiple threads could be resuming from the same session
+simultaneously. If this happens and a problem occurs on one of the threads,
+then the original session object could be marked as not_resumable. When we
+duplicate the session object this not_resumable status gets copied into the
+new session object. The new session object is then added to the session
+cache even though it is not_resumable.
+
+Subsequently, another bug means that the session_id_length is set to 0 for
+sessions that are marked as not_resumable - even though that session is
+still in the cache. Once this happens the session can never be removed from
+the cache. When that object gets to be the session cache tail object the
+cache never shrinks again and grows indefinitely.
+
+CVE-2024-2511
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24043)
+
+CVE: CVE-2024-2511
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ssl/ssl_lib.c            |  5 +++--
+ ssl/ssl_sess.c           | 28 ++++++++++++++++++++++------
+ ssl/statem/statem_srvr.c |  5 ++---
+ 3 files changed, 27 insertions(+), 11 deletions(-)
+
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index 4afb43bc86e54..c51529ddab5bb 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -4457,9 +4457,10 @@ void ssl_update_cache(SSL_CONNECTION *s, int mode)
+ 
+     /*
+      * If the session_id_length is 0, we are not supposed to cache it, and it
+-     * would be rather hard to do anyway :-)
++     * would be rather hard to do anyway :-). Also if the session has already
++     * been marked as not_resumable we should not cache it for later reuse.
+      */
+-    if (s->session->session_id_length == 0)
++    if (s->session->session_id_length == 0 || s->session->not_resumable)
+         return;
+ 
+     /*
+diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
+index 3dcc4d81e5bc6..1fa6d17c46863 100644
+--- a/ssl/ssl_sess.c
++++ b/ssl/ssl_sess.c
+@@ -127,16 +127,11 @@ SSL_SESSION *SSL_SESSION_new(void)
+     return ss;
+ }
+ 
+-SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
+-{
+-    return ssl_session_dup(src, 1);
+-}
+-
+ /*
+  * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
+  * ticket == 0 then no ticket information is duplicated, otherwise it is.
+  */
+-SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
++static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
+ {
+     SSL_SESSION *dest;
+ 
+@@ -265,6 +260,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
+     return NULL;
+ }
+ 
++SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
++{
++    return ssl_session_dup_intern(src, 1);
++}
++
++/*
++ * Used internally when duplicating a session which might be already shared.
++ * We will have resumed the original session. Subsequently we might have marked
++ * it as non-resumable (e.g. in another thread) - but this copy should be ok to
++ * resume from.
++ */
++SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
++{
++    SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
++
++    if (sess != NULL)
++        sess->not_resumable = 0;
++
++    return sess;
++}
++
+ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+ {
+     if (len)
+diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
+index 853af8c0aa9f9..d5f0ab091dacc 100644
+--- a/ssl/statem/statem_srvr.c
++++ b/ssl/statem/statem_srvr.c
+@@ -2445,9 +2445,8 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
+      * so the following won't overwrite an ID that we're supposed
+      * to send back.
+      */
+-    if (s->session->not_resumable ||
+-        (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER)
+-         && !s->hit))
++    if (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER)
++            && !s->hit)
+         s->session->session_id_length = 0;
+ 
+     if (usetls13) {
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.2.1.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.2.1.bb
index c7134c54db..d37b68abbb 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_3.2.1.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_3.2.1.bb
@@ -13,6 +13,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0001-Configure-do-not-tweak-mips-cflags.patch \
            file://0001-Added-handshake-history-reporting-when-test-fails.patch \
            file://bti.patch \
+           file://CVE-2024-2511.patch \
            "
 
 SRC_URI:append:class-nativesdk = " \
diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index 6e222dfaa7..4cf55519cc 100644
--- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -26,7 +26,7 @@ inherit core-image setuptools3 features_check
 
 REQUIRED_DISTRO_FEATURES += "xattr"
 
-SRCREV ?= "cf69c6843fb62ab2ebee361f3d1a1141f1a6b01a"
+SRCREV ?= "17723c6e34096a53fb186cc70cfc604bb30da8b9"
 SRC_URI = "git://git.yoctoproject.org/poky;branch=master \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \
diff --git a/poky/meta/recipes-core/kbd/kbd/0001-Remove-non-free-Agafari-fonts.patch b/poky/meta/recipes-core/kbd/kbd/0001-Remove-non-free-Agafari-fonts.patch
new file mode 100644
index 0000000000..de279b55f9
--- /dev/null
+++ b/poky/meta/recipes-core/kbd/kbd/0001-Remove-non-free-Agafari-fonts.patch
@@ -0,0 +1,73 @@
+From b757e6842f9631757f0d1a6b3833aabffa9ffeee Mon Sep 17 00:00:00 2001
+From: Alexey Gladkov <legion@kernel.org>
+Date: Thu, 29 Feb 2024 17:38:37 +0100
+Subject: [PATCH] Remove non-free Agafari fonts
+
+Based on legal analysis, we are removing non-free fonts for now. If we
+can change the license of these fonts, we will return them back.
+
+From: Stanislav Brabec <sbrabec@suse.com>
+Date: Wed, 28 Feb 2024 16:47:54 +0100
+Subject: kbd: Legal problems of Agafari fonts
+
+    The data/consolefonts/README.Ethiopic contains a notice:
+    Agafari:
+      Donated by the Ethiopian Science and Technology Commission
+      <ncic@padis.gn.apc.org> or <ncic@telecom.net.et> and may be redistributed
+      for non-commercial use under Unix environments only.
+
+    According to our legal review, it makes impossible to distribute these
+    fonts as part of any commercial products, and even makes it impossible to
+    distribute kbd sources as part of any commercial product services.
+
+    Additionally, it makes the whole kbd package incompatible with GPL, so the
+    COPYING file (created during build of the tarball) cannot declare GPL
+    version 2. It also violates section 6 of GPL (no further restrictions).
+
+    That is why several GNU/Linux distributions exclude Agafari from the
+    release. To be on a safe side, SUSE even decided to repack any source
+    tarballs before putting it to their servers.
+
+    This was probably reported to the former kbd maintainer about 20 years ago,
+    but nothing changed over years.
+
+    That is why I recommend removing Agafari fonts and removing the reference
+    to them from README.Ethiopic. Alternatively, you can ask the Ethiopian
+    Science and Technology Commission for re-licensing.
+
+Signed-off-by: Alexey Gladkov <legion@kernel.org>
+
+Upstream-Status: Backport [https://github.com/legionus/kbd/commit/b757e6842f9631757f0d1a6b3833aabffa9ffeee]
+
+[do_configure prepend added to remove binary files]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ data/consolefonts/Agafari-12.psfu | Bin 7989 -> 0 bytes
+ data/consolefonts/Agafari-14.psfu | Bin 9013 -> 0 bytes
+ data/consolefonts/Agafari-16.psfu | Bin 10037 -> 0 bytes
+ data/consolefonts/README.Ethiopic |   5 -----
+ 4 files changed, 5 deletions(-)
+ delete mode 100644 data/consolefonts/Agafari-12.psfu
+ delete mode 100644 data/consolefonts/Agafari-14.psfu
+ delete mode 100644 data/consolefonts/Agafari-16.psfu
+
+diff --git a/data/consolefonts/README.Ethiopic b/data/consolefonts/README.Ethiopic
+index 7502722..2810797 100644
+--- a/data/consolefonts/README.Ethiopic
++++ b/data/consolefonts/README.Ethiopic
+@@ -14,11 +14,6 @@ Ethiopic fonts:
+      restrictions below:
+ 
+ 
+-Agafari:
+-  Donated by the Ethiopian Science and Technology Commission 
+-  <ncic@padis.gn.apc.org> or <ncic@telecom.net.et> and may be redistributed
+-  for non-commercial use under Unix environments only.
+-
+ Goha and GohaClassic:
+   Donated by Yitna Firdyiwek <ybf2u@virgina.edu> of GohaTibeb Associates
+   and may be redistributed without restriction under the GNU GPL 2.0.
+-- 
+2.30.2
+
diff --git a/poky/meta/recipes-core/kbd/kbd_2.6.4.bb b/poky/meta/recipes-core/kbd/kbd_2.6.4.bb
index 790055aa96..2331b51e59 100644
--- a/poky/meta/recipes-core/kbd/kbd_2.6.4.bb
+++ b/poky/meta/recipes-core/kbd/kbd_2.6.4.bb
@@ -1,9 +1,19 @@
 SUMMARY = "Keytable files and keyboard utilities"
 HOMEPAGE = "http://www.kbd-project.org/"
 DESCRIPTION = "The kbd project contains tools for managing Linux console (Linux console, virtual terminals, keyboard, etc.) – mainly, what they do is loading console fonts and keyboard maps."
-# everything minus console-fonts is GPL-2.0-or-later
-LICENSE = "GPL-2.0-or-later"
-LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+# consolefonts and keymaps contain also some public domain and author notice licenses
+LICENSE = "GPL-2.0-or-later & LGPL-2.0-or-later & GPL-3.0-or-later"
+LIC_FILES_CHKSUM = " \
+    file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+    file://data/keymaps/pine/en.map;beginline=2;endline=15;md5=20914a59c0546a7b77ebf959bc88ad5d \
+"
+LICENSE:${PN} = "GPL-2.0-or-later & LGPL-2.0-or-later"
+LICENSE:${PN}-consolefonts = "GPL-2.0-or-later"
+LICENSE:${PN}-consoletrans = "GPL-2.0-or-later"
+LICENSE:${PN}-keymaps-pine = "GPL-3.0-or-later"
+LICENSE:${PN}-keymaps = "GPL-2.0-or-later"
+LICENSE:${PN}-unimaps = "GPL-2.0-or-later"
 
 inherit autotools gettext pkgconfig
 
@@ -14,6 +24,7 @@ RPROVIDES:${PN} = "console-tools"
 RCONFLICTS:${PN} = "console-tools"
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/${BP}.tar.xz \
+           file://0001-Remove-non-free-Agafari-fonts.patch \
            "
 
 SRC_URI[sha256sum] = "519f8d087aecca7e0a33cd084bef92c066eb19731666653dcc70c9d71aa40926"
@@ -24,13 +35,22 @@ PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
 
 PACKAGECONFIG[pam] = "--enable-vlock, --disable-vlock, libpam,"
 
-PACKAGES += "${PN}-consolefonts ${PN}-keymaps ${PN}-unimaps ${PN}-consoletrans"
+PACKAGES += "${PN}-consolefonts ${PN}-keymaps-pine ${PN}-keymaps ${PN}-unimaps ${PN}-consoletrans"
 
 FILES:${PN}-consolefonts = "${datadir}/consolefonts"
 FILES:${PN}-consoletrans = "${datadir}/consoletrans"
+FILES:${PN}-keymaps-pine = "${datadir}/keymaps/pine"
 FILES:${PN}-keymaps = "${datadir}/keymaps"
 FILES:${PN}-unimaps = "${datadir}/unimaps"
 
+RRECOMMENDS:${PN}-keymaps = "${PN}-keymaps-pine"
+
+# remove this when upgrading to newer version which has integrated
+# https://github.com/legionus/kbd/commit/b757e6842f9631757f0d1a6b3833aabffa9ffeee
+do_configure:prepend() {
+    rm -rf ${S}/data/consolefonts/Agafari-1*
+}
+
 do_install:append () {
     if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'yes', 'no', d)}" = "yes" ] \
     && [ -f ${D}${sysconfdir}/pam.d/vlock ]; then
diff --git a/poky/meta/recipes-core/meta/buildtools-tarball.bb b/poky/meta/recipes-core/meta/buildtools-tarball.bb
index a5f6bb7aac..92fbda335d 100644
--- a/poky/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/poky/meta/recipes-core/meta/buildtools-tarball.bb
@@ -11,6 +11,8 @@ TOOLCHAIN_HOST_TASK ?= "\
     nativesdk-python3-git \
     nativesdk-python3-jinja2 \
     nativesdk-python3-testtools \
+    nativesdk-python3-pip \
+    nativesdk-python3-setuptools \
     nativesdk-python3-subunit \
     nativesdk-python3-pyyaml \
     nativesdk-python3-websockets \
diff --git a/poky/meta/recipes-devtools/python/python-testtools.inc b/poky/meta/recipes-devtools/python/python-testtools.inc
deleted file mode 100644
index e9dd97ec1c..0000000000
--- a/poky/meta/recipes-devtools/python/python-testtools.inc
+++ /dev/null
@@ -1,27 +0,0 @@
-SUMMARY = "Extensions to the Python standard library unit testing framework"
-HOMEPAGE = "https://pypi.org/project/testtools/"
-SECTION = "devel/python"
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=e2c9d3e8ba7141c83bfef190e0b9379a"
-
-inherit pypi
-
-SRC_URI[sha256sum] = "df6de96010e29ee21f637a147eabf30d50b25e3841dd1d68f93ee89ce77e366c"
-
-DEPENDS += " \
-    python3-pbr \
-    "
-
-# Satisfy setup.py 'setup_requires'
-DEPENDS += " \
-    python3-pbr-native \
-    "
-
-RDEPENDS:${PN} += "\
-    python3-doctest \
-    python3-extras \
-    python3-pbr \
-    python3-six \
-    "
-
-BBCLASSEXTEND = "nativesdk"
diff --git a/poky/meta/recipes-devtools/python/python3-jsonschema-specifications_2023.12.1.bb b/poky/meta/recipes-devtools/python/python3-jsonschema-specifications_2023.12.1.bb
index eb63509fce..4ee0dd9b12 100644
--- a/poky/meta/recipes-devtools/python/python3-jsonschema-specifications_2023.12.1.bb
+++ b/poky/meta/recipes-devtools/python/python3-jsonschema-specifications_2023.12.1.bb
@@ -11,6 +11,6 @@ inherit pypi python_hatchling
 
 PYPI_PACKAGE = "jsonschema_specifications"
 
-DEPENDS += "${PYTHON_PN}-hatch-vcs-native"
+DEPENDS += "python3-hatch-vcs-native"
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-devtools/python/python3-referencing_0.34.0.bb b/poky/meta/recipes-devtools/python/python3-referencing_0.34.0.bb
index 9388fca376..6fbd10d9cf 100644
--- a/poky/meta/recipes-devtools/python/python3-referencing_0.34.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-referencing_0.34.0.bb
@@ -7,7 +7,7 @@ SRC_URI[sha256sum] = "5773bd84ef41799a5a8ca72dc34590c041eb01bf9aa02632b4a973fb01
 
 inherit pypi python_hatchling
 
-DEPENDS += "${PYTHON_PN}-hatch-vcs-native"
+DEPENDS += "python3-hatch-vcs-native"
 
 RDEPENDS:${PN} += "python3-rpds-py"
 
diff --git a/poky/meta/recipes-devtools/python/python3-testtools_2.7.1.bb b/poky/meta/recipes-devtools/python/python3-testtools_2.7.1.bb
index 79e46a02de..cc7e055632 100644
--- a/poky/meta/recipes-devtools/python/python3-testtools_2.7.1.bb
+++ b/poky/meta/recipes-devtools/python/python3-testtools_2.7.1.bb
@@ -1,3 +1,20 @@
-inherit setuptools3
-require python-testtools.inc
+SUMMARY = "Extensions to the Python standard library unit testing framework"
+HOMEPAGE = "https://pypi.org/project/testtools/"
+SECTION = "devel/python"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=e2c9d3e8ba7141c83bfef190e0b9379a"
+
+DEPENDS += "python3-hatch-vcs-native"
+
+inherit pypi python_hatchling
+
+SRC_URI[sha256sum] = "df6de96010e29ee21f637a147eabf30d50b25e3841dd1d68f93ee89ce77e366c"
+
+RDEPENDS:${PN} += "\
+    python3-doctest \
+    python3-extras \
+    python3-six \
+    "
+
+BBCLASSEXTEND = "nativesdk"
 
diff --git a/poky/meta/recipes-devtools/python/python3/0001-test_xml_etree.py-Fix-for-Expat-2.6.0-with-reparse-d.patch b/poky/meta/recipes-devtools/python/python3/0001-test_xml_etree.py-Fix-for-Expat-2.6.0-with-reparse-d.patch
deleted file mode 100644
index 598ef08cc4..0000000000
--- a/poky/meta/recipes-devtools/python/python3/0001-test_xml_etree.py-Fix-for-Expat-2.6.0-with-reparse-d.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From d07ca7fbd874e230dec4d4c6d650a66ea2a9008e Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Wed, 7 Feb 2024 15:32:45 +0100
-Subject: [PATCH] test_xml_etree.py: Fix for Expat >=2.6.0 with reparse
- deferral
-
-Upstream-Status: Submitted [https://github.com/python/cpython/pull/115138]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- Lib/test/test_xml_etree.py                             | 10 ++++++----
- .../2024-02-07-15-49-37.gh-issue-115133.WBajNr.rst     |  1 +
- 2 files changed, 7 insertions(+), 4 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Tests/2024-02-07-15-49-37.gh-issue-115133.WBajNr.rst
-
-diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py
-index b50898f..4578367 100644
---- a/Lib/test/test_xml_etree.py
-+++ b/Lib/test/test_xml_etree.py
-@@ -1403,6 +1403,7 @@ class XMLPullParserTest(unittest.TestCase):
-     def test_simple_xml(self):
-         for chunk_size in (None, 1, 5):
-             with self.subTest(chunk_size=chunk_size):
-+                expected_events = []
-                 parser = ET.XMLPullParser()
-                 self.assert_event_tags(parser, [])
-                 self._feed(parser, "<!-- comment -->\n", chunk_size)
-@@ -1412,16 +1413,17 @@ class XMLPullParserTest(unittest.TestCase):
-                            chunk_size)
-                 self.assert_event_tags(parser, [])
-                 self._feed(parser, ">\n", chunk_size)
--                self.assert_event_tags(parser, [('end', 'element')])
-+                expected_events += [('end', 'element')]
-                 self._feed(parser, "<element>text</element>tail\n", chunk_size)
-                 self._feed(parser, "<empty-element/>\n", chunk_size)
--                self.assert_event_tags(parser, [
-+                expected_events += [
-                     ('end', 'element'),
-                     ('end', 'empty-element'),
--                    ])
-+                    ]
-                 self._feed(parser, "</root>\n", chunk_size)
--                self.assert_event_tags(parser, [('end', 'root')])
-+                expected_events += [('end', 'root')]
-                 self.assertIsNone(parser.close())
-+                self.assert_event_tags(parser, expected_events)
- 
-     def test_feed_while_iterating(self):
-         parser = ET.XMLPullParser()
-diff --git a/Misc/NEWS.d/next/Tests/2024-02-07-15-49-37.gh-issue-115133.WBajNr.rst b/Misc/NEWS.d/next/Tests/2024-02-07-15-49-37.gh-issue-115133.WBajNr.rst
-new file mode 100644
-index 0000000..4dc9c13
---- /dev/null
-+++ b/Misc/NEWS.d/next/Tests/2024-02-07-15-49-37.gh-issue-115133.WBajNr.rst
-@@ -0,0 +1 @@
-+Fix etree XMLPullParser tests for Expat >=2.6.0 with reparse deferral
diff --git a/poky/meta/recipes-devtools/python/python3_3.12.2.bb b/poky/meta/recipes-devtools/python/python3_3.12.3.bb
index f837f05af4..b49a58a101 100644
--- a/poky/meta/recipes-devtools/python/python3_3.12.2.bb
+++ b/poky/meta/recipes-devtools/python/python3_3.12.3.bb
@@ -30,14 +30,13 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://0001-skip-no_stdout_fileno-test-due-to-load-variability.patch \
            file://0001-test_storlines-skip-due-to-load-variability.patch \
            file://0001-gh-114492-Initialize-struct-termios-before-calling-t.patch \
-           file://0001-test_xml_etree.py-Fix-for-Expat-2.6.0-with-reparse-d.patch \
            "
 
 SRC_URI:append:class-native = " \
            file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \
            "
 
-SRC_URI[sha256sum] = "be28112dac813d2053545c14bf13a16401a21877f1a69eb6ea5d84c4a0f3d870"
+SRC_URI[sha256sum] = "56bfef1fdfc1221ce6720e43a661e3eb41785dd914ce99698d8c7896af4bdaa1"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"