python-pip: CVE-2021-3572 Incorrect handling of unicode separators in git references

Source: https://github.com/pypa/pip MR: 113864 Type: Security Fix Disposition: Backport from e46bdda971 ChangeID: 717948e217d6219d1f03afb4d984342d7dea4636 Description: CVE-2021-3572 python-pip: Incorrect handling of unicode separators in git references. (From OE-Core rev: 841a8fb5b6351f79a4d756232a544d1a6480c562) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-10 14:02:21 +02:00 · 2022-06-20 10:20:09 +05:30
parent 5582ab6aae
commit 2ae3d43628
2 changed files with 49 additions and 0 deletions
--- a/meta/recipes-devtools/python/python3-pip_20.0.2.bb
+++ b/meta/recipes-devtools/python/python3-pip_20.0.2.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8ba06d529c955048e5ddd7c45459eb2e"

 DEPENDS += "python3 python3-setuptools-native"

+SRC_URI = "file://CVE-2021-3572.patch "
 SRC_URI[md5sum] = "7d42ba49b809604f0df3d55df1c3fd86"
 SRC_URI[sha256sum] = "7db0c8ea4c7ea51c8049640e8e6e7fde949de672bfa4949920675563a5a6967f"