mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-12 13:53:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

python3-requests: backport fix for CVE-2026-25645

Browse Source 
When unpacking zip files requests uses predictable paths. Backport a fix
to use randomly generated pathnames to mitigate injection attacks.

(From OE-Core rev: b23ec9773d67f8767904731afa86fe5ede08f97f)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe846d71b647fb06e6a87cb45a2dd9b0889e2891)
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Ross Burton
2026-05-07 10:50:26 -07:00
committed by Paul Barker
parent 3758595c3e
commit 1a099cb1fa
2 changed files with 49 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
meta/recipes-devtools/python/python3-requests_2.32.4.bb
View File

@@ -3,13 +3,12 @@ HOMEPAGE = "https://requests.readthedocs.io"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658"
SRC_URI:append:class-nativesdk = " \
file://environment.d-python3-requests.sh \
"
inherit pypi python_setuptools_build_meta
SRC_URI[sha256sum] = "27d0316682c8a29834d3264820024b62a36942083d52caf2f14c0591336d3422"
inherit pypi python_setuptools_build_meta
SRC_URI += "file://CVE-2026-25645.patch"
SRC_URI:append:class-nativesdk = " file://environment.d-python3-requests.sh"
do_install:append:class-nativesdk() {
mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d